Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Researcher needs to access UI from inside the workspace #2402

Open
3 tasks
marrobi opened this issue Aug 3, 2022 · 8 comments
Open
3 tasks

Researcher needs to access UI from inside the workspace #2402

marrobi opened this issue Aug 3, 2022 · 8 comments
Labels
feature ui TRE UI

Comments

@marrobi
Copy link
Member

marrobi commented Aug 3, 2022

As a Researcher I need to be able to access the UI for my current workspace from a VM inside the workspace. This is needed so that I can retrieve connection URIs to services such as AML, and read/copy/paste instructions on how to use workspace services while inside the workspace.

Acceptance Criteria

  • Should only be able to access the current workspace
  • Risk of data exfiltration should be low.
  • Access should be via a trusted SSL certificate

@damoodamoo welcome your thoughts
@marrobi marrobi added the story Stories are the smallest unit of work to be done for a project. label Aug 3, 2022
@marrobi marrobi added this to the Release 0.5 milestone Aug 3, 2022
@damoodamoo damoodamoo added the ui TRE UI label Aug 15, 2022
@damoodamoo
Copy link
Member

damoodamoo commented Aug 15, 2022
edited
Loading

Could we use app gateway routes to dynamically rewrite a route per workspace? so a call from Workspace A to the UI would get routed straight to /workspace/workspace-a ?

As we've also discussed, would we want to treat in-workspace access to the UI as readonly, possibly by blocking POST / PATCH requests?

@marrobi
Copy link
Member Author

marrobi commented Aug 15, 2022

Yes, my first route forward would be to have a basic app gw per workspace, and do a path route. DNS and SSL will need configuring. The app gw could also be used with customer who do not want to expose Azure Websites URIs from the workspace.

@damoodamoo damoodamoo moved this to Backlog in AzureTRE - Crew Rock Aug 17, 2022
@marrobi
Copy link
Member Author

marrobi commented Aug 17, 2022

The inside view of the UI might need to provide access to secrets too, in line with #2401

@marrobi
Copy link
Member Author

marrobi commented Oct 12, 2022

Application gateway now support private endpoints, so can add a private endpoint to a workspace. This doesn't limit access to a single workspace though, although could add a rule to limit inbound from that network to certain API paths.

@marrobi marrobi added feature and removed story Stories are the smallest unit of work to be done for a project. labels Oct 31, 2022
@marrobi marrobi removed this from the Release 0.5 milestone Jun 27, 2023
@david-salac
Copy link

Hello, has there been any progress with this? Is there a plan to include it in any release soon?
Cheers.

@jonnyry jonnyry mentioned this issue Dec 21, 2023
Closed
@marrobi
Copy link
Member Author

marrobi commented Dec 21, 2023

@david-salac no, no immediate plans. What's the use case?

It's not straightforward as need to ensure cant access another workspace/UI should only be scoped to the current workspace.

@david-salac
Copy link

We need to disable clipboard paste and keep airlock (and DS provisioning) working; this is one of the ways (if not the only one) to achieve that.

@marrobi
Copy link
Member Author

marrobi commented Dec 21, 2023

Understood, most customers allow paste in given the limited capacity of the Guacamole clipboard and impact on researcher productivity of blocking it completely. It might sound like a good idea initially but researchers soon become hamstrung.

@marrobi marrobi mentioned this issue Feb 4, 2025
Closed
@TonyWildish-BH TonyWildish-BH mentioned this issue Feb 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature ui TRE UI
Projects
AzureTRE Feature Roadmap
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marrobi @damoodamoo @david-salac