From 1f5d7370540e2a0bbc514d540b80a3796f182a57 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 5 Jan 2025 14:58:01 +0000 Subject: [PATCH 01/11] github action support --- .../actions/devcontainer_run_command/action.yml | 15 +++++++++++++++ .github/workflows/deploy_tre.yml | 2 ++ .github/workflows/deploy_tre_reusable.yml | 12 ++++++++++++ 3 files changed, 29 insertions(+) diff --git a/.github/actions/devcontainer_run_command/action.yml b/.github/actions/devcontainer_run_command/action.yml index 55157e1716..ee91b17143 100644 --- a/.github/actions/devcontainer_run_command/action.yml +++ b/.github/actions/devcontainer_run_command/action.yml @@ -133,6 +133,18 @@ inputs: description: "Application Gateway SKU" required: false default: "" + ENABLE_CMK_ENCRYPTION: + description: "A boolean indicating if we should enable CMK on supported resources" + required: false + default: "false" + ENCRYPTION_KV_NAME: + description: "" + required: false + default: "The name of the keyvault that will be created for CMK" + EXTERNAL_KEY_STORE_ID: + description: "The Azure Resource ID for an external key store to use for CMK" + required: false + default: "" runs: using: composite @@ -244,6 +256,9 @@ runs: && inputs.RESOURCE_PROCESSOR_NUMBER_PROCESSES_PER_INSTANCE) || 5 }}" \ -e TF_VAR_firewall_sku=${{ inputs.FIREWALL_SKU }} \ -e TF_VAR_app_gateway_sku=${{ inputs.APP_GATEWAY_SKU }} \ + -e TF_VAR_enable_cmk_encryption="${{ inputs.ENABLE_CMK_ENCRYPTION }}" \ + -e TF_VAR_encryption_kv_name="${{ inputs.ENCRYPTION_KV_NAME }}" \ + -e TF_VAR_external_key_store_id="${{ inputs.EXTERNAL_KEY_STORE_ID }}" \ -e E2E_TESTS_NUMBER_PROCESSES="${{ inputs.E2E_TESTS_NUMBER_PROCESSES }}" \ '${{ inputs.CI_CACHE_ACR_NAME }}${{ env.ACR_DOMAIN_SUFFIX }}/tredev:${{ inputs.DEVCONTAINER_TAG }}' \ bash -c "${{ inputs.COMMAND }}" diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml index bddea6979f..c9ea4e3e0a 100644 --- a/.github/workflows/deploy_tre.yml +++ b/.github/workflows/deploy_tre.yml @@ -57,3 +57,5 @@ jobs: TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}" TRE_ID: ${{ secrets.TRE_ID }} CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }} + ENCRYPTION_KV_NAME: ${{ secrets.ENCRYPTION_KV_NAME }} + EXTERNAL_KEY_STORE_ID: ${{ secrets.EXTERNAL_KEY_STORE_ID }} diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index e775bed80b..175709444b 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -90,6 +90,12 @@ on: # yamllint disable-line rule:truthy AZURE_CREDENTIALS: description: "" required: true + ENCRYPTION_KV_NAME: + description: "" + required: false + EXTERNAL_KEY_STORE_ID: + description: "" + required: false # This will prevent multiple runs of this entire workflow. # We should NOT cancel in progress runs as that can destabilize the environment. @@ -246,6 +252,9 @@ jobs: TERRAFORM_STATE_CONTAINER_NAME: ${{ vars.TERRAFORM_STATE_CONTAINER_NAME }} MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }} MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }} + ENABLE_CMK_ENCRYPTION: ${{ vars.ENABLE_CMK_ENCRYPTION }} + ENCRYPTION_KV_NAME: ${{ secrets.ENCRYPTION_KV_NAME }} + EXTERNAL_KEY_STORE_ID: ${{ secrets.EXTERNAL_KEY_STORE_ID }} - name: ACR Login # failure in the first attempt indicates a new ACR, so we need to try again after it's been created @@ -359,6 +368,9 @@ jobs: RP_BUNDLE_VALUES: ${{ vars.RP_BUNDLE_VALUES }} FIREWALL_SKU: ${{ vars.FIREWALL_SKU}} APP_GATEWAY_SKU: ${{ vars.APP_GATEWAY_SKU }} + ENABLE_CMK_ENCRYPTION: ${{ vars.ENABLE_CMK_ENCRYPTION }} + ENCRYPTION_KV_NAME: ${{ secrets.ENCRYPTION_KV_NAME }} + EXTERNAL_KEY_STORE_ID: ${{ secrets.EXTERNAL_KEY_STORE_ID }} - name: API Healthcheck uses: ./.github/actions/devcontainer_run_command From 5bb6290e45d24da83860ed9117c2612da1878fa8 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 5 Jan 2025 14:58:48 +0000 Subject: [PATCH 02/11] cmk var validation --- core/terraform/variables.tf | 5 +++++ core/version.txt | 2 +- devops/terraform/variables.tf | 5 +++++ devops/version.txt | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/core/terraform/variables.tf b/core/terraform/variables.tf index 1f1004d8bb..ba49d4c6b3 100644 --- a/core/terraform/variables.tf +++ b/core/terraform/variables.tf @@ -228,6 +228,11 @@ variable "enable_cmk_encryption" { type = bool description = "A boolean indicating if customer managed keys will be used for encryption of supporting resources" default = false + + validation { + condition = var.enable_cmk_encryption == false || (var.enable_cmk_encryption == true && try(length(var.external_key_store_id), 0) + try(length(var.encryption_kv_name), 0) > 0) + error_message = "Exactly one of 'external_key_store_id' or 'encryption_kv_name' must be non-empty when enable_cmk_encryption is true." + } } variable "external_key_store_id" { diff --git a/core/version.txt b/core/version.txt index 87583f1acf..1e6e806534 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.11.15" +__version__ = "0.11.16" diff --git a/devops/terraform/variables.tf b/devops/terraform/variables.tf index 9c9ad2bfbe..5a0267b201 100644 --- a/devops/terraform/variables.tf +++ b/devops/terraform/variables.tf @@ -28,6 +28,11 @@ variable "enable_cmk_encryption" { type = bool description = "A boolean indicating if customer managed keys will be used for encryption of supporting resources" default = false + + validation { + condition = var.enable_cmk_encryption == false || (var.enable_cmk_encryption == true && try(length(var.external_key_store_id), 0) + try(length(var.encryption_kv_name), 0) > 0) + error_message = "Exactly one of 'external_key_store_id' or 'encryption_kv_name' must be non-empty when enable_cmk_encryption is true." + } } variable "external_key_store_id" { diff --git a/devops/version.txt b/devops/version.txt index 86716a713a..a779a44262 100644 --- a/devops/version.txt +++ b/devops/version.txt @@ -1 +1 @@ -__version__ = "0.5.5" +__version__ = "0.5.6" From 3fa9267465234df9106d9b67771f57c6feb769af Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 5 Jan 2025 14:58:58 +0000 Subject: [PATCH 03/11] config schema validation --- config_schema.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/config_schema.json b/config_schema.json index 8885822acb..d2235f74ab 100644 --- a/config_schema.json +++ b/config_schema.json @@ -51,6 +51,14 @@ "description": "The Azure subscription ID for all resources.", "type": "string", "pattern": "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" + }, + "encryption_kv_name": { + "description": "Name of Key Vault for encryption keys.", + "type": "string" + }, + "external_key_store_id": { + "description": "ID of external Key Vault to store CMKs.", + "type": "string" } }, "required": [ @@ -96,6 +104,10 @@ "custom_domain": { "description": "Custom domain name.", "type": "string" + }, + "enable_cmk_encryption": { + "description": "Enables customer-managed key encryption for all supported resources.", + "type": "boolean" } } }, From 9d39d0802b2cfbda01e9a019da9ecd8a215cb431 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 5 Jan 2025 15:22:34 +0000 Subject: [PATCH 04/11] add support for branch and bot --- .github/workflows/deploy_tre_branch.yml | 2 ++ .github/workflows/pr_comment_bot.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/deploy_tre_branch.yml b/.github/workflows/deploy_tre_branch.yml index a6b65f9196..0f6567add6 100644 --- a/.github/workflows/deploy_tre_branch.yml +++ b/.github/workflows/deploy_tre_branch.yml @@ -88,3 +88,5 @@ jobs: TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}" TRE_ID: ${{ format('tre{0}', needs.prepare-not-main.outputs.refid) }} CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }} + ENCRYPTION_KV_NAME: ${{ format('tre{0}mgmt', needs.prepare-not-main.outputs.refid) }} + EXTERNAL_KEY_STORE_ID: ${{ secrets.EXTERNAL_KEY_STORE_ID }} diff --git a/.github/workflows/pr_comment_bot.yml b/.github/workflows/pr_comment_bot.yml index cfc14dc739..5592ec36b5 100644 --- a/.github/workflows/pr_comment_bot.yml +++ b/.github/workflows/pr_comment_bot.yml @@ -185,3 +185,5 @@ jobs: TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}" TRE_ID: ${{ format('tre{0}', needs.pr_comment.outputs.prRefId) }} CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }} + ENCRYPTION_KV_NAME: ${{ format('tre{0}mgmt', needs.prepare-not-main.outputs.refid) }} + EXTERNAL_KEY_STORE_ID: ${{ secrets.EXTERNAL_KEY_STORE_ID }} From cb5ffd3191f984a42a6ad340eaea106d7781b203 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 5 Jan 2025 15:31:05 +0000 Subject: [PATCH 05/11] install Terraform as the image doesn't include it anymore --- .github/workflows/build_validation_develop.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build_validation_develop.yml b/.github/workflows/build_validation_develop.yml index c44cba4b9d..01be02c3c0 100644 --- a/.github/workflows/build_validation_develop.yml +++ b/.github/workflows/build_validation_develop.yml @@ -52,6 +52,11 @@ jobs: terraform_workspace_services: - templates/workspace_services/**/terraform/**/*.tf + - uses: hashicorp/setup-terraform@v3 + if: ${{ steps.filter.outputs.terraform == 'true' }} + with: + terraform_version: "1.9.8" + - name: Terraform format check if: ${{ steps.filter.outputs.terraform == 'true' }} run: terraform fmt -check -recursive From 8ee386642af57328997b85c4036c4dd263072cda Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 5 Jan 2025 15:36:47 +0000 Subject: [PATCH 06/11] fix prbot --- .github/workflows/pr_comment_bot.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/pr_comment_bot.yml b/.github/workflows/pr_comment_bot.yml index 5592ec36b5..3771dfbbfb 100644 --- a/.github/workflows/pr_comment_bot.yml +++ b/.github/workflows/pr_comment_bot.yml @@ -185,5 +185,4 @@ jobs: TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}" TRE_ID: ${{ format('tre{0}', needs.pr_comment.outputs.prRefId) }} CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }} - ENCRYPTION_KV_NAME: ${{ format('tre{0}mgmt', needs.prepare-not-main.outputs.refid) }} - EXTERNAL_KEY_STORE_ID: ${{ secrets.EXTERNAL_KEY_STORE_ID }} + ENCRYPTION_KV_NAME: ${{ format('tre{0}mgmt', needs.pr_comment.outputs.prRefId) }} From b74cf1550d6db6d5c953f737005a1b7e36e61877 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 6 Jan 2025 06:34:26 +0000 Subject: [PATCH 07/11] update docs --- docs/tre-admins/environment-variables.md | 3 ++- .../tre-admins/setup-instructions/cicd-pre-deployment-steps.md | 3 +++ docs/tre-admins/setup-instructions/workflows.md | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/tre-admins/environment-variables.md b/docs/tre-admins/environment-variables.md index 04395b9ec9..4203a14c0c 100644 --- a/docs/tre-admins/environment-variables.md +++ b/docs/tre-admins/environment-variables.md @@ -44,7 +44,8 @@ | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | | `CUSTOM_DOMAIN` | Optional. Custom domain name to access the Azure TRE portal. See [Custom domain name](custom-domain.md). | -| `ENABLE_CMK_ENCRYPTION` | If set to `true`, customer-managed key encryption will be enabled for all supported resources. | +| `ENABLE_CMK_ENCRYPTION` | Optionl. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | + ## For authentication in `/config.yaml` | Variable | Description | diff --git a/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md b/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md index 0c360b5f93..808121a753 100644 --- a/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md +++ b/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md @@ -66,6 +66,8 @@ Configure the following secrets in your github environment: | `MGMT_RESOURCE_GROUP_NAME` | The name of the shared resource group for all Azure TRE core resources. | | `MGMT_STORAGE_ACCOUNT_NAME` | The name of the storage account to hold the Terraform state and other deployment artifacts. E.g. `mystorageaccount`. | | `ACR_NAME` | A globally unique name for the Azure Container Registry (ACR) that will be created to store deployment images. | +| `EXTERNAL_KEY_STORE_ID` | Optional. The ID of the external Key Vault to store CMKs in. Should not be set if `ENCRYPTION_KV_NAME` is set and only required if `ENABLE_CMK_ENCRYPTION` is true. | +| `ENCRYPTION_KV_NAME` | Optional. The name of the Key Vault for encryption keys. Should not be set if `EXTERNAL_KEY_STORE_ID` is set and only required if `ENABLE_CMK_ENCRYPTION` is true. | ### Configure Core Variables @@ -86,6 +88,7 @@ Configure the following **variables** in your github environment: | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | | `CUSTOM_DOMAIN` | Optional. Custom domain name to access the Azure TRE portal. See [Custom domain name](../custom-domain.md). | +| `ENABLE_CMK_ENCRYPTION` | Optionl. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | ### Configure Authentication Secrets diff --git a/docs/tre-admins/setup-instructions/workflows.md b/docs/tre-admins/setup-instructions/workflows.md index dfc21b8de5..f5041df672 100644 --- a/docs/tre-admins/setup-instructions/workflows.md +++ b/docs/tre-admins/setup-instructions/workflows.md @@ -147,7 +147,7 @@ Configure variables used in the deployment workflow: | `ENABLE_SWAGGER` | Optional. Determines whether the Swagger interface for the API will be available. Default value is `false`. | | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | - +| `ENABLE_CMK_ENCRYPTION` | Optionl. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | ### Deploy the TRE using the workflow From fe1e31ea79458f12129a5d9fa00d016af6780f9f Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 6 Jan 2025 11:40:12 +0000 Subject: [PATCH 08/11] fix up --- .github/workflows/codeql-analysis.yml | 2 +- core/terraform/variables.tf | 5 ++++- devops/terraform/variables.tf | 5 ++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 176b3b6a39..2cb40d1fd9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -29,7 +29,7 @@ concurrency: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: actions: read contents: read diff --git a/core/terraform/variables.tf b/core/terraform/variables.tf index ba49d4c6b3..8a6c034aaa 100644 --- a/core/terraform/variables.tf +++ b/core/terraform/variables.tf @@ -230,7 +230,10 @@ variable "enable_cmk_encryption" { default = false validation { - condition = var.enable_cmk_encryption == false || (var.enable_cmk_encryption == true && try(length(var.external_key_store_id), 0) + try(length(var.encryption_kv_name), 0) > 0) + condition = var.enable_cmk_encryption == false || (var.enable_cmk_encryption == true && ( + (try(length(var.external_key_store_id), 0) > 0 && try(length(var.encryption_kv_name), 0) == 0) || + (try(length(var.external_key_store_id), 0) == 0 && try(length(var.encryption_kv_name), 0) > 0) + )) error_message = "Exactly one of 'external_key_store_id' or 'encryption_kv_name' must be non-empty when enable_cmk_encryption is true." } } diff --git a/devops/terraform/variables.tf b/devops/terraform/variables.tf index 5a0267b201..4b2131dbc9 100644 --- a/devops/terraform/variables.tf +++ b/devops/terraform/variables.tf @@ -30,7 +30,10 @@ variable "enable_cmk_encryption" { default = false validation { - condition = var.enable_cmk_encryption == false || (var.enable_cmk_encryption == true && try(length(var.external_key_store_id), 0) + try(length(var.encryption_kv_name), 0) > 0) + condition = var.enable_cmk_encryption == false || (var.enable_cmk_encryption == true && ( + (try(length(var.external_key_store_id), 0) > 0 && try(length(var.encryption_kv_name), 0) == 0) || + (try(length(var.external_key_store_id), 0) == 0 && try(length(var.encryption_kv_name), 0) > 0) + )) error_message = "Exactly one of 'external_key_store_id' or 'encryption_kv_name' must be non-empty when enable_cmk_encryption is true." } } From ef7fb8faaac2cbe0955e50322d51ded7e330bfcd Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:26:23 +0200 Subject: [PATCH 09/11] Update docs/tre-admins/setup-instructions/workflows.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- docs/tre-admins/setup-instructions/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tre-admins/setup-instructions/workflows.md b/docs/tre-admins/setup-instructions/workflows.md index f5041df672..eabc62332d 100644 --- a/docs/tre-admins/setup-instructions/workflows.md +++ b/docs/tre-admins/setup-instructions/workflows.md @@ -147,7 +147,7 @@ Configure variables used in the deployment workflow: | `ENABLE_SWAGGER` | Optional. Determines whether the Swagger interface for the API will be available. Default value is `false`. | | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | -| `ENABLE_CMK_ENCRYPTION` | Optionl. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | +| `ENABLE_CMK_ENCRYPTION` | Optional. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | ### Deploy the TRE using the workflow From ebf3e4226a56b8c0b99d23596227fff5f504ec19 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 6 Jan 2025 12:28:01 +0000 Subject: [PATCH 10/11] fix docs --- docs/tre-admins/environment-variables.md | 3 ++- .../tre-admins/setup-instructions/cicd-pre-deployment-steps.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/tre-admins/environment-variables.md b/docs/tre-admins/environment-variables.md index 4203a14c0c..144fb92e0e 100644 --- a/docs/tre-admins/environment-variables.md +++ b/docs/tre-admins/environment-variables.md @@ -44,7 +44,7 @@ | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | | `CUSTOM_DOMAIN` | Optional. Custom domain name to access the Azure TRE portal. See [Custom domain name](custom-domain.md). | -| `ENABLE_CMK_ENCRYPTION` | Optionl. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | +| `ENABLE_CMK_ENCRYPTION` | Optional. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | ## For authentication in `/config.yaml` @@ -61,6 +61,7 @@ | `WORKSPACE_API_CLIENT_SECRET` | Each workspace is secured behind it's own AD Application. This is the secret for that application.| ## For CI/CD pipelines in github environment secrets + | Variable | Description | | -------- | ----------- | | `AZURE_CREDENTIALS`| Credentials used to authorize CI/CD workflows to provision resources for the TRE workspaces and workspace services. This is basically your ARM client credentials in json format. Read more about how to create it and its format [here](./setup-instructions/workflows.md##create-a-service principal-for-provisioning-resources)| diff --git a/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md b/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md index 808121a753..e03c63272d 100644 --- a/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md +++ b/docs/tre-admins/setup-instructions/cicd-pre-deployment-steps.md @@ -88,7 +88,7 @@ Configure the following **variables** in your github environment: | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | | `CUSTOM_DOMAIN` | Optional. Custom domain name to access the Azure TRE portal. See [Custom domain name](../custom-domain.md). | -| `ENABLE_CMK_ENCRYPTION` | Optionl. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | +| `ENABLE_CMK_ENCRYPTION` | Optional. Default is `false`, if set to `true` customer-managed key encryption will be enabled for all supported resources. | ### Configure Authentication Secrets From 0975c9bbf1c521844b692ce4d1d966da32bbc98d Mon Sep 17 00:00:00 2001 From: Yuval Yaron Date: Tue, 18 Feb 2025 12:57:41 +0000 Subject: [PATCH 11/11] update core version --- core/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version.txt b/core/version.txt index 8e1395bd35..6dd4954d0d 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.12.3" +__version__ = "0.12.4"