Merge branch 'main' into marrobi/issue3669

CHANGELOG.md

@@ -11,6 +11,7 @@ BUG FIXES:
 
 BUG FIXES:
 * Custom actions fail on resources with a pipeline ([#3646](https://github.com/microsoft/AzureTRE/issues/3646))
+* Fix ability to debug resource processor locally ([#3426](https://github.com/microsoft/AzureTRE/issues/4426))
 * Upgrade airlock and unrestricted workspaces to base workspace version 0.12.0 ([#3659](https://github.com/microsoft/AzureTRE/pull/3659))
 
 COMPONENTS:

core/terraform/json-to-env.sh

@@ -25,6 +25,10 @@ jq -r '
             "path": "keyvault_name",
             "env_var": "KEYVAULT"
         },
+        {
+            "path": "keyvault_uri",
+            "env_var": "KEYVAULT_URI"
+        },
         {
             "path": "azure_tre_fqdn",
             "env_var": "FQDN"

core/terraform/outputs.tf

@@ -26,6 +26,10 @@ output "keyvault_name" {
   value = azurerm_key_vault.kv.name
 }
 
+output "keyvault_uri" {
+  value = azurerm_key_vault.kv.vault_uri
+}
+
 output "service_bus_resource_id" {
   value = azurerm_servicebus_namespace.sb.id
 }

devops/scripts/setup_local_debugging.sh

@@ -13,6 +13,8 @@ private_env_path="./core/private.env"
 : "${AZURE_SUBSCRIPTION_ID?"Check AZURE_SUBSCRIPTION_ID is defined in ${private_env_path}"}"
 : "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID?"Check EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
 : "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
+: "${KEYVAULT_URI?"Check KEYVAULT_URI is defined in ${private_env_path}"}"
+: "${KEYVAULT?"Check KEYVAULT is defined in ${private_env_path}"}"
 
 set -o pipefail
 set -o nounset
@@ -51,6 +53,12 @@ az eventgrid topic update \
   --inbound-ip-rules "${IPADDR}" allow \
   --ids "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID}" "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID}"
 
+echo "Allow data ingestion to App Insights from public  networks not connected through a Private Link Scope"
+az monitor app-insights component update  \
+  --resource-group "${RESOURCE_GROUP_NAME}" \
+  --app "appi-${TRE_ID}" \
+  --ingestion-access enabled
+
 
 # Get the object id of the currently logged-in identity
 if [[ -n ${ARM_CLIENT_ID:-} ]]; then
@@ -115,15 +123,32 @@ az role assignment create \
     --assignee "${RP_TESTING_SP_APP_ID}" \
     --scope "${SERVICE_BUS_RESOURCE_ID}"
 
+
+# Assign get permissions on the keyvault
+az keyvault set-policy \
+  --name "${KEYVAULT}" \
+  --spn "${RP_TESTING_SP_APP_ID}" \
+  --secret-permissions get
+
+
 # Write the appId and secret to the private.env file which is used for RP debugging
 # First check if the env vars are there already and delete them
 sed -i '/ARM_CLIENT_ID/d' "${private_env_path}"
 sed -i '/ARM_CLIENT_SECRET/d' "${private_env_path}"
+sed -i '/AAD_TENANT_ID/d' "${private_env_path}"
+sed -i '/APPLICATION_ADMIN_CLIENT_ID/d' "${private_env_path}"
+sed -i '/APPLICATION_ADMIN_CLIENT_SECRET/d' "${private_env_path}"
 
 # Append them to the TRE file so that the Resource Processor can use them
 tee -a "${private_env_path}" <<EOF
 ARM_CLIENT_ID=${RP_TESTING_SP_APP_ID}
 ARM_CLIENT_SECRET=${RP_TESTING_SP_PASSWORD}
+AAD_TENANT_ID=${AAD_TENANT_ID}
+APPLICATION_ADMIN_CLIENT_ID=${APPLICATION_ADMIN_CLIENT_ID}
+APPLICATION_ADMIN_CLIENT_SECRET=${APPLICATION_ADMIN_CLIENT_SECRET}
 EOF
 
+# copy porter configuration to porter home
+cp  ./resource_processor/vmss_porter/config.yaml ~/.porter/config.yaml
+
 echo "Local debugging configuration complete. The vscode debug profiles for the API and Resource Processor are ready to use."

resource_processor/_version.py

@@ -1 +1 @@
-__version__ = "0.6.3"
+__version__ = "0.6.4"

resource_processor/shared/config.py

@@ -17,7 +17,7 @@ def get_config(logger_adapter) -> dict:
     config["service_bus_namespace"] = os.environ["SERVICE_BUS_FULLY_QUALIFIED_NAMESPACE"]
     config["vmss_msi_id"] = os.environ.get("VMSS_MSI_ID", None)
     config["number_processes"] = os.environ.get("NUMBER_PROCESSES", "1")
-    config["key_vault_url"] = os.environ.get("KEY_VAULT_URL", os.environ.get("KEYVAULT", None))
+    config["key_vault_url"] = os.environ.get("KEY_VAULT_URL", os.environ.get("KEYVAULT_URI", None))
     config["arm_environment"] = os.environ.get("ARM_ENVIRONMENT", "public")
     config["azure_environment"] = os.environ.get("AZURE_ENVIRONMENT", "AzureCloud")
     config["aad_authority_url"] = os.environ.get("AAD_AUTHORITY_URL", "https://login.microsoftonline.com")
@@ -45,6 +45,10 @@ def get_config(logger_adapter) -> dict:
     else:
         config["arm_client_secret"] = ""  # referenced in the credential set
 
+    # when running in vscode devcontainer
+    if "DEVCONTAINER" in os.environ:
+        config["remote_containers_ipc"] = os.environ["REMOTE_CONTAINERS_IPC"]
+
     # Create env dict for porter
     config["porter_env"] = {
         "HOME": os.environ["HOME"],
@@ -69,6 +73,14 @@ def get_config(logger_adapter) -> dict:
             }
         )
 
+    # when running in vscode devcontainer
+    if "DEVCONTAINER" in os.environ:
+        config["porter_env"].update(
+            {
+                "REMOTE_CONTAINERS_IPC": config["remote_containers_ipc"]
+            }
+        )
+
     # Load env vars for bundles
     def envvar_to_key(name: str) -> str:
         return name[len("RP_BUNDLE_"):].lower()

templates/workspace_services/innereye/terraform/main.tf

@@ -9,6 +9,10 @@ terraform {
       source  = "hashicorp/random"
       version = "=3.4.2"
     }
+    local = {
+      source  = "hashicorp/local"
+      version = "=2.4.0"
+    }
   }
   backend "azurerm" {
   }