microsoft/AzureTRE v0.9.0

0.9.0

on GitHub

BREAKING CHANGES & MIGRATIONS:

• Move to Azure Firewall Policy #3107. This is a major version for the firewall shared service and will fail to automatically upgrade. You should follow these steps to complete it:

  1. Let the system try to do the upgrade (via CI or make all). It will fail but it's fine since now we have the new version published and registered.

  2. Make a temporary network change with either of the following options:

     • Azure Portal: find your TRE resource group and select the route table resource (named rt-YOUR_TRE_ID).
       In the overview screen, find the ResourceProcessorSubnet (should be last in the subnet list), click on the ... and select Dissociate.
     • Azure CLI:

       az network vnet subnet update --resource-group rg-YOUR_TRE_ID --vnet-name vnet-YOUR_TRE_ID --name ResourceProcessorSubnet --remove routeTable

  3. Issue a patch API request to force-update the firewall to its new version.

     One way to accomplish this is with the Swagger endpoint (/api/docs).
     

     If this endpoint is not working in your deployment - include enable_swagger in your config.yaml (see the sample file), or temporarly activate it via the API resource on azure (named api-YOUR_TRE-ID) -> Configuration -> ENABLE_SWAGGER item.
     

  ⚠️ Any custom rules you have added manually will be lost and you'll need to add them back after the upgrade has been completed.

FEATURES:

• Add Azure Databricks as workspace service #1857
• (UI) Added the option to upload/download files to airlock requests via Azure CLI (#3196)

ENHANCEMENTS:

• Add support for referencing IP Groups from the Core Resource Group in firewall rules created via the pipeline #3089
• Support for Azure Firewall Basic SKU #3107. This SKU doesn't support deallocation and for most non 24/7 scenarios will be more expensive than the Standard SKU.
• Update Azure Machine Learning Workspace Service to support "no public IP" compute. This is a full rework so upgrades of existing Azure ML Workspace Service deployments are not supported. Requires v0.8.0 or later of the TRE project. #3052
• Move non-core DNS zones out of the network module to reduce dependencies #3119
• Review VMs are being cleaned up when an Airlock request is canceled (#3130)
• Sample queries to investigate logs of the core TRE applications (#3151)
• Remove support of docker-in-docker for templates/bundles (#3180)
• API runs with gunicorn and uvicorn workers (as recommended) #3178
• Upgrade core components and key templates to Terraform AzurmRM #3185

BUG FIXES:

• Reauth CLI if TRE endpoint has changed #3137
• Added Migration for Airlock requests that were created prior to version 0.5.0 (#3152)
• Temporarily use the remote bundle for check-params target #3149
• Workspace module dependency to resolve AnotherOperationInProgress errors #3194
• Skip Certs shared service E2E on Friday & Saturday due to LetsEncrypt limits #3203
• Create Workspace AppInsights via AzAPI provider due to an issue with AzureRM #3207
• 'Workspace Owner' is now able to access Airlock request's SAS URL even if the request is not in review #3208
• Ignore changes in log_analytics_destination_type to prevent redundant updates #3217
• Fix DNS conflict in airlock-review workspace that could make the entire airlock module inoperable #3215

COMPONENTS:

Full Changelog: v0.8.0...v0.9.0