-
Notifications
You must be signed in to change notification settings - Fork 139
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into marrobi/issue1204
- Loading branch information
Showing
12 changed files
with
668 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Unrestricted workspace | ||
|
||
The unrestricted workspace template is a workspace template that allows for unrestricted access to the Internet from inside the workspace virtual network. This is useful for working on open data sets where data exfiltration is not a concern. | ||
|
||
This workspace template builds upon the base workspace template by adding additional firewall rules and disabling the airlock. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,5 @@ | ||
# Workspace Templates | ||
|
||
Workspace Templates are located in this folder. These Templates are for the Composition Service to make instances of. | ||
|
||
| Template name | Description | | ||
| --- | --- | | ||
| [base](../../docs/workspace-templates/workspaces/base.md) | A base template that deploys a Resource Group, Virtual network, Subnets ... A good base to extend. | | ||
Workspace Templates are located in this folder. | ||
|
||
To customize or author new Workspace Templates read the [Authoring Workspace Templates](../../docs/tre-workspace-authors/authoring-workspace-templates.md). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# TF backend files | ||
**/*_backend.tf | ||
|
||
Dockerfile.tmpl | ||
terraform/deploy.sh | ||
terraform/destroy.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
ARM_CLIENT_ID="__CHANGE_ME__" | ||
ARM_CLIENT_SECRET="__CHANGE_ME__" | ||
ARM_TENANT_ID="__CHANGE_ME__" | ||
ARM_SUBSCRIPTION_ID="__CHANGE_ME__" | ||
AUTH_TENANT_ID="__CHANGE_ME__" | ||
|
||
# These are passed in if Terraform will create the Workspace AAD Application | ||
REGISTER_AAD_APPLICATION=true | ||
AUTH_CLIENT_ID="__CHANGE_ME__" | ||
AUTH_CLIENT_SECRET="__CHANGE_ME__" | ||
WORKSPACE_OWNER_OBJECT_ID="__CHANGE_ME__" | ||
|
||
# These are passed in if you register the Workspace AAD Application before hand | ||
# REGISTER_AAD_APPLICATION=false | ||
# CLIENT_ID="__CHANGE_ME__" | ||
# CLIENT_SECRET="__CHANGE_ME__" | ||
# WORKSPACE_OWNER_OBJECT_ID="" | ||
|
||
# Used by Porter, aka TRE_RESOURCE_ID | ||
ID="MadeUp123" | ||
SP_ID="" | ||
SCOPE_ID="api://ws_0001" | ||
APP_ROLE_ID_WORKSPACE_OWNER="" | ||
APP_ROLE_ID_WORKSPACE_RESEARCHER="" | ||
APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER="" | ||
ADDRESS_SPACE="10.2.8.0/24" | ||
SHARED_STORAGE_QUOTA=50 | ||
ENABLE_LOCAL_DEBUGGING=true | ||
|
||
AAD_REDIRECT_URIS="W10=" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# We need azurecli 2.37+ which doesn't exist for strech so the minimum is buster | ||
FROM debian:buster-slim | ||
|
||
ARG BUNDLE_DIR | ||
|
||
ARG AZURE_TRE_VERSION="0.4.2" | ||
|
||
RUN apt-get update \ | ||
&& apt-get install --no-install-recommends jq ca-certificates curl -y \ | ||
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* | ||
|
||
WORKDIR $BUNDLE_DIR | ||
|
||
RUN curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \ | ||
&& tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ | ||
&& rm -rf azuretre.tar.gz | ||
|
||
# This is a template Dockerfile for the bundle's invocation image | ||
# You can customize it to use different base images, install tools and copy configuration files. | ||
# | ||
# Porter will use it as a template and append lines to it for the mixins | ||
# and to set the CMD appropriately for the CNAB specification. | ||
# | ||
# Add the following line to porter.yaml to instruct Porter to use this template | ||
# dockerfile: Dockerfile.tmpl | ||
|
||
# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line | ||
# another location in this file. If you remove that line, the mixins generated content is appended to this file. | ||
# PORTER_MIXINS | ||
|
||
# Use the BUNDLE_DIR build argument to copy files into the bundle | ||
|
||
COPY . $BUNDLE_DIR | ||
|
||
# Mirror plugins to prevent network access at runtime | ||
# Remove when available from https://github.com/getporter/terraform-mixin/issues/90 | ||
WORKDIR $BUNDLE_DIR/terraform | ||
RUN terraform init -backend=false \ | ||
&& terraform providers mirror /usr/local/share/terraform/plugins | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
{ | ||
"schemaVersion": "1.0.0-DRAFT+TODO", | ||
"name": "base", | ||
"created": "2021-06-04T13:37:29.5071039+03:00", | ||
"modified": "2021-06-04T13:37:29.5071039+03:00", | ||
"parameters": [ | ||
{ | ||
"name": "address_space", | ||
"source": { | ||
"env": "ADDRESS_SPACE" | ||
} | ||
}, | ||
{ | ||
"name": "azure_location", | ||
"source": { | ||
"env": "LOCATION" | ||
} | ||
}, | ||
{ | ||
"name": "tre_id", | ||
"source": { | ||
"env": "TRE_ID" | ||
} | ||
}, | ||
{ | ||
"name": "id", | ||
"source": { | ||
"env": "ID" | ||
} | ||
}, | ||
{ | ||
"name": "tfstate_container_name", | ||
"source": { | ||
"env": "TERRAFORM_STATE_CONTAINER_NAME" | ||
} | ||
}, | ||
{ | ||
"name": "tfstate_resource_group_name", | ||
"source": { | ||
"env": "MGMT_RESOURCE_GROUP_NAME" | ||
} | ||
}, | ||
{ | ||
"name": "tfstate_storage_account_name", | ||
"source": { | ||
"env": "MGMT_STORAGE_ACCOUNT_NAME" | ||
} | ||
}, | ||
{ | ||
"name": "shared_storage_quota", | ||
"source": { | ||
"env": "SHARED_STORAGE_QUOTA" | ||
} | ||
}, | ||
{ | ||
"name": "enable_local_debugging", | ||
"source": { | ||
"env": "ENABLE_LOCAL_DEBUGGING" | ||
} | ||
}, | ||
{ | ||
"name": "register_aad_application", | ||
"source": { | ||
"env": "REGISTER_AAD_APPLICATION" | ||
} | ||
}, | ||
{ | ||
"name": "client_id", | ||
"source": { | ||
"env": "CLIENT_ID" | ||
} | ||
}, | ||
{ | ||
"name": "client_secret", | ||
"source": { | ||
"env": "CLIENT_SECRET" | ||
} | ||
}, | ||
{ | ||
"name": "scope_id", | ||
"source": { | ||
"env": "SCOPE_ID" | ||
} | ||
}, | ||
{ | ||
"name": "workspace_owner_object_id", | ||
"source": { | ||
"env": "WORKSPACE_OWNER_OBJECT_ID" | ||
} | ||
}, | ||
{ | ||
"name": "sp_id", | ||
"source": { | ||
"env": "SP_ID" | ||
} | ||
}, | ||
{ | ||
"name": "app_role_id_workspace_owner", | ||
"source": { | ||
"env": "APP_ROLE_ID_WORKSPACE_OWNER" | ||
} | ||
}, | ||
{ | ||
"name": "app_role_id_workspace_researcher", | ||
"source": { | ||
"env": "APP_ROLE_ID_WORKSPACE_RESEARCHER" | ||
} | ||
}, | ||
{ | ||
"name": "app_role_id_workspace_airlock_manager", | ||
"source": { | ||
"env": "APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER" | ||
} | ||
}, | ||
{ | ||
"name": "aad_redirect_uris", | ||
"source": { | ||
"env": "AAD_REDIRECT_URIS" | ||
} | ||
}, | ||
{ | ||
"name": "app_service_plan_sku", | ||
"source": { | ||
"env": "APP_SERVICE_PLAN_SKU" | ||
} | ||
}, | ||
{ | ||
"name": "enable_airlock", | ||
"source": { | ||
"env": "ENABLE_AIRLOCK" | ||
} | ||
} | ||
] | ||
} |
Oops, something went wrong.