Skip to content

Commit

Permalink
Fix VM actions when workspace storage doesn't allow shared key access (
Browse files Browse the repository at this point in the history
…#4222)

* Fix VM actions when storage doesn't allow shared key access

* revert skip_shutdown_and_force_delete

---------

Co-authored-by: Tamir Kamara <[email protected]>
  • Loading branch information
tamirkamara and Tamir Kamara authored Dec 26, 2024
1 parent a8232c3 commit fd4debf
Show file tree
Hide file tree
Showing 9 changed files with 32 additions and 49 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ BUG FIXES:
* Fix failing tests, .env missing and storage logs ([#4207](https://github.com/microsoft/AzureTRE/issues/4207))
* Unable to delete virtual machines, add skip_shutdown_and_force_delete = true ([#4135](https://github.com/microsoft/AzureTRE/issues/4135))
* Bump terraform version in windows VM template ([#4212](https://github.com/microsoft/AzureTRE/issues/4212))
* Fix VM actions where Workspace shared storage doesn't allow shared key access ([#4222](https://github.com/microsoft/AzureTRE/issues/4222))

COMPONENTS:

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
schemaVersion: 1.0.0
name: tre-service-guacamole-linuxvm
version: 1.2.0
version: 1.2.2
description: "An Azure TRE User Resource Template for Guacamole (Linux)"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,30 @@ data "azurerm_user_assigned_identity" "ws_encryption_identity" {
name = local.encryption_identity_name
resource_group_name = data.azurerm_resource_group.ws.name
}

data "template_file" "get_apt_keys" {
template = file("${path.module}/get_apt_keys.sh")
vars = {
NEXUS_PROXY_URL = local.nexus_proxy_url
}
}

data "template_file" "pypi_sources_config" {
template = file("${path.module}/pypi_sources_config.sh")
vars = {
nexus_proxy_url = local.nexus_proxy_url
}
}

data "template_file" "apt_sources_config" {
template = file("${path.module}/apt_sources_config.yml")
vars = {
nexus_proxy_url = local.nexus_proxy_url
apt_sku = local.apt_sku
}
}

data "azurerm_storage_account" "stg" {
name = local.storage_name
resource_group_name = data.azurerm_resource_group.ws.name
}
Original file line number Diff line number Diff line change
Expand Up @@ -123,36 +123,14 @@ data "template_file" "vm_config" {
STORAGE_ACCOUNT_NAME = data.azurerm_storage_account.stg.name
STORAGE_ACCOUNT_KEY = data.azurerm_storage_account.stg.primary_access_key
HTTP_ENDPOINT = data.azurerm_storage_account.stg.primary_file_endpoint
FILESHARE_NAME = var.shared_storage_access ? data.azurerm_storage_share.shared_storage[0].name : ""
FILESHARE_NAME = var.shared_storage_access ? var.shared_storage_name : ""
NEXUS_PROXY_URL = local.nexus_proxy_url
CONDA_CONFIG = local.selected_image.conda_config ? 1 : 0
VM_USER = random_string.username.result
APT_SKU = replace(local.apt_sku, ".", "")
}
}

data "template_file" "get_apt_keys" {
template = file("${path.module}/get_apt_keys.sh")
vars = {
NEXUS_PROXY_URL = local.nexus_proxy_url
}
}

data "template_file" "pypi_sources_config" {
template = file("${path.module}/pypi_sources_config.sh")
vars = {
nexus_proxy_url = local.nexus_proxy_url
}
}

data "template_file" "apt_sources_config" {
template = file("${path.module}/apt_sources_config.yml")
vars = {
nexus_proxy_url = local.nexus_proxy_url
apt_sku = local.apt_sku
}
}

resource "azurerm_key_vault_secret" "linuxvm_password" {
name = local.vm_password_secret_name
value = "${random_string.username.result}\n${random_password.password.result}"
Expand All @@ -162,17 +140,6 @@ resource "azurerm_key_vault_secret" "linuxvm_password" {
lifecycle { ignore_changes = [tags] }
}

data "azurerm_storage_account" "stg" {
name = local.storage_name
resource_group_name = data.azurerm_resource_group.ws.name
}

data "azurerm_storage_share" "shared_storage" {
count = var.shared_storage_access ? 1 : 0
name = var.shared_storage_name
storage_account_name = data.azurerm_storage_account.stg.name
}

resource "azurerm_dev_test_global_vm_shutdown_schedule" "shutdown_schedule" {
count = var.enable_shutdown_schedule ? 1 : 0

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,6 @@ provider "azurerm" {
recover_soft_deleted_certificates = true
recover_soft_deleted_keys = true
}
virtual_machine {
skip_shutdown_and_force_delete = true
}
}
storage_use_azuread = true
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
schemaVersion: 1.0.0
name: tre-service-guacamole-windowsvm
version: 1.2.0
version: 1.2.2
description: "An Azure TRE User Resource Template for Guacamole (Windows 10)"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,6 @@ data "azurerm_storage_account" "stg" {
resource_group_name = data.azurerm_resource_group.ws.name
}

data "azurerm_storage_share" "shared_storage" {
count = var.shared_storage_access ? 1 : 0
name = var.shared_storage_name
storage_account_name = data.azurerm_storage_account.stg.name
}

data "azurerm_key_vault_key" "ws_encryption_key" {
count = var.enable_cmk_encryption ? 1 : 0
name = local.cmk_name
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,6 @@ provider "azurerm" {
recover_soft_deleted_certificates = true
recover_soft_deleted_keys = true
}
virtual_machine {
skip_shutdown_and_force_delete = true
}
}
storage_use_azuread = true
}
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ resource "azurerm_windows_virtual_machine" "windowsvm" {
StorageAccountName = data.azurerm_storage_account.stg.name
StorageAccountKey = data.azurerm_storage_account.stg.primary_access_key
StorageAccountFileHost = data.azurerm_storage_account.stg.primary_file_host
FileShareName = var.shared_storage_access ? data.azurerm_storage_share.shared_storage[0].name : ""
FileShareName = var.shared_storage_access ? var.shared_storage_name : ""
CondaConfig = local.selected_image.conda_config ? 1 : 0
}
))
Expand Down

0 comments on commit fd4debf

Please sign in to comment.