cran support in nexus

templates/shared_services/sonatype-nexus-vm/porter.yaml

@@ -1,6 +1,6 @@
 ---
 name: tre-shared-service-sonatype-nexus
-version: 2.1.7
+version: 2.1.8
 description: "A Sonatype Nexus shared service"
 registry: azuretre
 dockerfile: Dockerfile.tmpl

templates/shared_services/sonatype-nexus-vm/scripts/nexus_repos_config/cran_proxy_conf.json

@@ -0,0 +1,32 @@
+{
+  "name": "r-proxy",
+  "online": true,
+  "storage": {
+    "blobStoreName": "default",
+    "strictContentTypeValidation": true,
+    "write_policy": "ALLOW"
+  },
+  "proxy": {
+    "remoteUrl": "https://cran.r-project.org/",
+    "contentMaxAge": 1440,
+    "metadataMaxAge": 1440
+  },
+  "negativeCache": {
+    "enabled": true,
+    "timeToLive": 1440
+  },
+  "httpClient": {
+    "blocked": false,
+    "autoBlock": false,
+    "connection": {
+      "retries": 0,
+      "userAgentSuffix": "string",
+      "timeout": 60,
+      "enableCircularRedirects": false,
+      "enableCookies": false,
+      "useTrustStore": false
+    }
+  },
+  "baseType": "r",
+  "repoType": "proxy"
+}

templates/shared_services/sonatype-nexus-vm/terraform/firewall.tf

@@ -19,4 +19,19 @@ resource "azurerm_firewall_application_rule_collection" "shared_subnet_sonatype_
     target_fqdns     = local.nexus_allowed_fqdns_list
     source_addresses = data.azurerm_subnet.shared.address_prefixes
   }
+
+  rule {
+    name = "windows-vm-crl"
+    protocol {
+      port = "443"
+      type = "Https"
+    }
+    protocol {
+      port = "80"
+      type = "Http"
+    }
+
+    target_fqdns = local.workspace_vm_allowed_fqdns_list
+    source_addresses = data.azurerm_subnet.services.address_prefixes
+  }
 }

templates/shared_services/sonatype-nexus-vm/terraform/locals.tf

@@ -1,8 +1,10 @@
 locals {
   core_vnet                = "vnet-${var.tre_id}"
   core_resource_group_name = "rg-${var.tre_id}"
-  nexus_allowed_fqdns      = "*pypi.org,files.pythonhosted.org,security.ubuntu.com,archive.ubuntu.com,keyserver.ubuntu.com,repo.anaconda.com,*.docker.com,*.docker.io,conda.anaconda.org,azure.archive.ubuntu.com,packages.microsoft.com,repo.almalinux.org,download-ib01.fedoraproject.org"
+  nexus_allowed_fqdns      = "*pypi.org,files.pythonhosted.org,security.ubuntu.com,archive.ubuntu.com,keyserver.ubuntu.com,repo.anaconda.com,*.docker.com,*.docker.io,conda.anaconda.org,azure.archive.ubuntu.com,packages.microsoft.com,repo.almalinux.org,download-ib01.fedoraproject.org,cran.r-project.org,cloud.r-project.org"
   nexus_allowed_fqdns_list = distinct(compact(split(",", replace(local.nexus_allowed_fqdns, " ", ""))))
+  workspace_vm_allowed_fqdns = "r3.o.lencr.org,x1.c.lencr.org,*.digicert.com,ocsp.godaddy.com,crl.godaddy.com"
+  workspace_vm_allowed_fqdns_list = distinct(compact(split(",", replace(local.windows_nexus_allowed_fqdns, " ", ""))))
   storage_account_name     = lower(replace("stg-${var.tre_id}", "-", ""))
   tre_shared_service_tags = {
     tre_id                = var.tre_id

templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/vm_config.sh

@@ -90,3 +90,6 @@ sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plu
 jq -n --arg proxy "${NEXUS_PROXY_URL}:8083" '{"registry-mirrors": [$proxy]}' > /etc/docker/daemon.json
 sudo systemctl daemon-reload
 sudo systemctl restart docker
+
+# R config
+sudo echo -e "local({\n    r <- getOption(\"repos\")\n    r[\"Nexus\"] <- ""${NEXUS_PROXY_URL}\"/repository/r-proxy/\"\n    options(repos = r)\n})" | sudo tee /etc/R/Rprofile.site

templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/vm_config.ps1

@@ -40,3 +40,7 @@ $DaemonConfig = @"
 }
 "@
 $DaemonConfig | Out-File -Encoding Ascii ( New-Item -Path $env:ProgramData\docker\config\daemon.json -Force )
+
+# R config
+$RconfigFilePathWindows = C:\Progra~1\R\R-4.2.1\etc\Rprofile.site
+Add-Content $RconfigFilePathWindows "local({`n    r <- getOption(`"repos`")`n    r[`"Nexus`"] <- `"${NEXUS_PROXY_URL}/repository/r-proxy/`"`n    options(repos = r)`n})"

templates/workspaces/base/porter.yaml

@@ -1,6 +1,6 @@
 ---
 name: tre-workspace-base
-version: 0.3.31
+version: 0.3.32
 description: "A base Azure TRE workspace"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

templates/workspaces/base/terraform/network/security.tf

@@ -125,6 +125,19 @@ resource "azurerm_network_security_rule" "allow_outbound_from_webapp_to_core_web
   source_port_range            = "*"
 }
 
+resource "azurerm_network_security_rule" "allow_outbound_from_subnet" {
+  access                       = "Allow"
+  destination_port_range       = "80"
+  source_address_prefixes      = azurerm_subnet.services.address_prefixes
+  direction                    = "Outbound"
+  name                         = "outbound-workspace-subnets-to-internet-for-crl"
+  network_security_group_name  = azurerm_network_security_group.ws.name
+  priority                     = 101
+  protocol                     = "Tcp"
+  resource_group_name          = var.ws_resource_group_name
+  source_port_range            = "*"
+}
+
 resource "azurerm_network_security_rule" "allow_outbound_webapps_to_services" {
   access = "Allow"
   destination_port_ranges = [