From ffccc84aa40ad8be622eee869af4679db8d8ac2b Mon Sep 17 00:00:00 2001
From: Marcus Robinson <marrobi@microsoft.com>
Date: Fri, 11 Aug 2023 14:18:08 +0100
Subject: [PATCH] Fix ability to debug resource processor locally (#3654)

---
 CHANGELOG.md                                  |  1 +
 core/terraform/json-to-env.sh                 |  4 ++
 core/terraform/outputs.tf                     |  4 ++
 core/version.txt                              |  2 +-
 devops/scripts/setup_local_debugging.sh       | 25 +++++++++
 resource_processor/_version.py                |  2 +-
 resource_processor/shared/config.py           | 14 ++++-
 .../innereye/terraform/.terraform.lock.hcl    | 53 ++++++++++---------
 .../innereye/terraform/main.tf                |  4 ++
 9 files changed, 80 insertions(+), 29 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 30b7baef9d..151aee3310 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ BUG FIXES:
 
 BUG FIXES:
 * Custom actions fail on resources with a pipeline ([#3646](https://github.com/microsoft/AzureTRE/issues/3646))
+* Fix ability to debug resource processor locally ([#3426](https://github.com/microsoft/AzureTRE/issues/4426))
 * Upgrade airlock and unrestricted workspaces to base workspace version 0.12.0 ([#3659](https://github.com/microsoft/AzureTRE/pull/3659))
 
 COMPONENTS:
diff --git a/core/terraform/json-to-env.sh b/core/terraform/json-to-env.sh
index e3fe6c7423..b6c17f534f 100755
--- a/core/terraform/json-to-env.sh
+++ b/core/terraform/json-to-env.sh
@@ -25,6 +25,10 @@ jq -r '
             "path": "keyvault_name",
             "env_var": "KEYVAULT"
         },
+        {
+            "path": "keyvault_uri",
+            "env_var": "KEYVAULT_URI"
+        },
         {
             "path": "azure_tre_fqdn",
             "env_var": "FQDN"
diff --git a/core/terraform/outputs.tf b/core/terraform/outputs.tf
index 5b7b6a0e54..7e02c66aa5 100644
--- a/core/terraform/outputs.tf
+++ b/core/terraform/outputs.tf
@@ -26,6 +26,10 @@ output "keyvault_name" {
   value = azurerm_key_vault.kv.name
 }
 
+output "keyvault_uri" {
+  value = azurerm_key_vault.kv.vault_uri
+}
+
 output "service_bus_resource_id" {
   value = azurerm_servicebus_namespace.sb.id
 }
diff --git a/core/version.txt b/core/version.txt
index 732155f8df..fa3ddd8c5a 100644
--- a/core/version.txt
+++ b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.8.3"
+__version__ = "0.8.4"
diff --git a/devops/scripts/setup_local_debugging.sh b/devops/scripts/setup_local_debugging.sh
index cc5f0e011e..f0a8b6c6ed 100755
--- a/devops/scripts/setup_local_debugging.sh
+++ b/devops/scripts/setup_local_debugging.sh
@@ -13,6 +13,8 @@ private_env_path="./core/private.env"
 : "${AZURE_SUBSCRIPTION_ID?"Check AZURE_SUBSCRIPTION_ID is defined in ${private_env_path}"}"
 : "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID?"Check EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
 : "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
+: "${KEYVAULT_URI?"Check KEYVAULT_URI is defined in ${private_env_path}"}"
+: "${KEYVAULT?"Check KEYVAULT is defined in ${private_env_path}"}"
 
 set -o pipefail
 set -o nounset
@@ -51,6 +53,12 @@ az eventgrid topic update \
   --inbound-ip-rules "${IPADDR}" allow \
   --ids "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID}" "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID}"
 
+echo "Allow data ingestion to App Insights from public  networks not connected through a Private Link Scope"
+az monitor app-insights component update  \
+  --resource-group "${RESOURCE_GROUP_NAME}" \
+  --app "appi-${TRE_ID}" \
+  --ingestion-access enabled
+
 
 # Get the object id of the currently logged-in identity
 if [[ -n ${ARM_CLIENT_ID:-} ]]; then
@@ -115,15 +123,32 @@ az role assignment create \
     --assignee "${RP_TESTING_SP_APP_ID}" \
     --scope "${SERVICE_BUS_RESOURCE_ID}"
 
+
+# Assign get permissions on the keyvault
+az keyvault set-policy \
+  --name "${KEYVAULT}" \
+  --spn "${RP_TESTING_SP_APP_ID}" \
+  --secret-permissions get
+
+
 # Write the appId and secret to the private.env file which is used for RP debugging
 # First check if the env vars are there already and delete them
 sed -i '/ARM_CLIENT_ID/d' "${private_env_path}"
 sed -i '/ARM_CLIENT_SECRET/d' "${private_env_path}"
+sed -i '/AAD_TENANT_ID/d' "${private_env_path}"
+sed -i '/APPLICATION_ADMIN_CLIENT_ID/d' "${private_env_path}"
+sed -i '/APPLICATION_ADMIN_CLIENT_SECRET/d' "${private_env_path}"
 
 # Append them to the TRE file so that the Resource Processor can use them
 tee -a "${private_env_path}" <<EOF
 ARM_CLIENT_ID=${RP_TESTING_SP_APP_ID}
 ARM_CLIENT_SECRET=${RP_TESTING_SP_PASSWORD}
+AAD_TENANT_ID=${AAD_TENANT_ID}
+APPLICATION_ADMIN_CLIENT_ID=${APPLICATION_ADMIN_CLIENT_ID}
+APPLICATION_ADMIN_CLIENT_SECRET=${APPLICATION_ADMIN_CLIENT_SECRET}
 EOF
 
+# copy porter configuration to porter home
+cp  ./resource_processor/vmss_porter/config.yaml ~/.porter/config.yaml
+
 echo "Local debugging configuration complete. The vscode debug profiles for the API and Resource Processor are ready to use."
diff --git a/resource_processor/_version.py b/resource_processor/_version.py
index 63af88769b..364e7baed0 100644
--- a/resource_processor/_version.py
+++ b/resource_processor/_version.py
@@ -1 +1 @@
-__version__ = "0.6.3"
+__version__ = "0.6.4"
diff --git a/resource_processor/shared/config.py b/resource_processor/shared/config.py
index af2b731593..1e6a3e5c45 100644
--- a/resource_processor/shared/config.py
+++ b/resource_processor/shared/config.py
@@ -17,7 +17,7 @@ def get_config(logger_adapter) -> dict:
     config["service_bus_namespace"] = os.environ["SERVICE_BUS_FULLY_QUALIFIED_NAMESPACE"]
     config["vmss_msi_id"] = os.environ.get("VMSS_MSI_ID", None)
     config["number_processes"] = os.environ.get("NUMBER_PROCESSES", "1")
-    config["key_vault_url"] = os.environ.get("KEY_VAULT_URL", os.environ.get("KEYVAULT", None))
+    config["key_vault_url"] = os.environ.get("KEY_VAULT_URL", os.environ.get("KEYVAULT_URI", None))
     config["arm_environment"] = os.environ.get("ARM_ENVIRONMENT", "public")
     config["azure_environment"] = os.environ.get("AZURE_ENVIRONMENT", "AzureCloud")
     config["aad_authority_url"] = os.environ.get("AAD_AUTHORITY_URL", "https://login.microsoftonline.com")
@@ -45,6 +45,10 @@ def get_config(logger_adapter) -> dict:
     else:
         config["arm_client_secret"] = ""  # referenced in the credential set
 
+    # when running in vscode devcontainer
+    if "DEVCONTAINER" in os.environ:
+        config["remote_containers_ipc"] = os.environ["REMOTE_CONTAINERS_IPC"]
+
     # Create env dict for porter
     config["porter_env"] = {
         "HOME": os.environ["HOME"],
@@ -69,6 +73,14 @@ def get_config(logger_adapter) -> dict:
             }
         )
 
+    # when running in vscode devcontainer
+    if "DEVCONTAINER" in os.environ:
+        config["porter_env"].update(
+            {
+                "REMOTE_CONTAINERS_IPC": config["remote_containers_ipc"]
+            }
+        )
+
     # Load env vars for bundles
     def envvar_to_key(name: str) -> str:
         return name[len("RP_BUNDLE_"):].lower()
diff --git a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl
index 093801a738..1260ac6c2c 100644
--- a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl
+++ b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl
@@ -21,40 +21,41 @@ provider "registry.terraform.io/hashicorp/azurerm" {
 }
 
 provider "registry.terraform.io/hashicorp/external" {
-  version = "2.2.3"
+  version = "2.3.1"
   hashes = [
-    "h1:uvOYRWcVIqOZSl8YjjaB18yZFz1AWIt2CnK7O45rckg=",
-    "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9",
-    "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c",
-    "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4",
-    "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387",
-    "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a",
-    "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32",
-    "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79",
+    "h1:bROCw6g5D/3fFnWeJ01L4IrdnJl1ILU8DGDgXCtYzaY=",
+    "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54",
+    "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee",
+    "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd",
+    "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2",
+    "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353",
-    "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f",
-    "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a",
-    "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a",
+    "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df",
+    "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e",
+    "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326",
+    "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05",
+    "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8",
+    "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/local" {
-  version = "2.2.3"
+  version     = "2.4.0"
+  constraints = "2.4.0"
   hashes = [
-    "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=",
-    "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0",
-    "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa",
-    "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238",
+    "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
+    "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
+    "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
+    "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797",
-    "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb",
-    "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3",
-    "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c",
-    "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8",
-    "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e",
-    "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9",
-    "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd",
+    "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
+    "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
+    "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
+    "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
+    "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
+    "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
+    "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
+    "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
   ]
 }
 
diff --git a/templates/workspace_services/innereye/terraform/main.tf b/templates/workspace_services/innereye/terraform/main.tf
index d4d5d07e4c..6aadeaf4c8 100644
--- a/templates/workspace_services/innereye/terraform/main.tf
+++ b/templates/workspace_services/innereye/terraform/main.tf
@@ -9,6 +9,10 @@ terraform {
       source  = "hashicorp/random"
       version = "=3.4.2"
     }
+    local = {
+      source  = "hashicorp/local"
+      version = "=2.4.0"
+    }
   }
   backend "azurerm" {
   }