Update unrestricted workspace to align with base - missing log_analytics_workspace_name output

CHANGELOG.md

@@ -11,6 +11,7 @@ BUG FIXES:
 * Fix circular dependancy in base workspace. ([#4756](https://github.com/microsoft/AzureTRE/pull/4756))
 * Replaced deprecated `datetime.utcnow()` with `datetime.now(datetime.UTC)` in the API and airlock processor. ([#4743](https://github.com/microsoft/AzureTRE/issues/4743))
 * Mark `auth_client_secret` variable as sensitive in terraform templates ([#4736](https://github.com/microsoft/AzureTRE/pull/4736))
+* Fix Azure Machine Learning workspace deployment failure in unrestricted workspace by aligning missing parameters and outputs with base workspace ([#4768](https://github.com/microsoft/AzureTRE/issues/4768))
 
 COMPONENTS:
 

templates/workspaces/unrestricted/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-workspace-unrestricted
-version: 0.13.5
+version: 0.13.6
 description: "A base Azure TRE workspace"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -38,6 +38,10 @@ parameters:
   - name: azure_location
     type: string
     description: "Azure location (region) to deploy to"
+  - name: workspace_subscription_id
+    type: string
+    description: "Azure subscription ID for the workspace resources"
+    default: ""
   - name: address_spaces
     type: string
     description: "VNet address spaces"
@@ -61,6 +65,10 @@ parameters:
   - name: shared_storage_quota
     type: integer
     default: 50
+  - name: storage_account_redundancy
+    type: string
+    default: "GRS"
+    description: "The redundancy option for the storage account in the workspace: GRS (Geo-Redundant Storage) or ZRS (Zone-Redundant Storage)."
   - name: enable_local_debugging
     type: boolean
     default: false
@@ -117,14 +125,22 @@ parameters:
   - name: aad_redirect_uris
     type: string
     description: "List of redirect URIs in {name:value} format"
-    default: "W10=" # b64 for []
+    default: "W10="  # b64 for []
   - name: app_service_plan_sku
     type: string
     description: "The SKU used when deploying an Azure App Service Plan"
     default: "P1v3"
   - name: enable_airlock
     type: boolean
     default: false
+  - name: enable_backup
+    type: boolean
+    default: true
+    description: "Enable backups for the workspace, including the vm's & shared storage."
+  - name: enable_dns_policy
+    type: boolean
+    default: false
+    description: "Whether to enable DNS security policy for the workspace."
   - name: enable_cmk_encryption
     type: boolean
     default: false
@@ -167,6 +183,26 @@ outputs:
     applyTo:
       - install
       - upgrade
+  - name: backup_vault_name
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: vm_backup_policy_id
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: fileshare_backup_policy_id
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: log_analytics_workspace_name
+    type: string
+    applyTo:
+      - install
+      - upgrade
   - name: workspace_owners_group_id
     type: string
     applyTo:
@@ -197,6 +233,7 @@ install:
         tre_id: ${ bundle.parameters.tre_id }
         tre_resource_id: ${ bundle.parameters.id }
         location: ${ bundle.parameters.azure_location }
+        workspace_subscription_id: ${ bundle.parameters.workspace_subscription_id }
         address_spaces: ${ bundle.parameters.address_spaces }
         shared_storage_quota: ${ bundle.parameters.shared_storage_quota }
         enable_local_debugging: ${ bundle.parameters.enable_local_debugging }
@@ -221,6 +258,9 @@ install:
         arm_environment: ${ bundle.parameters.arm_environment }
         enable_cmk_encryption: ${ bundle.parameters.enable_cmk_encryption }
         key_store_id: ${ bundle.parameters.key_store_id }
+        storage_account_redundancy: ${ bundle.parameters.storage_account_redundancy }
+        enable_backup: ${ bundle.parameters.enable_backup }
+        enable_dns_policy: ${ bundle.parameters.enable_dns_policy }
         auto_grant_workspace_consent: ${ bundle.parameters.auto_grant_workspace_consent }
       backendConfig:
         use_azuread_auth: "true"
@@ -236,6 +276,10 @@ install:
         - name: client_id
         - name: scope_id
         - name: sp_id
+        - name: backup_vault_name
+        - name: vm_backup_policy_id
+        - name: fileshare_backup_policy_id
+        - name: log_analytics_workspace_name
         - name: workspace_owners_group_id
         - name: workspace_researchers_group_id
         - name: workspace_airlock_managers_group_id
@@ -247,6 +291,7 @@ upgrade:
         tre_id: ${ bundle.parameters.tre_id }
         tre_resource_id: ${ bundle.parameters.id }
         location: ${ bundle.parameters.azure_location }
+        workspace_subscription_id: ${ bundle.parameters.workspace_subscription_id }
         address_spaces: ${ bundle.parameters.address_spaces }
         shared_storage_quota: ${ bundle.parameters.shared_storage_quota }
         enable_local_debugging: ${ bundle.parameters.enable_local_debugging }
@@ -271,6 +316,9 @@ upgrade:
         arm_environment: ${ bundle.parameters.arm_environment }
         enable_cmk_encryption: ${ bundle.parameters.enable_cmk_encryption }
         key_store_id: ${ bundle.parameters.key_store_id }
+        storage_account_redundancy: ${ bundle.parameters.storage_account_redundancy }
+        enable_backup: ${ bundle.parameters.enable_backup }
+        enable_dns_policy: ${ bundle.parameters.enable_dns_policy }
         auto_grant_workspace_consent: ${ bundle.parameters.auto_grant_workspace_consent }
       backendConfig:
         use_azuread_auth: "true"
@@ -286,6 +334,10 @@ upgrade:
         - name: client_id
         - name: scope_id
         - name: sp_id
+        - name: backup_vault_name
+        - name: vm_backup_policy_id
+        - name: fileshare_backup_policy_id
+        - name: log_analytics_workspace_name
         - name: workspace_owners_group_id
         - name: workspace_researchers_group_id
         - name: workspace_airlock_managers_group_id
@@ -321,6 +373,7 @@ uninstall:
         tre_id: ${ bundle.parameters.tre_id }
         tre_resource_id: ${ bundle.parameters.id }
         location: ${ bundle.parameters.azure_location }
+        workspace_subscription_id: ${ bundle.parameters.workspace_subscription_id }
         address_spaces: ${ bundle.parameters.address_spaces }
         shared_storage_quota: ${ bundle.parameters.shared_storage_quota }
         enable_local_debugging: ${ bundle.parameters.enable_local_debugging }
@@ -344,6 +397,9 @@ uninstall:
         arm_environment: ${ bundle.parameters.arm_environment }
         enable_cmk_encryption: ${ bundle.parameters.enable_cmk_encryption }
         key_store_id: ${ bundle.parameters.key_store_id }
+        storage_account_redundancy: ${ bundle.parameters.storage_account_redundancy }
+        enable_backup: ${ bundle.parameters.enable_backup }
+        enable_dns_policy: ${ bundle.parameters.enable_dns_policy }
         auto_grant_workspace_consent: ${ bundle.parameters.auto_grant_workspace_consent }
       backendConfig:
         use_azuread_auth: "true"

templates/workspaces/unrestricted/template_schema.json

@@ -15,13 +15,6 @@
       "title": "Shared Storage Quota",
       "description": "Quota (in GB) to set for the VM Shared Storage."
     },
-    "enable_airlock": {
-      "type": "boolean",
-      "title": "Enable Airlock",
-      "description": "Allow safe import and export to the workspace",
-      "default": true,
-      "updateable": true
-    },
     "app_service_plan_sku": {
       "type": "string",
       "title": "App Service Plan SKU",
@@ -35,6 +28,16 @@
         "S1"
       ]
     },
+    "storage_account_redundancy": {
+      "type": "string",
+      "title": "Storage Account Redundancy",
+      "description": "The redundancy option for the storage account in the workspace: GRS (Geo-Redundant Storage) or ZRS (Zone-Redundant Storage).",
+      "default": "GRS",
+      "enum": [
+        "GRS",
+        "ZRS"
+      ]
+    },
     "address_space_size": {
       "type": "string",
       "title": "Address space size",
@@ -63,109 +66,23 @@
         "Manual"
       ],
       "updateable": true
+    },
+    "enable_backup": {
+      "type": "boolean",
+      "title": "Enable Backup",
+      "description": "Enable backups for the workspace. Workspace services must support this feature.",
+      "default": true,
+      "updateable": true
+    },
+    "deploy_to_another_subscription": {
+      "type": "boolean",
+      "title": "Deploy workspace to another subscription",
+      "description": "Check this box if you want to deploy the workspace to another subscription.",
+      "default": false,
+      "updateable": false
     }
   },
   "allOf": [
-    {
-      "if": {
-        "properties": {
-          "enable_airlock": {
-            "const": true
-          }
-        },
-        "required": [
-          "enable_airlock"
-        ]
-      },
-      "then": {
-        "properties": {
-          "configure_review_vms": {
-            "type": "boolean",
-            "title": "Configure Review VMs",
-            "description": "Allow TRE to automatically create and delete review VMs for airlock approvals",
-            "default": false
-          }
-        }
-      }
-    },
-    {
-      "if": {
-        "properties": {
-          "enable_airlock": {
-            "const": true
-          },
-          "configure_review_vms": {
-            "const": true
-          }
-        },
-        "required": [
-          "enable_airlock",
-          "configure_review_vms"
-        ]
-      },
-      "then": {
-        "properties": {
-          "airlock_review_config": {
-            "type": "object",
-            "title": "Airlock Review Config",
-            "default": null,
-            "description": "Configuration for Airlock Review feature. Needs to be set up after workspace creation",
-            "properties": {
-              "import": {
-                "title": "Import VM Settings",
-                "required": [
-                  "import_vm_workspace_id",
-                  "import_vm_workspace_service_id",
-                  "import_vm_user_resource_template_name"
-                ],
-                "properties": {
-                  "import_vm_workspace_id": {
-                    "title": "Import Workspace ID",
-                    "type": "string",
-                    "description": "ID for Import Review workspace"
-                  },
-                  "import_vm_workspace_service_id": {
-                    "title": "Import Workspace Service ID",
-                    "type": "string",
-                    "description": "ID for Workspace Service ID where to deploy Review user resources"
-                  },
-                  "import_vm_user_resource_template_name": {
-                    "title": "Import VM User Resource Template Name",
-                    "type": "string",
-                    "description": "Template Name for User Resource for reviewing Import Requests",
-                    "examples": [
-                      "tre-service-guacamole-import-reviewvm"
-                    ]
-                  }
-                }
-              },
-              "export": {
-                "title": "Export VM Settings",
-                "required": [
-                  "export_vm_workspace_service_id",
-                  "export_vm_user_resource_template_name"
-                ],
-                "properties": {
-                  "export_vm_workspace_service_id": {
-                    "title": "Export Workspace Service ID",
-                    "type": "string",
-                    "description": "ID for Workspace Service ID where to deploy Review user resources"
-                  },
-                  "export_vm_user_resource_template_name": {
-                    "title": "Export VM User Resource Template Name",
-                    "type": "string",
-                    "description": "Template Name for User Resource for reviewing Export Requests",
-                    "examples": [
-                      "tre-service-guacamole-export-reviewvm"
-                    ]
-                  }
-                }
-              }
-            }
-          }
-        }
-      }
-    },
     {
       "if": {
         "properties": {
@@ -267,6 +184,30 @@
           }
         }
       }
+    },
+    {
+      "if": {
+        "properties": {
+          "deploy_to_another_subscription": {
+            "const": true
+          }
+        },
+        "required": [
+          "deploy_to_another_subscription"
+        ]
+      },
+      "then": {
+        "properties": {
+          "workspace_subscription_id": {
+            "type": "string",
+            "title": "Workspace Subscription ID",
+            "description": "The subscription ID where the workspace will be deployed."
+          }
+        },
+        "required": [
+          "workspace_subscription_id"
+        ]
+      }
     }
   ],
   "actions": [],
@@ -283,16 +224,15 @@
       "description",
       "overview",
       "shared_storage_quota",
+      "storage_account_redundancy",
       "app_service_plan_sku",
       "address_space_size",
-      "address_spaces",
+      "address_space",
       "auth_type",
       "create_aad_groups",
       "client_id",
       "client_secret",
-      "enable_airlock",
-      "configure_review_vms",
-      "airlock_review_config",
+      "enable_backup",
       "*"
     ]
   },