diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e05c2fa0d..c596b48c02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,9 +14,12 @@ ENHANCEMENTS: * Add bundle target to Makefile for handling different bundle types in single command ([#4372](https://github.com/microsoft/AzureTRE/issues/4372)) * Migrate UI to Vite build engine and update dependencies ([#4368](https://github.com/microsoft/AzureTRE/pull/4368)) * Add Windows image field to the Admin VM template ([#4274](https://github.com/microsoft/AzureTRE/pull/4274)) +* Update TLS to the latest version for web apps / function apps (([#4351](https://github.com/microsoft/AzureTRE/issues/4351)) BUG FIXES: * Fix upgrade when porter install has failed ([#4338](https://github.com/microsoft/AzureTRE/pull/4338)) +* Certs shared service: Secret nexus-ssl-password is currently in a deleted but recoverable state ([#4294](https://github.com/microsoft/AzureTRE/issues/4294)]) +* Fix Cosmos DB local debugging configuration ([#4340](https://github.com/microsoft/AzureTRE/pull/4340)) COMPONENTS: diff --git a/api_app/_version.py b/api_app/_version.py index 6a726d853b..76f24586d4 100644 --- a/api_app/_version.py +++ b/api_app/_version.py @@ -1 +1 @@ -__version__ = "0.21.0" +__version__ = "0.21.1" diff --git a/api_app/api/dependencies/database.py b/api_app/api/dependencies/database.py index 7bfc89ff22..3220314e75 100644 --- a/api_app/api/dependencies/database.py +++ b/api_app/api/dependencies/database.py @@ -1,7 +1,6 @@ from azure.cosmos.aio import CosmosClient, DatabaseProxy, ContainerProxy -from azure.mgmt.cosmosdb.aio import CosmosDBManagementClient -from core.config import MANAGED_IDENTITY_CLIENT_ID, STATE_STORE_ENDPOINT, STATE_STORE_KEY, STATE_STORE_SSL_VERIFY, SUBSCRIPTION_ID, RESOURCE_MANAGER_ENDPOINT, CREDENTIAL_SCOPES, RESOURCE_GROUP_NAME, COSMOSDB_ACCOUNT_NAME, STATE_STORE_DATABASE +from core.config import STATE_STORE_ENDPOINT, STATE_STORE_KEY, STATE_STORE_SSL_VERIFY, STATE_STORE_DATABASE from core.credentials import get_credential_async from services.logging import logger @@ -27,53 +26,32 @@ def __init__(cls): async def _connect_to_db(cls) -> CosmosClient: logger.debug(f"Connecting to {STATE_STORE_ENDPOINT}") - credential = await get_credential_async() - if MANAGED_IDENTITY_CLIENT_ID: - logger.debug("Connecting with managed identity") - cosmos_client = CosmosClient( - url=STATE_STORE_ENDPOINT, - credential=credential - ) - else: + if STATE_STORE_KEY: logger.debug("Connecting with key") - primary_master_key = await cls._get_store_key(credential) - if STATE_STORE_SSL_VERIFY: logger.debug("Connecting with SSL verification") cosmos_client = CosmosClient( url=STATE_STORE_ENDPOINT, - credential=primary_master_key + credential=STATE_STORE_KEY ) else: logger.debug("Connecting without SSL verification") # ignore TLS (setup is a pain) when using local Cosmos emulator. cosmos_client = CosmosClient( url=STATE_STORE_ENDPOINT, - credential=primary_master_key, + credential=STATE_STORE_KEY, connection_verify=False ) - logger.debug("Connection established") - return cosmos_client - - @classmethod - async def _get_store_key(cls, credential) -> str: - logger.debug("Getting store key") - if STATE_STORE_KEY: - primary_master_key = STATE_STORE_KEY else: - async with CosmosDBManagementClient( - credential, - subscription_id=SUBSCRIPTION_ID, - base_url=RESOURCE_MANAGER_ENDPOINT, - credential_scopes=CREDENTIAL_SCOPES - ) as cosmosdb_mng_client: - database_keys = await cosmosdb_mng_client.database_accounts.list_keys( - resource_group_name=RESOURCE_GROUP_NAME, - account_name=COSMOSDB_ACCOUNT_NAME, - ) - primary_master_key = database_keys.primary_master_key + logger.debug("Connecting with managed identity") + credential = await get_credential_async() + cosmos_client = CosmosClient( + url=STATE_STORE_ENDPOINT, + credential=credential + ) - return primary_master_key + logger.debug("Connection established") + return cosmos_client @classmethod async def get_container_proxy(cls, container_name) -> ContainerProxy: diff --git a/api_app/tests_ma/conftest.py b/api_app/tests_ma/conftest.py index 0bd06e076d..6245ec23ec 100644 --- a/api_app/tests_ma/conftest.py +++ b/api_app/tests_ma/conftest.py @@ -578,7 +578,6 @@ def simple_pipeline_step() -> PipelineStep: @pytest_asyncio.fixture(autouse=True) async def no_database(): with patch('api.dependencies.database.get_credential_async', return_value=AsyncMock()), \ - patch('api.dependencies.database.CosmosDBManagementClient', return_value=AsyncMock()), \ - patch('api.dependencies.database.CosmosClient', return_value=AsyncMock(spec=CosmosClient)) as cosmos_client_mock: + patch('api.dependencies.database.CosmosClient', return_value=AsyncMock(spec=CosmosClient)) as cosmos_client_mock: cosmos_client_mock.return_value.get_database_client.return_value = AsyncMock(spec=DatabaseProxy) yield Database() diff --git a/core/terraform/airlock/airlock_processor.tf b/core/terraform/airlock/airlock_processor.tf index f6a0f98ed4..d293927ea0 100644 --- a/core/terraform/airlock/airlock_processor.tf +++ b/core/terraform/airlock/airlock_processor.tf @@ -111,6 +111,7 @@ resource "azurerm_linux_function_app" "airlock_function_app" { container_registry_use_managed_identity = true vnet_route_all_enabled = true ftps_state = "Disabled" + minimum_tls_version = "1.3" application_stack { docker { diff --git a/core/terraform/airlock/main.tf b/core/terraform/airlock/main.tf index cc76da3210..ee659770f9 100644 --- a/core/terraform/airlock/main.tf +++ b/core/terraform/airlock/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.117" + version = ">= 4.14.0" } azapi = { source = "Azure/azapi" diff --git a/core/terraform/api-webapp.tf b/core/terraform/api-webapp.tf index 9d9fb65dd1..b35cc0ba7c 100644 --- a/core/terraform/api-webapp.tf +++ b/core/terraform/api-webapp.tf @@ -83,7 +83,7 @@ resource "azurerm_linux_web_app" "api" { vnet_route_all_enabled = true container_registry_use_managed_identity = true container_registry_managed_identity_client_id = azurerm_user_assigned_identity.id.client_id - minimum_tls_version = "1.2" + minimum_tls_version = "1.3" ftps_state = "Disabled" application_stack { diff --git a/core/version.txt b/core/version.txt index 76da4a9882..8e1395bd35 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.12.2" +__version__ = "0.12.3" diff --git a/devops/scripts/setup_local_debugging.sh b/devops/scripts/setup_local_debugging.sh index 4cb2dbdb55..2bf70a63d0 100755 --- a/devops/scripts/setup_local_debugging.sh +++ b/devops/scripts/setup_local_debugging.sh @@ -91,6 +91,19 @@ az role assignment create \ --assignee "${LOGGED_IN_OBJECT_ID}" \ --scope "${STATE_STORE_RESOURCE_ID}" +ROLE_DEFINITION_ID=$(az cosmosdb sql role definition list \ + --resource-group "${RESOURCE_GROUP_NAME}" \ + --account-name "${COSMOSDB_ACCOUNT_NAME}" \ + --query "[?roleName=='Cosmos DB Built-in Data Contributor'].id" \ + --output tsv) + +az cosmosdb sql role assignment create \ + --resource-group "${RESOURCE_GROUP_NAME}" \ + --account-name "${COSMOSDB_ACCOUNT_NAME}" \ + --role-definition-id "${ROLE_DEFINITION_ID}" \ + --principal-id "${LOGGED_IN_OBJECT_ID}" \ + --scope "${STATE_STORE_RESOURCE_ID}" + az role assignment create \ --role "Contributor" \ --assignee "${LOGGED_IN_OBJECT_ID}" \ diff --git a/templates/shared_services/certs/porter.yaml b/templates/shared_services/certs/porter.yaml index c334eda592..ede2be3478 100755 --- a/templates/shared_services/certs/porter.yaml +++ b/templates/shared_services/certs/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-certs -version: 0.7.3 +version: 0.7.4 description: "An Azure TRE shared service to generate certificates for a specified internal domain using Letsencrypt" registry: azuretre dockerfile: Dockerfile.tmpl @@ -88,6 +88,7 @@ install: - name: storage_account_name - name: resource_group_name - name: keyvault_name + - name: password_name - az: description: "Set Azure Cloud Environment" arguments: @@ -114,6 +115,7 @@ install: resource_group_name: ${ bundle.outputs.resource_group_name } keyvault_name: ${ bundle.outputs.keyvault_name } cert_name: ${ bundle.parameters.cert_name } + password_name: ${ bundle.outputs.password_name } - az: description: "Stop application gateway" arguments: @@ -167,6 +169,7 @@ renew: - name: storage_account_name - name: resource_group_name - name: keyvault_name + - name: password_name - az: description: "Set Azure Cloud Environment" arguments: @@ -202,6 +205,7 @@ renew: resource_group_name: ${ bundle.outputs.resource_group_name } keyvault_name: ${ bundle.outputs.keyvault_name } cert_name: ${ bundle.parameters.cert_name } + password_name: ${ bundle.outputs.password_name } - az: description: "Stop application gateway" arguments: diff --git a/templates/shared_services/certs/scripts/letsencrypt.sh b/templates/shared_services/certs/scripts/letsencrypt.sh index 4339990f43..bd88397215 100755 --- a/templates/shared_services/certs/scripts/letsencrypt.sh +++ b/templates/shared_services/certs/scripts/letsencrypt.sh @@ -29,6 +29,10 @@ while [ "$1" != "" ]; do shift cert_name=$1 ;; + --password_name) + shift + password_name=$1 + ;; *) echo "Unexpected argument: '$1'" usage @@ -122,8 +126,8 @@ sid=$(az keyvault certificate import \ --password "${CERT_PASSWORD}" \ | jq -r '.sid') -echo "Saving certificate password to KV with key ${cert_name}-password" -az keyvault secret set --name "${cert_name}"-password \ +echo "Saving certificate password to KV with key ${password_name}" +az keyvault secret set --name "$password_name" \ --vault-name "${keyvault_name}" \ --value "${CERT_PASSWORD}" diff --git a/templates/shared_services/certs/terraform/certificate.tf b/templates/shared_services/certs/terraform/certificate.tf index 0a825c491d..2ceb183ab5 100644 --- a/templates/shared_services/certs/terraform/certificate.tf +++ b/templates/shared_services/certs/terraform/certificate.tf @@ -36,3 +36,18 @@ resource "azurerm_key_vault_certificate" "tlscert" { } } + +# pre-create in advance of the real password being created +# so if there is a deleted secret it will be recovered +# +resource "azurerm_key_vault_secret" "cert_password" { + name = local.password_name + value = "0000000000" + key_vault_id = data.azurerm_key_vault.key_vault.id + tags = local.tre_shared_service_tags + + # The password will get replaced with a real one, so we don't want Terraform to try and revert it. + lifecycle { + ignore_changes = all + } +} diff --git a/templates/shared_services/certs/terraform/locals.tf b/templates/shared_services/certs/terraform/locals.tf index eb6e2bc676..19aa23c554 100644 --- a/templates/shared_services/certs/terraform/locals.tf +++ b/templates/shared_services/certs/terraform/locals.tf @@ -26,4 +26,5 @@ locals { cmk_name = "tre-encryption-${var.tre_id}" encryption_identity_name = "id-encryption-${var.tre_id}" + password_name = "${var.cert_name}-password" } diff --git a/templates/shared_services/certs/terraform/outputs.tf b/templates/shared_services/certs/terraform/outputs.tf index 882e91b2da..844163ebb0 100644 --- a/templates/shared_services/certs/terraform/outputs.tf +++ b/templates/shared_services/certs/terraform/outputs.tf @@ -17,3 +17,7 @@ output "resource_group_name" { output "keyvault_name" { value = data.azurerm_key_vault.key_vault.name } + +output "password_name" { + value = local.password_name +} diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index e2d3c8b0d5..8b7eaaebc0 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 1.1.4 +version: 1.1.5 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/terraform/.terraform.lock.hcl b/templates/shared_services/gitea/terraform/.terraform.lock.hcl index baa9c555b3..410b9232d0 100644 --- a/templates/shared_services/gitea/terraform/.terraform.lock.hcl +++ b/templates/shared_services/gitea/terraform/.terraform.lock.hcl @@ -2,22 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.117.0" - constraints = "3.117.0" + version = "4.14.0" + constraints = "4.14.0" hashes = [ - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", - "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", - "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", - "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", - "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", - "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", - "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", - "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", - "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", - "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", - "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index 285b1b95d6..5cbf0c462f 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -66,7 +66,7 @@ resource "azurerm_linux_web_app" "gitea" { container_registry_managed_identity_client_id = azurerm_user_assigned_identity.gitea_id.client_id ftps_state = "Disabled" always_on = true - minimum_tls_version = "1.2" + minimum_tls_version = "1.3" vnet_route_all_enabled = true application_stack { @@ -129,11 +129,14 @@ resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { target_resource_id = azurerm_linux_web_app.gitea.id log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id - dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.webapp.log_category_types + dynamic "enabled_log" { + for_each = [ + for category in data.azurerm_monitor_diagnostic_categories.webapp.log_category_types : + category if contains(local.webapp_diagnostic_categories_enabled, category) + ] content { - category = log.value - enabled = contains(local.webapp_diagnostic_categories_enabled, log.value) ? true : false + category = enabled_log.value + } } diff --git a/templates/shared_services/gitea/terraform/main.tf b/templates/shared_services/gitea/terraform/main.tf index 7765d3385b..61aca317c0 100644 --- a/templates/shared_services/gitea/terraform/main.tf +++ b/templates/shared_services/gitea/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.117.0" + version = "=4.14.0" } local = { source = "hashicorp/local" diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index d50dff1681..b15bd80a9e 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 1.2.2 +version: 1.2.3 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/gitea/terraform/.terraform.lock.hcl b/templates/workspace_services/gitea/terraform/.terraform.lock.hcl index a7fe6e4fb5..828f6f3414 100644 --- a/templates/workspace_services/gitea/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/gitea/terraform/.terraform.lock.hcl @@ -2,22 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.117.0" - constraints = "3.117.0" + version = "4.14.0" + constraints = "4.14.0" hashes = [ - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", - "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", - "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", - "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", - "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", - "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", - "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", - "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", - "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", - "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", - "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } diff --git a/templates/workspace_services/gitea/terraform/gitea-webapp.tf b/templates/workspace_services/gitea/terraform/gitea-webapp.tf index b9d6643c9d..10602796d3 100644 --- a/templates/workspace_services/gitea/terraform/gitea-webapp.tf +++ b/templates/workspace_services/gitea/terraform/gitea-webapp.tf @@ -76,7 +76,7 @@ resource "azurerm_linux_web_app" "gitea" { container_registry_managed_identity_client_id = azurerm_user_assigned_identity.gitea_id.client_id ftps_state = "Disabled" always_on = true - minimum_tls_version = "1.2" + minimum_tls_version = "1.3" vnet_route_all_enabled = true application_stack { @@ -138,11 +138,13 @@ resource "azurerm_monitor_diagnostic_setting" "gitea" { target_resource_id = azurerm_linux_web_app.gitea.id log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id - dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.gitea.log_category_types + dynamic "enabled_log" { + for_each = [ + for category in data.azurerm_monitor_diagnostic_categories.gitea.log_category_types : + category if contains(local.web_app_diagnostic_categories_enabled, category) + ] content { - category = log.value - enabled = contains(local.web_app_diagnostic_categories_enabled, log.value) ? true : false + category = enabled_log.value } } diff --git a/templates/workspace_services/gitea/terraform/main.tf b/templates/workspace_services/gitea/terraform/main.tf index 5eb181ce8f..8ff9f97222 100644 --- a/templates/workspace_services/gitea/terraform/main.tf +++ b/templates/workspace_services/gitea/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.117.0" + version = "=4.14.0" } random = { source = "hashicorp/random" diff --git a/templates/workspace_services/guacamole/porter.yaml b/templates/workspace_services/guacamole/porter.yaml index 7f6b523b6b..c1d16965d1 100644 --- a/templates/workspace_services/guacamole/porter.yaml +++ b/templates/workspace_services/guacamole/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole -version: 0.12.7 +version: 0.12.8 description: "An Azure TRE service for Guacamole" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl b/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl index acd21261d5..9e59e77e40 100644 --- a/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl @@ -2,22 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.117.0" - constraints = "3.117.0" + version = "4.14.0" + constraints = "4.14.0" hashes = [ - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", - "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", - "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", - "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", - "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", - "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", - "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", - "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", - "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", - "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", - "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } diff --git a/templates/workspace_services/guacamole/terraform/providers.tf b/templates/workspace_services/guacamole/terraform/providers.tf index fc62705f9b..62d4d8d07b 100644 --- a/templates/workspace_services/guacamole/terraform/providers.tf +++ b/templates/workspace_services/guacamole/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.117.0" + version = "=4.14.0" } local = { source = "hashicorp/local" diff --git a/templates/workspace_services/guacamole/terraform/web_app.tf b/templates/workspace_services/guacamole/terraform/web_app.tf index ac6a2ceb05..d56f6bd3fc 100644 --- a/templates/workspace_services/guacamole/terraform/web_app.tf +++ b/templates/workspace_services/guacamole/terraform/web_app.tf @@ -27,7 +27,7 @@ resource "azurerm_linux_web_app" "guacamole" { container_registry_managed_identity_client_id = azurerm_user_assigned_identity.guacamole_id.client_id ftps_state = "Disabled" vnet_route_all_enabled = true - minimum_tls_version = "1.2" + minimum_tls_version = "1.3" application_stack { docker_registry_url = "https://${data.azurerm_container_registry.mgmt_acr.login_server}" diff --git a/templates/workspace_services/ohdsi/porter.yaml b/templates/workspace_services/ohdsi/porter.yaml index 15f919d400..cc9b60e4eb 100644 --- a/templates/workspace_services/ohdsi/porter.yaml +++ b/templates/workspace_services/ohdsi/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-ohdsi -version: 0.3.2 +version: 0.3.3 description: "An OHDSI workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/ohdsi/terraform/.terraform.lock.hcl b/templates/workspace_services/ohdsi/terraform/.terraform.lock.hcl index 82ad71e493..c94c1c299f 100644 --- a/templates/workspace_services/ohdsi/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/ohdsi/terraform/.terraform.lock.hcl @@ -2,22 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.117.0" - constraints = "3.117.0" + version = "4.14.0" + constraints = "4.14.0" hashes = [ - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", - "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", - "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", - "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", - "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", - "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", - "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", - "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", - "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", - "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", - "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } diff --git a/templates/workspace_services/ohdsi/terraform/atlas_ui.tf b/templates/workspace_services/ohdsi/terraform/atlas_ui.tf index dd688bcf66..24879a80da 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_ui.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_ui.tf @@ -30,12 +30,12 @@ resource "azurerm_linux_web_app" "atlas_ui" { client_affinity_enabled = false site_config { - always_on = false - ftps_state = "Disabled" + always_on = false + ftps_state = "Disabled" + minimum_tls_version = "1.3" application_stack { - docker_image = "index.docker.io/${local.atlas_ui_docker_image_name}" - docker_image_tag = local.atlas_ui_docker_image_tag + docker_image_name = "index.docker.io/${local.atlas_ui_docker_image_name}:${local.atlas_ui_docker_image_tag}" } } diff --git a/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf b/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf index a3640d4676..2606dbc5cb 100644 --- a/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf +++ b/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf @@ -33,12 +33,12 @@ resource "azurerm_linux_web_app" "ohdsi_webapi" { client_affinity_enabled = false site_config { - always_on = true - ftps_state = "Disabled" + always_on = true + ftps_state = "Disabled" + minimum_tls_version = "1.3" application_stack { - docker_image = "index.docker.io/${local.ohdsi_api_docker_image_name}" - docker_image_tag = local.ohdsi_api_docker_image_tag + docker_image_name = "index.docker.io/${local.ohdsi_api_docker_image_name}:${local.ohdsi_api_docker_image_tag}" } } diff --git a/templates/workspace_services/ohdsi/terraform/providers.tf b/templates/workspace_services/ohdsi/terraform/providers.tf index 58928db7c2..ce7c57ddcc 100644 --- a/templates/workspace_services/ohdsi/terraform/providers.tf +++ b/templates/workspace_services/ohdsi/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.117.0" + version = "=4.14.0" } local = { source = "hashicorp/local"