Update porter in RP and remove support for v0 (#4228)

* update porter in rp and remove support for v0 * update core version --------- Co-authored-by: Tamir Kamara <takamara@microsoft.com>
2024-12-31 12:28:35 +02:00 · 2024-12-31 12:28:35 +02:00 · f26ab35bba
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -52,6 +52,7 @@ RUN if [ "${INTERACTIVE}" = "true" ]; then \
    && /opt/certbot/bin/pip install --no-cache-dir certbot \
    && apt-get clean -y && rm -rf /var/lib/apt/lists/* ; fi

+# Install Porter, updates should be propagated to the RP.
 ARG PORTER_HOME_V1=/home/$USERNAME/.porter/
 ARG PORTER_VERSION=v1.2.1
 ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.5
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,7 +3,7 @@

 **BREAKING CHANGES & MIGRATIONS**:
 * InnerEye and MLFlow bundles depreciated and removed from main. If you wish to update and deploy these worksapce services they can be retrieved from release 0.19.1. ([#4127](https://github.com/microsoft/AzureTRE/issues/4127))
-* Upgrade Python version from 3.8 to 3.12 ([#3949](https://github.com/microsoft/AzureTRE/issues/3949))
+* This released removed support for Porter v0.*. If you're upgrading from a much earlier verion you can't go directly to this one. ([#4228](https://github.com/microsoft/AzureTRE/issues/4228))

 FEATURES:
 * Add support for customer-managed keys encryption. Core support ([#4141](https://github.com/microsoft/AzureTRE/issues/4142), [#4144](https://github.com/microsoft/AzureTRE/issues/4144)), Base workspace ([#4161](https://github.com/microsoft/AzureTRE/pull/4161)), other templates ([#4145](https://github.com/microsoft/AzureTRE/issues/4145))
@ -27,6 +27,7 @@ ENHANCEMENTS:
 * Enhance DPI of Linux display ([[#4200](https://github.com/microsoft/AzureTRE/issues/4200)])
 * Update Admin VM versions ([[#4217](https://github.com/microsoft/AzureTRE/issues/4217)])
 * Update devcontainer/RP/API package versions: base image, docker, az cli, YQ ([#4225](https://github.com/microsoft/AzureTRE/pull/4225))
+* Upgrade Python version from 3.8 to 3.12 ([#3949](https://github.com/microsoft/AzureTRE/issues/3949))Upgrade Python version from 3.8 to 3.12 (#3949)
 * Disable storage account key usage ([[#4227](https://github.com/microsoft/AzureTRE/issues/4227)])
 * Update Guacamole dependencies ([[#4232](https://github.com/microsoft/AzureTRE/issues/4232)])

--- a/core/terraform/appgateway/staticweb.tf
+++ b/core/terraform/appgateway/staticweb.tf
@ -8,7 +8,7 @@ resource "azurerm_storage_account" "staticweb" {
  account_replication_type         = "LRS"
  table_encryption_key_type        = var.enable_cmk_encryption ? "Account" : "Service"
  queue_encryption_key_type        = var.enable_cmk_encryption ? "Account" : "Service"
-  enable_https_traffic_only        = true
+  https_traffic_only_enabled       = true
  allow_nested_items_to_be_public  = false
  cross_tenant_replication_enabled = false
  shared_access_key_enabled        = false
--- a/core/terraform/resource_processor/vmss_porter/cloud-config.yaml
+++ b/core/terraform/resource_processor/vmss_porter/cloud-config.yaml
@ -83,11 +83,8 @@ runcmd:
  # (https://microsoft.github.io/AzureTRE/troubleshooting-faq/troubleshooting-rp/#Logs)
  - printf '\nalias dlf="docker logs --since 1m --follow"' >> /etc/bash.bashrc
  - printf '\nalias dlf1='\''dlf $(docker ps -q | head -n 1)'\''' >> /etc/bash.bashrc
-  - >
-    printf '\nalias rpstatus='\''tmux new-session -d "watch docker ps"; \
-    tmux split-window -p 100 -v "docker logs --since 1m --follow resource_processor1"; \
-    tmux split-window -v -p 90; \
-    tmux -2 attach-session -d'\''\n' >> /etc/bash.bashrc
+  # the following line can't be split
+  - printf '\nalias rpstatus='\''tmux new-session -d "watch docker ps"; tmux split-window -p 100 -v "docker logs --since 1m --follow resource_processor1"; tmux split-window -v -p 90; tmux -2 attach-session -d'\''\n' >> /etc/bash.bashrc
  - export DEBIAN_FRONTEND=noninteractive
  - az cloud set --name ${azure_environment}
  - az login --identity -u ${vmss_msi_id}
--- a/core/version.txt
+++ b/core/version.txt
@ -1 +1 @@
-__version__ = "0.11.13"
+__version__ = "0.11.14"
--- a/resource_processor/_version.py
+++ b/resource_processor/_version.py
@ -1 +1 @@
-__version__ = "0.10.3"
+__version__ = "0.11.0"
--- a/resource_processor/run.sh
+++ b/resource_processor/run.sh
@ -6,55 +6,6 @@ set -o nounset
 # Uncomment this line to see each command for debugging (careful: this will show secrets!)
 # set -o xtrace

-# Generate required configuration for Porter Azure plugin
-
-# TODO: Remove porter v0 https://github.com/microsoft/AzureTRE/issues/2990
-# Documentation here: - https://github.com/vdice/porter-bundles/tree/master/azure-keyvault
-cat > /"${PORTER_HOME_V0}"/config.toml << EOF
-default-storage = "azurestorage"
-default-secrets = "aad_auth"
-no-logs = true
-
-[[storage]]
-name = "azurestorage"
-plugin = "azure.table"
-
-[storage.config]
-account="${MGMT_STORAGE_ACCOUNT_NAME}"
-resource-group="${MGMT_RESOURCE_GROUP_NAME}"
-
-[[secrets]]
-name = "aad_auth"
-plugin = "azure.keyvault"
-
-[secrets.config]
-vault = "${KEY_VAULT_NAME}"
-EOF
-
-# TODO: Remove porter v0 https://github.com/microsoft/AzureTRE/issues/2990
-echo "Azure cli login..."
-az cloud set --name "${AZURE_ENVIRONMENT}"
-az login --identity -u "${VMSS_MSI_ID}"
-
-echo "Checking if porter v0 state exists..."
-exists=$(az storage table exists --account-name "${MGMT_STORAGE_ACCOUNT_NAME}" --name "porter" --auth-mode "login" --output tsv)
-if [ "${exists}" = "True" ]; then
-  echo "v0 state exists. Checking if migration was completed once before..."
-  migration_complete_container_name="porter-migration-completed"
-  exists=$(az storage container exists --account-name "${MGMT_STORAGE_ACCOUNT_NAME}" --name "${migration_complete_container_name}" --auth-mode "login" --output tsv)
-  if [ "${exists}" = "False" ]; then
-      echo "${migration_complete_container_name} container doesn't exist. Running porter migration..."
-      porter storage migrate --old-home "${PORTER_HOME_V0}" --old-account "azurestorage"
-      echo "Porter migration complete. Creating ${migration_complete_container_name} container to prevent migrating again in the future..."
-      az storage container create --account-name "${MGMT_STORAGE_ACCOUNT_NAME}" --name "${migration_complete_container_name}" --auth-mode "login" --fail-on-exist
-      echo "Migration is done."
-  else
-      echo "${migration_complete_container_name} container is present. Skipping porter migration."
-  fi
-else
-  echo "Porter v0 state doesn't exist."
-fi
-
 # Launch the runner
 echo "Starting resource processor..."
 python -u vmss_porter/runner.py
--- a/resource_processor/vmss_porter/Dockerfile
+++ b/resource_processor/vmss_porter/Dockerfile
@ -12,31 +12,10 @@ RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/
    export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \
    && /tmp/azure-cli.sh

-# TODO: Remove porter v0 https://github.com/microsoft/AzureTRE/issues/2990
-# Install Porter
-ARG PORTER_MIRROR=https://cdn.porter.sh
-ARG PORTER_VERSION=v0.38.13
-ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0-rc.1
-ARG PORTER_AZ_MIXIN_VERSION=v0.7.3
-ARG PORTER_AZURE_PLUGIN_VERSION=v0.11.2
-ARG PORTER_HOME=/root/.porter-v0/
-COPY scripts/porter.sh /tmp/
-RUN export PORTER_MIRROR=${PORTER_MIRROR} \
-    PORTER_VERSION=${PORTER_VERSION} \
-    PORTER_TERRAFORM_MIXIN_VERSION=${PORTER_TERRAFORM_MIXIN_VERSION} \
-    PORTER_AZ_MIXIN_VERSION=${PORTER_AZ_MIXIN_VERSION} \
-    PORTER_AZURE_PLUGIN_VERSION=${PORTER_AZURE_PLUGIN_VERSION} \
-    PORTER_HOME=${PORTER_HOME} \
-    && /tmp/porter.sh
-
-ENV PORTER_HOME_V0 ${PORTER_HOME}
-
-# can't be in a non default path
-# ARG PORTER_HOME_V1=/home/$USERNAME/.porter-v1/
 ARG PORTER_HOME_V1=/root/.porter/
-ARG PORTER_VERSION=v1.1.1
-ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.3
-ARG PORTER_AZ_MIXIN_VERSION=v1.0.2
+ARG PORTER_VERSION=v1.2.1
+ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.5
+ARG PORTER_AZ_MIXIN_VERSION=v1.0.4
 ARG PORTER_AZURE_PLUGIN_VERSION=v1.2.3
 COPY scripts/porter-v1.sh /tmp/
 RUN export PORTER_VERSION=${PORTER_VERSION} \
@ -46,7 +25,7 @@ RUN export PORTER_VERSION=${PORTER_VERSION} \
    PORTER_HOME=${PORTER_HOME_V1} \
    && /tmp/porter-v1.sh

-ENV PATH ${PORTER_HOME_V1}:$PATH
+ENV PATH=${PORTER_HOME_V1}:$PATH

 # Install Docker
 ARG DOCKER_CE_VERSION="5:27.4.1-1~debian.12~bookworm"
@ -61,7 +40,7 @@ RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/

 COPY ./vmss_porter/config.yaml ${PORTER_HOME_V1}/

-ENV PYTHONPATH .
+ENV PYTHONPATH=.

 COPY ./vmss_porter/requirements.txt /tmp/
 RUN pip3 --no-cache-dir install -r /tmp/requirements.txt
--- a/templates/shared_services/certs/terraform/staticweb.tf
+++ b/templates/shared_services/certs/terraform/staticweb.tf
@ -8,7 +8,7 @@ resource "azurerm_storage_account" "staticweb" {
  account_replication_type         = "LRS"
  table_encryption_key_type        = var.enable_cmk_encryption ? "Account" : "Service"
  queue_encryption_key_type        = var.enable_cmk_encryption ? "Account" : "Service"
-  enable_https_traffic_only        = true
+  https_traffic_only_enabled       = true
  allow_nested_items_to_be_public  = false
  cross_tenant_replication_enabled = false
  tags                             = local.tre_shared_service_tags