Import reviewer VM

templates/workspace_services/guacamole/user_resources/guacamole-azure-importreview-vm/.dockerignore

@@ -0,0 +1,11 @@
+# Local .terraform directories
+**/.terraform/*
+
+# TF backend files
+**/*_backend.tf
+
+Dockerfile.tmpl
+
+.env*
+terraform/deploy.sh
+terraform/destroy.sh

templates/workspace_services/guacamole/user_resources/guacamole-azure-importreview-vm/.env.sample

@@ -0,0 +1,5 @@
+# GUID to identify the workspace
+WORKSPACE_ID=__CHANGE_ME__
+
+# Unique identifier of the parent Guacamole service
+PARENT_SERVICE_ID=__CHANGE_ME__

templates/workspace_services/guacamole/user_resources/guacamole-azure-importreview-vm/Dockerfile.tmpl

@@ -0,0 +1,41 @@
+FROM debian:buster-slim
+
+ARG BUNDLE_DIR
+
+ARG AZURE_TRE_VERSION="0.4.3"
+
+RUN  apt-get update \
+  && apt-get install --no-install-recommends jq ca-certificates curl patch -y \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+
+WORKDIR $BUNDLE_DIR
+
+RUN  curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \
+  && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm"  --strip-components=6 --skip-old-files \
+  && rm -rf azuretre.tar.gz
+
+# This is a template Dockerfile for the bundle's invocation image
+# You can customize it to use different base images, install tools and copy configuration files.
+#
+# Porter will use it as a template and append lines to it for the mixins
+# and to set the CMD appropriately for the CNAB specification.
+#
+# Add the following line to porter.yaml to instruct Porter to use this template
+# dockerfile: Dockerfile.tmpl
+
+# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line
+# another location in this file. If you remove that line, the mixins generated content is appended to this file.
+# PORTER_MIXINS
+
+# Use the BUNDLE_DIR build argument to copy files into the bundle
+COPY . $BUNDLE_DIR
+
+# Apply patch with the difference from the base workspace
+RUN patch -p0 < $BUNDLE_DIR/windowsvm.diff
+
+# Mirror plugins to prevent network access at runtime
+# Remove when available from https://github.com/getporter/terraform-mixin/issues/90
+WORKDIR $BUNDLE_DIR/terraform
+RUN terraform init -backend=false \
+  && rm -fr $BUNDLE_DIR/terraform/.terraform/providers \
+  && terraform providers mirror /usr/local/share/terraform/plugins

templates/workspace_services/guacamole/user_resources/guacamole-azure-importreview-vm/parameters.json

@@ -0,0 +1,74 @@
+{
+  "schemaVersion": "1.0.0-DRAFT+TODO",
+  "name": "guacamole-win-import-reviewvm",
+  "created": "2021-06-03T11:54:54.0225968Z",
+  "modified": "2021-06-03T11:54:54.0225968Z",
+  "parameters": [
+    {
+      "name": "workspace_id",
+      "source": {
+        "env": "WORKSPACE_ID"
+      }
+    },
+    {
+      "name": "parent_service_id",
+      "source": {
+        "env": "PARENT_SERVICE_ID"
+      }
+    },
+    {
+      "name": "tre_id",
+      "source": {
+        "env": "TRE_ID"
+      }
+    },
+    {
+      "name": "tfstate_container_name",
+      "source": {
+        "env": "TERRAFORM_STATE_CONTAINER_NAME"
+      }
+    },
+    {
+      "name": "tfstate_resource_group_name",
+      "source": {
+        "env": "MGMT_RESOURCE_GROUP_NAME"
+      }
+    },
+    {
+      "name": "tfstate_storage_account_name",
+      "source": {
+        "env": "MGMT_STORAGE_ACCOUNT_NAME"
+      }
+    },
+    {
+      "name": "id",
+      "source": {
+        "env": "ID"
+      }
+    },
+    {
+      "name": "os_image",
+      "source": {
+        "env": "OS_IMAGE"
+      }
+    },
+    {
+      "name": "shared_storage_access",
+      "source": {
+        "env": "SHARED_STORAGE_ACCESS"
+      }
+    },
+    {
+      "name": "shared_storage_name",
+      "source": {
+        "env": "SHARED_STORAGE_NAME"
+      }
+    },
+    {
+      "name": "vm_size",
+      "source": {
+        "env": "VM_SIZE"
+      }
+    }
+  ]
+}

templates/workspace_services/guacamole/user_resources/guacamole-azure-importreview-vm/porter.yaml

@@ -0,0 +1,243 @@
+---
+name: tre-service-guacamole-import-reviewvm
+version: 0.0.1
+description: "An Azure TRE User Resource Template for reviewing Airlock import requests"
+dockerfile: Dockerfile.tmpl
+registry: azuretre
+
+credentials:
+  - name: azure_tenant_id
+    env: ARM_TENANT_ID
+  - name: azure_subscription_id
+    env: ARM_SUBSCRIPTION_ID
+  - name: azure_client_id
+    env: ARM_CLIENT_ID
+  - name: azure_client_secret
+    env: ARM_CLIENT_SECRET
+
+parameters:
+  - name: workspace_id
+    type: string
+  - name: tre_id
+    type: string
+  - name: parent_service_id
+    type: string
+    description: "Resource group containing the shared ACR"
+    env: PARENT_SERVICE_ID
+  - name: id
+    type: string
+    description: "An Id for this installation"
+    env: id
+  - name: tfstate_resource_group_name
+    type: string
+    description: "Resource group containing the Terraform state storage account"
+  - name: tfstate_storage_account_name
+    type: string
+    description: "The name of the Terraform state storage account"
+  - name: tfstate_container_name
+    env: tfstate_container_name
+    type: string
+    default: "tfstate"
+    description: "The name of the Terraform state storage container"
+  - name: arm_use_msi
+    env: ARM_USE_MSI
+    type: boolean
+    default: false
+  - name: os_image
+    type: string
+    default: "Windows 10"
+  - name: vm_size
+    type: string
+    default: "2 CPU | 8GB RAM"
+  - name: shared_storage_access
+    type: boolean
+    default: false
+  - name: shared_storage_name
+    type: string
+    default: "vm-shared-storage"
+
+outputs:
+  - name: ip
+    type: string
+    applyTo:
+      - install
+  - name: hostname
+    type: string
+    applyTo:
+      - install
+  - name: connection_uri
+    type: string
+    applyTo:
+      - install
+  - name: azure_resource_id
+    type: string
+    applyTo:
+      - install
+      - start
+      - stop
+      - reset_password
+
+mixins:
+  - exec
+  - terraform:
+      clientVersion: 1.2.8
+  - az
+
+install:
+  - terraform:
+      description: "Deploy Guacamole User Resource Service (Reviewer VM)"
+      vars:
+        workspace_id: "{{ bundle.parameters.workspace_id }}"
+        tre_id: "{{ bundle.parameters.tre_id }}"
+        parent_service_id: "{{ bundle.parameters.parent_service_id }}"
+        tre_resource_id: "{{ bundle.parameters.id }}"
+        image: "{{ bundle.parameters.os_image }}"
+        vm_size: "{{ bundle.parameters.vm_size }}"
+        shared_storage_access: "{{ bundle.parameters.shared_storage_access }}"
+        shared_storage_name: "{{ bundle.parameters.shared_storage_name }}"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "{{ bundle.parameters.id }}"
+      outputs:
+        - name: ip
+        - name: hostname
+        - name: connection_uri
+        - name: azure_resource_id
+
+upgrade:
+  - terraform:
+      description: "Update Guacamole User Resource Service (Reviewer VM)"
+      vars:
+        workspace_id: "{{ bundle.parameters.workspace_id }}"
+        tre_id: "{{ bundle.parameters.tre_id }}"
+        parent_service_id: "{{ bundle.parameters.parent_service_id }}"
+        tre_resource_id: "{{ bundle.parameters.id }}"
+        image: "{{ bundle.parameters.os_image }}"
+        vm_size: "{{ bundle.parameters.vm_size }}"
+        shared_storage_access: "{{ bundle.parameters.shared_storage_access }}"
+        shared_storage_name: "{{ bundle.parameters.shared_storage_name }}"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "{{ bundle.parameters.id }}"
+      outputs:
+        - name: ip
+        - name: hostname
+        - name: connection_uri
+        - name: azure_resource_id
+
+uninstall:
+  - exec:
+      description: "Delete the Extensions from the Terraform state manually"
+      command: ./delete_vm_extensions.sh
+      arguments:
+        - "{{ bundle.parameters.tfstate_resource_group_name }}"
+        - "{{ bundle.parameters.tfstate_storage_account_name }}"
+        - "{{ bundle.parameters.tfstate_container_name }}"
+        - "{{ bundle.parameters.id }}"
+
+  - terraform:
+      description: "Delete the Guacamole User Resource Service"
+      vars:
+        workspace_id: "{{ bundle.parameters.workspace_id }}"
+        tre_id: "{{ bundle.parameters.tre_id }}"
+        parent_service_id: "{{ bundle.parameters.parent_service_id }}"
+        tre_resource_id: "{{ bundle.parameters.id }}"
+        image: "{{ bundle.parameters.os_image }}"
+        vm_size: "{{ bundle.parameters.vm_size }}"
+        shared_storage_access: "{{ bundle.parameters.shared_storage_access }}"
+        shared_storage_name: "{{ bundle.parameters.shared_storage_name }}"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "{{ bundle.parameters.id }}"
+
+start:
+  - terraform:
+      arguments:
+        - "output"
+      description: "Get resource ID from Terraform outputs"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "{{ bundle.parameters.id }}"
+      outputs:
+        - name: azure_resource_id
+  - az:
+      description: "Login to Azure"
+      arguments:
+        - login
+      flags:
+        identity:
+        username: "{{ bundle.credentials.azure_client_id }}"
+  - az:
+      description: "Start the VM"
+      arguments:
+        - vm
+        - start
+      flags:
+        ids: "{{ bundle.outputs.azure_resource_id }}"
+
+stop:
+  - terraform:
+      arguments:
+        - "output"
+      description: "Get VM hostname and rg from Terraform outputs"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "{{ bundle.parameters.id }}"
+      outputs:
+        - name: azure_resource_id
+  - az:
+      description: "Login to Azure"
+      arguments:
+        - login
+      flags:
+        identity:
+        username: "{{ bundle.credentials.azure_client_id }}"
+  - az:
+      description: "Stop the VM"
+      arguments:
+        - vm
+        - deallocate
+      flags:
+        ids: "{{ bundle.outputs.azure_resource_id }}"
+
+reset_password:
+  - terraform:
+      arguments:
+        - "output"
+      description: "Get VM details from Terraform outputs"
+      backendConfig:
+        resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}"
+        storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}"
+        container_name: "{{ bundle.parameters.tfstate_container_name }}"
+        key: "{{ bundle.parameters.id }}"
+      outputs:
+        - name: azure_resource_id
+        - name: vm_username
+        - name: vm_password_secret_name
+        - name: keyvault_name
+  - az:
+      description: "Login to Azure"
+      arguments:
+        - login
+      flags:
+        identity:
+        username: "{{ bundle.credentials.azure_client_id }}"
+  - exec:
+      description: "Reset password and persist to keyvault"
+      suppress-output: true
+      command: ./reset_password.sh
+      arguments:
+        - "{{ bundle.outputs.vm_password_secret_name }}"
+        - "{{ bundle.outputs.keyvault_name }}"
+        - "{{ bundle.outputs.vm_username }}"
+        - "{{ bundle.outputs.azure_resource_id }}"