Merge pull request #32 from Barts-Life-Science/benedict-dev

Data Push - ADF Connection

Author: akolensky

.github/workflows/deploy_tre.yml

@@ -4,9 +4,9 @@ name: Deploy Azure TRE
 # It also runs on a schedule, serving as the nightly build
 
 on:  # yamllint disable-line rule:truthy
-#  schedule:
-#    # midnight every day https://crontab.guru/#0_0_*_*_*
-#    - cron: "0 0 * * *"
+  schedule:
+    # midnight every day https://crontab.guru/#0_0_*_*_*
+    - cron: "0 0 * * *"
   push:
     branches: [main]
   workflow_dispatch:

templates/shared_services/adf/.dockerignore

@@ -0,0 +1,8 @@
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Put files here that you don't want copied into your bundle's invocation image
+.gitignore
+**/.terraform/*
+**/*_backend.tf
+Dockerfile.tmpl
+terraform/import_state.sh
+terraform/remove_state.sh

templates/shared_services/adf/Dockerfile.tmpl

@@ -0,0 +1,9 @@
+# syntax=docker/dockerfile-upstream:1.4.0
+FROM --platform=linux/amd64 debian:bullseye-slim
+
+# PORTER_INIT
+
+# PORTER_MIXINS
+
+# Use the BUNDLE_DIR build argument to copy files into the bundle
+COPY --link . ${BUNDLE_DIR}//

templates/shared_services/adf/parameters.json

@@ -0,0 +1,44 @@
+{
+  "schemaType": "ParameterSet",
+  "schemaVersion": "1.0.1",
+  "namespace": "",
+  "name": "tre-shared-service-adf",
+  "parameters": [
+    {
+      "name": "tre_id",
+      "source": {
+        "env": "TRE_ID"
+      }
+    },
+    {
+      "name": "id",
+      "source": {
+        "env": "ID"
+      }
+    },
+    {
+      "name": "tfstate_container_name",
+      "source": {
+        "env": "TERRAFORM_STATE_CONTAINER_NAME"
+      }
+    },
+    {
+      "name": "tfstate_resource_group_name",
+      "source": {
+        "env": "MGMT_RESOURCE_GROUP_NAME"
+      }
+    },
+    {
+      "name": "tfstate_storage_account_name",
+      "source": {
+        "env": "MGMT_STORAGE_ACCOUNT_NAME"
+      }
+    },
+    {
+      "name": "arm_environment",
+      "source": {
+        "env": "ARM_ENVIRONMENT"
+      }
+    }
+  ]
+}

templates/shared_services/adf/porter.yaml

@@ -0,0 +1,81 @@
+---
+schemaVersion: 1.0.0
+name: tre-shared-service-adf
+version: 0.0.2
+description: "An Azure Data Factory workspace service"
+registry: azuretre
+dockerfile: Dockerfile.tmpl
+
+credentials:
+  - name: azure_tenant_id
+    env: ARM_TENANT_ID
+  - name: azure_subscription_id
+    env: ARM_SUBSCRIPTION_ID
+  - name: azure_client_id
+    env: ARM_CLIENT_ID
+  - name: azure_client_secret
+    env: ARM_CLIENT_SECRET
+parameters:
+  - name: tre_id
+    type: string
+
+  # the following are added automatically by the resource processor
+  - name: id
+    type: string
+    description: "Resource ID"
+    env: id
+  - name: tfstate_resource_group_name
+    type: string
+    description: "Resource group containing the Terraform state storage account"
+  - name: tfstate_storage_account_name
+    type: string
+    description: "The name of the Terraform state storage account"
+  - name: tfstate_container_name
+    env: tfstate_container_name
+    type: string
+    default: "tfstate"
+    description: "The name of the Terraform state storage container"
+  - name: arm_use_msi
+    env: ARM_USE_MSI
+    type: boolean
+    default: false
+  - name: arm_environment
+    env: ARM_ENVIRONMENT
+    type: string
+    default: "public"
+
+mixins:
+  - exec
+  - terraform:
+      clientVersion: 1.3.6
+
+install:
+  - terraform:
+      description: "Deploy ADF shared service"
+      vars:
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+      backendConfig:
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: tre-shared-service-adf-${ bundle.parameters.id }
+
+upgrade:
+  - exec:
+      description: "Upgrade shared service"
+      command: echo
+      arguments:
+        - "This shared service does not implement upgrade action"
+
+uninstall:
+  - terraform:
+      description: "Tear down adf shared service"
+      vars:
+        tre_id: ${ bundle.parameters.tre_id }
+        tre_resource_id: ${ bundle.parameters.id }
+      backendConfig:
+        resource_group_name: ${ bundle.parameters.tfstate_resource_group_name }
+        storage_account_name: ${ bundle.parameters.tfstate_storage_account_name }
+        container_name: ${ bundle.parameters.tfstate_container_name }
+        key: tre-shared-service-adf-${ bundle.parameters.id }

templates/shared_services/adf/template_schema.json

@@ -0,0 +1,9 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema",
+  "$id": "https://github.com/Barts-Life-Science/AzureTRE/templates/workspace_services/sql/template_schema.json",
+  "type": "object",
+  "title": "ADF Shared Service",
+  "description": "Deploys an ADF and an integration runtime on a managed VNET to the TRE's core",
+  "required": [],
+  "properties": {}
+}

templates/shared_services/adf/terraform/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This script is to create the adf that is used for the data transfer
+# The private endpoint will need approving from the storage account
+# Create the data factory
+data "azurerm_resource_group" "rg" {
+  name = local.core_resource_group_name
+}
+
+resource "azurerm_data_factory" "adf_core" {
+  name                            = "adf-${var.tre_id}"
+  location                        = data.azurerm_resource_group.rg.location
+  resource_group_name             = data.azurerm_resource_group.rg.name
+  managed_virtual_network_enabled = true
+  tags                            = local.tre_shared_service_tags
+}
+
+# Create a managed integration runtime
+resource "azurerm_data_factory_integration_runtime_azure" "adf_ir" {
+  name                    = "adf-ir-${var.tre_id}"
+  data_factory_id         = azurerm_data_factory.adf_core.id
+  location                = data.azurerm_resource_group.rg.location
+  virtual_network_enabled = true
+}
+
+

templates/shared_services/adf/terraform/adf.tf

@@ -0,0 +1,9 @@
+locals {
+  core_vnet                = "vnet-${var.tre_id}"
+  core_resource_group_name = "rg-${var.tre_id}"
+  keyvault_name            = "kv-${var.tre_id}"
+  tre_shared_service_tags = {
+    tre_id                = var.tre_id
+    tre_shared_service_id = var.tre_resource_id
+  }
+}

templates/shared_services/adf/terraform/locals.tf

@@ -0,0 +1,32 @@
+# Azure Provider source and version being used
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=3.23.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "=3.4.3"
+    }
+  }
+
+  backend "azurerm" {}
+}
+
+provider "azurerm" {
+  features {
+    key_vault {
+      # Don't purge on destroy (this would fail due to purge protection being enabled on keyvault)
+      purge_soft_delete_on_destroy               = false
+      purge_soft_deleted_secrets_on_destroy      = false
+      purge_soft_deleted_certificates_on_destroy = false
+      purge_soft_deleted_keys_on_destroy         = false
+      # When recreating an environment, recover any previously soft deleted secrets - set to true by default
+      recover_soft_deleted_key_vaults   = true
+      recover_soft_deleted_secrets      = true
+      recover_soft_deleted_certificates = true
+      recover_soft_deleted_keys         = true
+    }
+  }
+}

templates/shared_services/adf/terraform/main.tf

@@ -0,0 +1,8 @@
+variable "tre_id" {
+  type = string
+}
+
+variable "tre_resource_id" {
+  type        = string
+  description = "Resource ID"
+}

templates/shared_services/adf/terraform/variables.tf

@@ -0,0 +1,9 @@
+# Local .terraform directories
+**/.terraform/*
+
+# TF backend files
+**/*_backend.tf
+
+Dockerfile.tmpl
+terraform/deploy.sh
+terraform/destroy.sh

templates/workspaces/base-adf/.dockerignore

@@ -0,0 +1,33 @@
+ARM_CLIENT_ID="__CHANGE_ME__"
+ARM_CLIENT_SECRET="__CHANGE_ME__"
+ARM_TENANT_ID="__CHANGE_ME__"
+ARM_SUBSCRIPTION_ID="__CHANGE_ME__"
+AUTH_TENANT_ID="__CHANGE_ME__"
+
+# These are passed in if Terraform will create the Workspace AAD Application
+REGISTER_AAD_APPLICATION=true
+CREATE_AAD_GROUPS=true
+AUTH_CLIENT_ID="__CHANGE_ME__"
+AUTH_CLIENT_SECRET="__CHANGE_ME__"
+WORKSPACE_OWNER_OBJECT_ID="__CHANGE_ME__"
+
+# These are passed in if you register the Workspace AAD Application before hand
+# REGISTER_AAD_APPLICATION=false
+# CLIENT_ID="__CHANGE_ME__"
+# CLIENT_SECRET="__CHANGE_ME__"
+# WORKSPACE_OWNER_OBJECT_ID=""
+
+# Used by Porter, aka TRE_RESOURCE_ID
+ID="MadeUp123"
+SP_ID=""
+SCOPE_ID="api://ws_0001"
+APP_ROLE_ID_WORKSPACE_OWNER=""
+APP_ROLE_ID_WORKSPACE_RESEARCHER=""
+APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER=""
+# Complex types are base 64 encoded by resource processor
+ADDRESS_SPACES="WyIxMC4xLjEwLjAvMjQiXQ=="
+SHARED_STORAGE_QUOTA=50
+ENABLE_LOCAL_DEBUGGING=true
+
+AAD_REDIRECT_URIS="W10="
+WORKSPACE_APP_SERVICE_PLAN_SKU=S1

templates/workspaces/base-adf/.env.sample

@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile-upstream:1.4.0
+FROM --platform=linux/amd64 debian:bullseye-slim
+
+# PORTER_INIT
+
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+
+# Git is required for terraform_azurerm_environment_configuration
+RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
+    apt-get update && apt-get install -y git jq --no-install-recommends
+
+# PORTER_MIXINS
+
+# Use the BUNDLE_DIR build argument to copy files into the bundle
+COPY --link . ${BUNDLE_DIR}/