Merge branch 'main' into jr/upstream-main/93-close-keyvault-firewall

.devcontainer/devcontainer.json

@@ -275,6 +275,7 @@
       "extensions": [
         "ms-python.python",
         "ms-python.pylance",
+        "ms-python.flake8",
         "hashicorp.terraform",
         "github.vscode-pull-request-github",
         "gitHub.copilot",

CHANGELOG.md

@@ -6,8 +6,12 @@
 ENHANCEMENTS:
 * Core key vault firewall should not be set to "Allow public access from all networks" ([#4250](https://github.com/microsoft/AzureTRE/issues/4250))
 * Allow workspace App Service Plan SKU to be updated ([#4331](https://github.com/microsoft/AzureTRE/issues/4331))
+* Remove public IP from TRE's firewall when forced tunneling is configured ([#4346](https://github.com/microsoft/AzureTRE/pull/4346))
 
 BUG FIXES:
+* Fix upgrade when porter install has failed ([#4338](https://github.com/microsoft/AzureTRE/pull/4338))
+
+
 
 COMPONENTS:
 

airlock_processor/_version.py

@@ -1 +1 @@
-__version__ = "0.8.2"
+__version__ = "0.8.3"

resource_processor/_version.py

@@ -1 +1 @@
-__version__ = "0.11.1"
+__version__ = "0.12.1"

resource_processor/resources/commands.py → resource_processor/helpers/commands.py

@@ -4,14 +4,13 @@
 import logging
 from urllib.parse import urlparse
 
-from resources.helpers import get_installation_id
 from shared.logging import logger, shell_output_logger
 
 
 def azure_login_command(config):
     set_cloud_command = f"az cloud set --name {config['azure_environment']} >/dev/null "
 
-    if config["vmss_msi_id"]:
+    if config.get("vmss_msi_id"):
         # Use the Managed Identity when in VMSS context
         login_command = f"az login --identity -u {config['vmss_msi_id']} >/dev/null "
 
@@ -23,7 +22,7 @@ def azure_login_command(config):
 
 
 def apply_porter_credentials_sets_command(config):
-    if config["vmss_msi_id"]:
+    if config.get("vmss_msi_id"):
         # Use the Managed Identity when in VMSS context
         porter_credential_sets = "porter credentials apply vmss_porter/arm_auth_local_debugging.json >/dev/null 2>&1 && porter credentials apply vmss_porter/aad_auth.json >/dev/null 2>&1"
 
@@ -80,25 +79,31 @@ async def build_porter_command(config, msg_body, custom_action=False):
                     val_base64_bytes = base64.b64encode(val_bytes)
                     parameter_value = val_base64_bytes.decode("ascii")
 
-                porter_parameters = porter_parameters + f" --param {parameter_name}=\"{parameter_value}\""
+                porter_parameters += f" --param {parameter_name}=\"{parameter_value}\""
 
-    installation_id = get_installation_id(msg_body)
+    installation_id = msg_body['id']
 
     command_line = [f"porter"
                     # If a custom action (i.e. not install, uninstall, upgrade) we need to use 'invoke'
-                    f"{' invoke --action' if custom_action else ''}"
-                    f" {msg_body['action']} \"{installation_id}\""
-                    f" --reference {config['registry_server']}/{msg_body['name']}:v{msg_body['version']}"
-                    f" {porter_parameters} --force"
-                    f" --credential-set arm_auth"
-                    f" --credential-set aad_auth"
+                    f"{' invoke --action' if custom_action else ''} "
+                    f"{msg_body['action']} \"{installation_id}\" "
+                    f"--reference {config['registry_server']}/{msg_body['name']}:v{msg_body['version']}"
+                    f"{porter_parameters} "
+                    f"--force "
+                    f"--credential-set arm_auth "
+                    f"--credential-set aad_auth "
                     ]
 
+    if msg_body['action'] == 'upgrade':
+        command_line[0] = command_line[0] + "--force-upgrade "
+
+    command_line[0] = command_line[0].strip()
+
     return command_line
 
 
 async def build_porter_command_for_outputs(msg_body):
-    installation_id = get_installation_id(msg_body)
+    installation_id = msg_body['id']
     command_line = [f"porter installations output list --installation {installation_id} --output json"]
     return command_line
 

resource_processor/resources/statuses.py → resource_processor/helpers/statuses.py

@@ -1,5 +1,5 @@
 from collections import defaultdict
-from resources import strings
+from helpers import strings
 
 
 # Specify pass and fail status strings so we can return the right statuses to the api depending on the action type (with a default of custom action)

resource_processor/tests_rp/test_commands.py

@@ -0,0 +1,94 @@
+import json
+import pytest
+from unittest.mock import patch, AsyncMock
+from helpers.commands import azure_login_command, apply_porter_credentials_sets_command, azure_acr_login_command, build_porter_command, build_porter_command_for_outputs, get_porter_parameter_keys
+
+
+@pytest.fixture
+def mock_get_porter_parameter_keys():
+    with patch("helpers.commands.get_porter_parameter_keys", new_callable=AsyncMock) as mock:
+        yield mock
+
+
+@pytest.mark.parametrize("config, expected_command", [
+    ({"azure_environment": "AzureCloud", "vmss_msi_id": "msi_id"}, "az cloud set --name AzureCloud >/dev/null  && az login --identity -u msi_id >/dev/null "),
+    ({"azure_environment": "AzureCloud", "arm_client_id": "client_id", "arm_client_secret": "client_secret", "arm_tenant_id": "tenant_id"}, "az cloud set --name AzureCloud >/dev/null  && az login --service-principal --username client_id --password client_secret --tenant tenant_id >/dev/null")
+])
+def test_azure_login_command(config, expected_command):
+    """Test azure_login_command function."""
+    assert azure_login_command(config) == expected_command
+
+
+@pytest.mark.parametrize("config, expected_command", [
+    ({"vmss_msi_id": "msi_id"}, "porter credentials apply vmss_porter/arm_auth_local_debugging.json >/dev/null 2>&1 && porter credentials apply vmss_porter/aad_auth.json >/dev/null 2>&1"),
+    ({}, "porter credentials apply vmss_porter/arm_auth_local_debugging.json >/dev/null 2>&1 && porter credentials apply vmss_porter/aad_auth_local_debugging.json >/dev/null 2>&1")
+])
+def test_apply_porter_credentials_sets_command(config, expected_command):
+    """Test apply_porter_credentials_sets_command function."""
+    assert apply_porter_credentials_sets_command(config) == expected_command
+
+
+@pytest.mark.parametrize("config, expected_command", [
+    ({"registry_server": "myregistry.azurecr.io"}, "az acr login --name myregistry >/dev/null ")
+])
+def test_azure_acr_login_command(config, expected_command):
+    """Test azure_acr_login_command function."""
+    assert azure_acr_login_command(config) == expected_command
+
+
+@pytest.mark.asyncio
+async def test_build_porter_command(mock_get_porter_parameter_keys):
+    """Test build_porter_command function."""
+    config = {"registry_server": "myregistry.azurecr.io"}
+    msg_body = {"id": "guid", "action": "install", "name": "mybundle", "version": "1.0.0", "parameters": {"param1": "value1"}}
+    mock_get_porter_parameter_keys.return_value = ["param1"]
+
+    expected_command = [
+        "porter install \"guid\" --reference myregistry.azurecr.io/mybundle:v1.0.0 --param param1=\"value1\" --force --credential-set arm_auth --credential-set aad_auth"
+    ]
+
+    command = await build_porter_command(config, msg_body)
+    assert command == expected_command
+
+
+@pytest.mark.asyncio
+async def test_build_porter_command_for_upgrade(mock_get_porter_parameter_keys):
+    """Test build_porter_command function for upgrade action."""
+    config = {"registry_server": "myregistry.azurecr.io"}
+    msg_body = {"id": "guid", "action": "upgrade", "name": "mybundle", "version": "1.0.0", "parameters": {"param1": "value1"}}
+    mock_get_porter_parameter_keys.return_value = ["param1"]
+
+    expected_command = [
+        "porter upgrade \"guid\" --reference myregistry.azurecr.io/mybundle:v1.0.0 --param param1=\"value1\" --force --credential-set arm_auth --credential-set aad_auth --force-upgrade"
+    ]
+
+    command = await build_porter_command(config, msg_body)
+    assert command == expected_command
+
+
+@pytest.mark.asyncio
+async def test_build_porter_command_for_outputs():
+    """Test build_porter_command_for_outputs function."""
+    msg_body = {"id": "guid", "action": "install", "name": "mybundle", "version": "1.0.0"}
+    expected_command = ["porter installations output list --installation guid --output json"]
+
+    command = await build_porter_command_for_outputs(msg_body)
+    assert command == expected_command
+
+
+@pytest.mark.asyncio
+@patch("helpers.commands.azure_login_command", return_value="az login command")
+@patch("helpers.commands.azure_acr_login_command", return_value="az acr login command")
+@patch("asyncio.create_subprocess_shell")
+async def test_get_porter_parameter_keys(mock_create_subprocess_shell, mock_azure_acr_login_command, mock_azure_login_command):
+    """Test get_porter_parameter_keys function."""
+    config = {"registry_server": "myregistry.azurecr.io", "porter_env": {}}
+    msg_body = {"name": "mybundle", "version": "1.0.0"}
+    mock_proc = AsyncMock()
+    mock_proc.communicate.return_value = (json.dumps({"parameters": [{"name": "param1"}]}).encode(), b"")
+    mock_create_subprocess_shell.return_value = mock_proc
+
+    expected_keys = ["param1"]
+
+    keys = await get_porter_parameter_keys(config, msg_body)
+    assert keys == expected_keys