CMK Encryption support for resources in templates

[yuvalyaron]

Resolves #4145

What is being addressed

Added support for CMK encryption for resources in templates.

How is this addressed

• Workspace services use the CMK and encryption identity of the workspace to enable encryption for supporting resources.
• Shared services use the CMK and encryption identity of the core TRE to enable encryption for supporting resources.

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 715a331.

♻️ This comment has been updated with latest results.

[marrobi]

@yuvalyaron do we know what the upgrade behaviour is here? Might be worth incrementing bundles by a major version to prevent easy upgrade?

[LizaShak]

LGTM

[LizaShak]

Let me know when ready :)

[yuvalyaron]

Let me know when ready :)

ready :)

[yuvalyaron]

/test-extended

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12400748485 (with refid 64081e76)

(in response to this comment from @yuvalyaron)

[yuvalyaron]

@yuvalyaron do we know what the upgrade behaviour is here? Might be worth incrementing bundles by a major version to prevent easy upgrade?

Upgrading is not an issue as long as the enable_cmk_encryption variable remains unchanged, and we assume it will never change (though the exact approach to how to ensure this is yet to be determined): #4172

[LizaShak]

LGTM. Left Just a little comment

[yuvalyaron]

/help

[github-actions]

🤖 pr-bot 🤖

Hello!

You can use the following commands:
    /test - build, deploy and run smoke tests on a PR
    /test-extended - build, deploy and run smoke & extended tests on a PR
    /test-extended-aad - build, deploy and run smoke & extended AAD tests on a PR
    /test-shared-services - test the deployment of shared services on a PR build
    /test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
    /test-destroy-env - delete the validation environment for a PR (e.g. to enable testing a deployment from a clean start after previous tests)
    /help - show this help

(in response to this comment from @yuvalyaron)

[yuvalyaron]

/test-destroy-env

[github-actions]

Destroying PR test environment (RG: rg-tre64081e76)... (run: https://github.com/microsoft/AzureTRE/actions/runs/12452939536)

[github-actions]

PR test environment destroy complete (RG: rg-tre64081e76)

[yuvalyaron]

/test-extended

[github-actions]

🤖 pr-bot 🤖

⚠️ Cannot run tests as PR is not mergeable. Ensure that the PR is open and doesn't have any conflicts.

(in response to this comment from @yuvalyaron)

[yuvalyaron]

/test-extended

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12453158465 (with refid 64081e76)

(in response to this comment from @yuvalyaron)

[yuvalyaron]

/test-force-approve

[github-actions]

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 715a331)

(in response to this comment from @yuvalyaron)

[yuvalyaron]

The workspace tests fail because the Terraform code from the base workspace in the old release does not include the newly added variables. This issue should be resolved once a new release is created.