Merge pull request #1 from microsoft/main

Latest pull from original TRE repo

.devcontainer/Dockerfile

@@ -37,7 +37,7 @@ RUN apt-get update && apt-get install -y ca-certificates curl gnupg lsb-release
     && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
     && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
     | tee /etc/apt/sources.list.d/docker.list > /dev/null \
-    && apt-get update && apt-get install -y docker-ce="5:23.0.3-1~debian.11~bullseye" docker-ce-cli="5:23.0.3-1~debian.11~bullseye" containerd.io="1.6.20-1" docker-buildx-plugin --no-install-recommends \
+    && apt-get update && apt-get install -y docker-ce="5:24.0.0-1~debian.11~bullseye" docker-ce-cli="5:24.0.0-1~debian.11~bullseye" docker-compose-plugin="2.21.0-1~debian.11~bullseye" containerd.io="1.6.24-1" docker-buildx-plugin --no-install-recommends \
     && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 # Install Certbot
@@ -75,7 +75,7 @@ COPY ["airlock_processor/requirements.txt", "/tmp/pip-tmp/airlock_processor/"]
 RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt
 
 # Install azure-cli
-ARG AZURE_CLI_VERSION=2.50.0-1~bullseye
+ARG AZURE_CLI_VERSION=2.57.0-1~bullseye
 COPY .devcontainer/scripts/azure-cli.sh /tmp/
 RUN export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \
     && /tmp/azure-cli.sh

.github/dependabot.yml

@@ -55,3 +55,12 @@ updates:
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
     open-pull-requests-limit: 0
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+    open-pull-requests-limit: 0

.github/workflows/codeql-analysis.yml

@@ -42,12 +42,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
@@ -57,6 +57,6 @@ jobs:
         run: mvn package
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/deploy_tre.yml

@@ -26,6 +26,10 @@ jobs:
     name: "Deploy main"
     if: github.ref == 'refs/heads/main'
     uses: ./.github/workflows/deploy_tre_reusable.yml
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
     with:
       ciGitRef: ${{ github.ref }}
       e2eTestsCustomSelector: >-

.github/workflows/deploy_tre_branch.yml

@@ -58,6 +58,10 @@ jobs:
     if: ${{ github.ref != 'refs/heads/main' }}
     needs: [prepare-not-main]
     uses: ./.github/workflows/deploy_tre_reusable.yml
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
     with:
       ciGitRef: ${{ github.ref }}
       prHeadSha: ${{ github.sha }}

.github/workflows/deploy_tre_reusable.yml

@@ -99,6 +99,9 @@ jobs:
   deploy_management:
     name: Deploy Management
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      contents: read
     environment: ${{ inputs.environmentName }}
     steps:
       - name: Show inputs
@@ -173,7 +176,7 @@ jobs:
 
       - name: Report check status start
         if: inputs.prHeadSha != ''
-        uses: LouisBrunner/checks-action@v1.6.0
+        uses: LouisBrunner/checks-action@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           sha: ${{ inputs.prHeadSha }}
@@ -250,10 +253,10 @@ jobs:
         run: |
           # shellcheck disable=SC2034,SC2015,SC2125
           for i in {1..3}; do
-            az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && ec=0 && break || ec=\$? && sleep 10
+            az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && ec=0 && break || ec="$?" && sleep 10
           done
           # shellcheck disable=SC2242
-          (exit \$ec)
+          (exit "$ec")
 
       - name: Push cached devcontainer
         run: docker image push ${{ env.CI_CACHE_ACR_URI }}/tredev:${{ inputs.DEVCONTAINER_TAG }}
@@ -382,8 +385,6 @@ jobs:
              BUNDLE_DIR: "./templates/workspace_services/guacamole"}
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/azureml"}
-          - {BUNDLE_TYPE: "workspace_service",
-             BUNDLE_DIR: "./templates/workspace_services/innereye"}
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/gitea"}
           - {BUNDLE_TYPE: "workspace_service",
@@ -543,8 +544,6 @@ jobs:
              BUNDLE_DIR: "./templates/workspace_services/guacamole"}
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/azureml"}
-          - {BUNDLE_TYPE: "workspace_service",
-             BUNDLE_DIR: "./templates/workspace_services/innereye"}
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/gitea"}
           - {BUNDLE_TYPE: "workspace_service",
@@ -806,6 +805,9 @@ jobs:
     name: Summary
     needs: [e2e_tests_smoke, e2e_tests_custom]
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      contents: read
     if: always()
     environment: ${{ inputs.environmentName }}
     steps:
@@ -816,7 +818,7 @@ jobs:
       # If prHeadSha is specified then explicity mark the checks for that SHA
       - name: Report check status
         if: inputs.prHeadSha != ''
-        uses: LouisBrunner/checks-action@v1.6.0
+        uses: LouisBrunner/checks-action@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           # the name must be identical to the one received by the real job

.github/workflows/flag_external_pr.yml

@@ -10,6 +10,8 @@ jobs:
   check_author:
     name: Check PR author
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       # Ensure we have the script file for the github-script action to use
       - name: Checkout

.github/workflows/pr_comment_bot.yml

@@ -18,6 +18,10 @@ jobs:
     # - the commenting user has write permissions (i.e. is OWNER or COLLABORATOR)
     if: ${{ github.event.issue.pull_request }}
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      checks: write
+      contents: read
     outputs:
       command: ${{ steps.check_command.outputs.command }}
       prRef: ${{ steps.check_command.outputs.prRef }}
@@ -55,7 +59,7 @@ jobs:
       # and will have to send it "manually"
       - name: Bypass E2E check-runs status
         if: ${{ steps.check_command.outputs.command == 'test-force-approve' }}
-        uses: LouisBrunner/checks-action@v1.6.0
+        uses: LouisBrunner/checks-action@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           # the name must be identical to the one received by the real job
@@ -68,6 +72,8 @@ jobs:
     needs: [pr_comment]
     if: ${{ needs.pr_comment.outputs.command == 'test-destroy-env' }}
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     environment: CICD
     name: Destroy PR env
     steps:
@@ -102,6 +108,8 @@ jobs:
     needs: [pr_comment]
     if: ${{ needs.pr_comment.outputs.command == 'test-destroy-env' && needs.pr_comment.outputs.branchRefId != '' }}
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     environment: CICD
     name: Destroy branch env
     steps:
@@ -142,6 +150,10 @@ jobs:
       needs.pr_comment.outputs.command == 'run-tests-shared-services'
     name: Deploy PR
     uses: ./.github/workflows/deploy_tre_reusable.yml
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
     with:
       prRef: ${{ needs.pr_comment.outputs.prRef }}
       prHeadSha: ${{ needs.pr_comment.outputs.prHeadSha }}

.github/workflows/test_results.yml

@@ -59,3 +59,18 @@ jobs:
               Check the artifacts for details."
             exit 1
           fi
+
+      # For PR builds triggered from comment builds, the GITHUB_REF is set to main
+      # so the checks aren't automatically associated with the PR
+      # If prHeadSha is specified then explicity mark the checks for that SHA
+      - name: Report check status
+        if: github.event.workflow_run.head_sha != ''
+        uses: LouisBrunner/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # the name must be identical to the one received by the real job
+          sha: ${{ github.event.workflow_run.head_sha }}
+          name: "Test Results"
+          status: "completed"
+          conclusion: ${{ github.event.workflow_run.conclusion }}
+          details_url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"

CHANGELOG.md

@@ -16,6 +16,9 @@ BUG FIXES:
 * Fix issue with workspace menu not working correctly([#3819](https://github.com/microsoft/AzureTRE/issues/3819))
 * Fix issue with connect button showing when no uri([#3820](https://github.com/microsoft/AzureTRE/issues/3820))
 * Fix user resource upgrade validation: use the parent_service_template_name instead of the parent_resource_id. ([#3824](https://github.com/microsoft/AzureTRE/issues/3824))
+* Airlock: Creating an import/export request causes a routing error ([#3830](https://github.com/microsoft/AzureTRE/issues/3830))
+* Fix registration of templates with no 'authorizedRoles' or 'required' defined ([#3849](https://github.com/microsoft/AzureTRE/pull/3849))
+* Update terraform for services bus to move network rules into namespace resource to avoid depreciation warning, and update setup_local_debugging.sh to use network_rule_sets ([#3858](https://github.com/microsoft/AzureTRE/pull/3858))
 
 COMPONENTS:
 

airlock_processor/_version.py

@@ -1 +1 @@
-__version__ = "0.7.0"
+__version__ = "0.7.1"

airlock_processor/requirements.txt

@@ -1,5 +1,5 @@
 # Do not include azure-functions-worker as it may conflict with the Azure Functions platform
-azure-core==1.29.5
+azure-core==1.30.0
 azure-functions==1.17.0
 azure-storage-blob==12.19.0
 azure-identity==1.14.1

api_app/_version.py

@@ -1 +1 @@
-__version__ = "0.18.2"
+__version__ = "0.18.5"

api_app/core/config.py

@@ -2,7 +2,11 @@
 from starlette.config import Config
 from _version import __version__
 
-config = Config(".env")
+try:
+    config = Config('.env')
+# Workaround needed until FastAPI uses Starlette >= 3.7.1
+except FileNotFoundError:
+    config = Config()
 
 # API settings
 API_PREFIX = "/api"

api_app/db/repositories/resource_templates.py

@@ -112,8 +112,8 @@ async def create_template(self, template_input: ResourceTemplateInCreate, resour
             "version": template_input.version,
             "resourceType": resource_type,
             "current": template_input.current,
-            "required": template_input.json_schema["required"],
-            "authorizedRoles": template_input.json_schema["authorizedRoles"] if "authorizedRoles" in template_input.json_schema else [],
+            "required": template_input.json_schema.get("required", []),
+            "authorizedRoles": template_input.json_schema.get("authorizedRoles", []),
             "properties": template_input.json_schema["properties"],
             "customActions": template_input.customActions
         }

api_app/requirements.txt

@@ -1,21 +1,21 @@
-aiohttp==3.9.0
-azure-core==1.29.5
+aiohttp==3.9.3
+azure-core==1.30.0
 azure-cosmos==4.5.1
 azure-eventgrid==4.15.0
 azure-identity==1.14.1
 azure-mgmt-compute==30.3.0
 azure-mgmt-cosmosdb==9.3.0
 azure-mgmt-costmanagement==4.0.1
 azure-mgmt-resource==23.0.1
-azure-monitor-opentelemetry==1.1.1
+azure-monitor-opentelemetry==1.2.0
 azure-servicebus==7.11.3
 azure-storage-blob==12.19.0
-fastapi==0.104.0
+fastapi==0.110.0
 fastapi-utils==0.2.1
 gunicorn==21.2.0
 jsonschema[format_nongpl]==4.19.1
-msal==1.22.0
-opentelemetry.instrumentation.logging==0.43b0
+msal==1.26.0
+opentelemetry.instrumentation.logging==0.44b0
 pandas==2.0.3
 PyJWT==2.8.0
 pytz==2022.7

api_app/tests_ma/test_db/test_repositories/test_resource_templates_repository.py

@@ -7,6 +7,7 @@
 from db.errors import EntityDoesNotExist, InvalidInput
 from models.domain.resource import ResourceType
 from models.domain.resource_template import ResourceTemplate
+from models.schemas.workspace_template import WorkspaceTemplateInCreate
 
 
 pytestmark = pytest.mark.asyncio
@@ -33,6 +34,46 @@ def sample_resource_template_as_dict(name: str, version: str = "1.0", resource_t
     ).dict()
 
 
+@patch('db.repositories.resource_templates.ResourceTemplateRepository.save_item')
+@patch('uuid.uuid4')
+async def test_create_workspace_template_succeeds_without_required(uuid_mock, save_item_mock, resource_template_repo):
+    uuid_mock.return_value = "1234"
+    expected_type = ResourceType.Workspace
+    input_workspace_template = WorkspaceTemplateInCreate(
+        name="my-tre-workspace",
+        version="0.0.1",
+        current=True,
+        json_schema={
+            "title": "My Workspace Template",
+            "description": "This is a test workspace template schema.",
+            "properties": {
+                "updateable_property": {
+                    "type": "string",
+                    "title": "Test updateable property",
+                    "updateable": True,
+                },
+            },
+        },
+        customActions=[],
+    )
+    returned_template = await resource_template_repo.create_template(input_workspace_template, expected_type)
+    expected_resource_template = ResourceTemplate(
+        id="1234",
+        name=input_workspace_template.name,
+        title=input_workspace_template.json_schema["title"],
+        description=input_workspace_template.json_schema["description"],
+        version=input_workspace_template.version,
+        resourceType=expected_type,
+        properties=input_workspace_template.json_schema["properties"],
+        customActions=input_workspace_template.customActions,
+        required=[],
+        authorizedRoles=[],
+        current=input_workspace_template.current
+    )
+    save_item_mock.assert_called_once_with(expected_resource_template)
+    assert expected_resource_template == returned_template
+
+
 @patch('db.repositories.resource_templates.ResourceTemplateRepository.query')
 async def test_get_by_name_and_version_queries_db(query_mock, resource_template_repo):
     expected_query = 'SELECT * FROM c WHERE c.resourceType = "workspace" AND c.name = "test" AND c.version = "1.0"'

cli/requirements.txt

@@ -1,11 +1,11 @@
 # if you update this file, update the install_requires in setup.py as well
 click==8.1.3
 httpx~=0.23.0
-msal==1.22.0
+msal==1.26.0
 jmespath==1.0.1
 tabulate==0.9.0
 pygments==2.16.1
 PyJWT==2.8.0
-azure-cli-core==2.50.0
+azure-cli-core==2.57.0
 azure-identity==1.14.1
-aiohttp==3.9.0
+aiohttp==3.9.3

cli/setup.py

@@ -4,7 +4,7 @@
 from setuptools import setup
 
 PROJECT = 'azure-tre-cli'
-VERSION = '0.2.0'
+VERSION = '0.2.2'
 
 try:
     long_description = open('README.md', 'rt').read()
@@ -42,14 +42,14 @@
     install_requires=[
         "click==8.1.3",
         "httpx==0.25.0",
-        "msal==1.22.0",
+        "msal==1.26.0",
         "jmespath==1.0.1",
         "tabulate==0.9.0",
         "pygments==2.16.1",
         "PyJWT==2.8.0",
-        "azure-cli-core==2.50.0",
+        "azure-cli-core==2.57.0",
         "azure-identity==1.14.1",
-        "aiohttp==3.9.0"
+        "aiohttp==3.9.3"
     ],
 
     namespace_packages=[],