Add Backups to Workspaces#4555
Merged
Merged
Conversation
Adding Backup vault to the base workspace. Allows enableing or disableing of the vault. Also added a step to purge the vault as apart of the clean up and removal.
removed the depends on to the airlock as that maynot be enabled.
removed the random new line that was added
removed the random new line that was added
Fix UI build path (microsoft#4375)
…w purging of backup items. Testing ingoing.
Co-authored-by: Marcus Robinson <marrobi@microsoft.com>
…rkspaces. may need to look at the script approch again.
…n-trust-tre/azuretre into pr/james-annages/4374
Marrobi/pr/james annages/4374
Unit Test Results0 tests 0 ✅ 0s ⏱️ Results for commit 7028b6b. ♻️ This comment has been updated with latest results. |
Collaborator
|
All looks like its there for me? |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds backup capabilities to workspaces by introducing new Terraform resources, updating configuration files, and parameterizing backup settings.
- Added a new Terraform module for backup management including recovery vaults and backup policies.
- Updated shared storage configuration, parameters, outputs, and the deployment pipeline (porter.yaml) to support backup resource creation.
- Enhanced workspace cleanup scripts and documentation to integrate backup functionality.
Reviewed Changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| templates/workspaces/base/terraform/workspace.tf | Added backup module configuration and dependencies |
| templates/workspaces/base/terraform/variables.tf | Introduced the enable_backup variable |
| templates/workspaces/base/terraform/storage.tf | Updated shared storage resource naming and added backup resources |
| templates/workspaces/base/terraform/backup/* | New backup module definitions and outputs |
| templates/workspaces/base/terraform/api-permissions.tf | Added role assignments relevant to backups |
| templates/workspaces/base/template_schema.json | Updated schema to support the enable_backup parameter |
| templates/workspaces/base/porter.yaml | Updated parameters and outputs to include backup settings |
| templates/workspaces/base/parameters.json | Added enable_backup parameter configuration |
| CHANGELOG.md | Updated changelog to capture backup enhancements |
Files not reviewed (1)
- templates/workspaces/base/terraform/.terraform.lock.hcl: Language not supported
james-annages
approved these changes
Jun 19, 2025
james-annages
left a comment
james-annages
left a comment
Collaborator
There was a problem hiding this comment.
Looks good to me,
tamirkamara
approved these changes
Jun 24, 2025
Member
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/15870374996 (with refid (in response to this comment from @marrobi) |
Member
|
/test-force-approve Passed: #4555 (comment) |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit 7028b6b) (in response to this comment from @marrobi) |
Member
|
/test-destroy-env |
|
Destroying PR test environment (RG: rg-tre0b22b0de)... (run: https://github.com/microsoft/AzureTRE/actions/runs/15887967351) |
|
PR test environment destroy complete (RG: rg-tre0b22b0de) |
JaimieWi
added a commit
to OxBRCInformatics/AzureTRE
that referenced
this pull request
Oct 21, 2025
* Enable Structured Azure Firewall logs for TRE firewall (microsoft#4431) * Update mysql commands in control_tre (microsoft#4438) * Update mysql commands in control_tre * changelog * Add support for CMK options in workflows (microsoft#4249) * github action support * cmk var validation * config schema validation * add support for branch and bot * install Terraform as the image doesn't include it anymore * fix prbot * update docs * fix up * Update docs/tre-admins/setup-instructions/workflows.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix docs * update core version * improve condition for local.key_store_id to support empty values * replace null defaults to empty string to be inline with default CI values --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Yuval Yaron <yuvalyaron@microsoft.com> Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> * Organize passing params to bundles (microsoft#4437) * organize passing params to bundles * changelog * Bump the npm_and_yarn group in /ui/app with 2 updates (microsoft#4439) * Bump the npm_and_yarn group in /ui/app with 2 updates Bumps the npm_and_yarn group in /ui/app with 2 updates: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) and [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime). Updates `@babel/helpers` from 7.26.7 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers) Updates `@babel/runtime` from 7.26.7 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Fix static web deprecated message (microsoft#4443) * Update Terraform static website configuration to use new resource format * Update CHANGELOG to reference new issue for Terraform static website configuration update * Bump version to 0.12.10 * Document Makefile Commands (microsoft#4422) * Makefile documentation * Add documentation on make commands * CR fix: Remove the unnecessary Command note * Fix Guacamole session end when browser is closed (microsoft#4425) * Fix use of deprecated argument in jq (microsoft#4447) * Bump the npm_and_yarn group in /ui/app with 2 updates (microsoft#4444) * Bump the npm_and_yarn group in /ui/app with 2 updates Bumps the npm_and_yarn group in /ui/app with 2 updates: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [esbuild](https://github.com/evanw/esbuild). Updates `vite` from 6.1.0 to 6.2.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.3/packages/vite) Updates `esbuild` from 0.24.2 to 0.25.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.24.2...v0.25.1) --- updated-dependencies: - dependency-name: vite dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Extend documentation on Airlock export and review setup (microsoft#4440) * Add more documentation on Airlock * Add example on configure properties * fix broken links * Skip removing keyvault rule when resource group is deleting (microsoft#4454) * skip removing KV rule when RG is deleting * changelog * update how we get the kv's rg * Add malware scanning to workspace storage account for airlock exports (microsoft#4418) * Add soft delete to workspace storage account (microsoft#4389) * Bump vite from 6.2.3 to 6.2.4 in /ui/app in the npm_and_yarn group (microsoft#4456) * Bump vite from 6.2.3 to 6.2.4 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.3 to 6.2.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.4/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Workspace user management (microsoft#4337) * Bump vite from 6.2.4 to 6.2.5 in /ui/app in the npm_and_yarn group (microsoft#4468) * Bump vite from 6.2.4 to 6.2.5 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.4 to 6.2.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.5 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * update ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Add dependency between Airlock processor and storage account private endpoint (microsoft#4470) * Prevent VMs From Being Replaced when `custom_data` changes (microsoft#4465) * Add custom_data to ignore_changes * Update changelog * Bump minor instead of major * Update firewall rules documentation (microsoft#4434) * Bump vite from 6.2.5 to 6.2.6 in /ui/app in the npm_and_yarn group (microsoft#4486) * Bump vite from 6.2.5 to 6.2.6 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.5 to 6.2.6 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.6 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * update ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Prep for release 0.22.0 (microsoft#4492) * update changelog for release 0.22.0 * Update CHANGELOG.md * Update CHANGELOG.md * Auto grant workspace consent (microsoft#4458) * Update GitHub issue templates (microsoft#4497) * Format operations error message (microsoft#4494) * Update upgrading-tre.md documentation (microsoft#4481) * Fix typo in deploy reusable workflow step name (microsoft#4498) * Document CI_CACHE_ACR_NAME secret for CI/CD (microsoft#4453) * Document CI_CACHE_ACR_NAME secret for CI/CD Fixes microsoft#4424 --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/microsoft/AzureTRE/issues/4424?shareId=XXXX-XXXX-XXXX-XXXX). * Rephrase * Unify CI_CACHE_ACR_NAME check in workflow * Test missing secret message * Fail initial acr login for test * Rephrase error message * CR changes * Update .github/workflows/deploy_tre_reusable.yml Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> --------- Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> * Add ability to pass values to install stage on pipleine. (microsoft#4451) * Tested, but feels wrong using patch for install. * Update api_app/tests_ma/test_db/test_repositories/test_resource_repository.py * fix indentation. * PR comments and move to string constant * PR comment * up version * update changelog * Letsencrypt.yml fails with “Invalid reference in variable validation” (microsoft#4507) * Intermittent management storage account access failure during core deployment (microsoft#4508) * Add ability to assign VMs to other users at creation (microsoft#4501) * Add owner_id field to template schema * Add logic to API to set ownerId field if owner_id passed in properties. * Bump API version * Rephrase message prompt for clarity * Add unit tests * Ensure AirLock review VMs delete OS disk (microsoft#4515) * Add bastion deploy and sku configuration (microsoft#4383) * Enable scheduled shutdown of Guacamole Windows VMs (microsoft#4211) * Enhance logout message for improved security awareness (microsoft#4519) * Re-enable shared access key on core storage account (microsoft#4518) * Bump vite from 6.2.6 to 6.3.4 in /ui/app in the npm_and_yarn group (microsoft#4513) * Bump vite from 6.2.6 to 6.3.4 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.6 to 6.3.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.4 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Allow USER_MANAGEMENT_ENABLED config variable to set via CI/CD (microsoft#4520) * Fix CI/CD workflow caused by PR microsoft#4520 (microsoft#4527) Update action.yml * Enable vnet exception for core key vault (microsoft#4495) * Add support for allowed subnet ID in Key Vault network access configuration Add ALLOWED_SUBNET_ID input to workflows and scripts for VNet exception handling * Update CHANGELOG and version files for Key Vault subnet ID support and version bump * Refactor deploy workflow: make ALLOWED_SUBNET_ID optional and simplify matrix definitions * Bump version to 0.13.3 * Update Key Vault network access configuration for deployment exceptions * Rename ALLOWED_SUBNET_ID to PRIVATE_AGENT_SUBNET_ID across workflows, actions, and scripts for consistency and clarity * Fix formatting of private_agent_subnet_id assignment for consistency * Bump version numbers to 0.13.5 and 0.5.9 in core and devops respectively * Updated CHANGELOG.md file after merge * Add private_agent_subnet_id to configuration schema and documentation * Update kv_network_default_action logic to conditionally allow or deny access based on private_agent_subnet_id * bump version to 0.13.6 * Update user management input handling in devcontainer action --------- Co-authored-by: Ashis Kar <v-akar@mubadalahealth.ae> Co-authored-by: Ashis Kar <ashiskar@microsoft.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> * Fix rogue comma in Windows VM JSON (microsoft#4529) * Ability to customise UI header and footer text (microsoft#4522) * Remove strtobool from airlock function (microsoft#4535) * remove strtobool from airlock function * changelog * Container registry should not allow public network access (microsoft#4490) * Adding option to disable public network access to mgmt acr * Updating script name * Updating terraform formatting * Fixing lint failures * fixing lint issues * fixing terraform validation * Updating versions * fixing typo * Use rp_bundle_values_all to pass value to resource processor * Updating formatting * creting acr private endpoint irrespective of the flag * Pulling image over vnet irrespecitve of the flag * Gitea to pull image over vnet irrespective of the flag * removing dependency * removing dependency on flag to create private endpoint * Removing dependency on the flag to create private endpoint * Removing the flag from resource processor files * Removing the flag * reverting version * cleaning up changes * cleaning up changes * Updating azapi version * Updating az api version * moving privae endpoint to core resource group * Updating version * Adding vnet image pull for airlock function app * Increasing version * Update core/version.txt Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update devops/version.txt Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update templates/shared_services/gitea/porter.yaml Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update templates/workspace_services/gitea/porter.yaml Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update templates/workspace_services/guacamole/porter.yaml Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * removing unused variables * setting default value of disable_acr_public_access to true * Adding changelog --------- Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Allow AUTO_GRANT_WORKSPACE_CONSENT to be set via CI/CD (microsoft#4533) * Allow AUTO_GRANT_WORKSPACE_CONSENT to be set via CI/CD * Update CHANGELOG.md * Remove unnecessary check in cli-package workflow (microsoft#4536) Remove check Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Remove firewall ACR rule (microsoft#4538) * Remove firewall ACR rule * update changelog * Remove old API migrations (microsoft#4168) * Reduce terraform churn. (microsoft#4539) * Add 180 second delay to NIC delete (microsoft#4511) * Update AzAPI to version 2.3 and improve provider version consistency (microsoft#4523) * Disable ACR admin account (microsoft#4542) * Disable ACR admin user * Remove Airlock restart that isn't needed anymore * update lock file * Add Azure DNS Security Policy (microsoft#4429) * Add more error mesage parsing (microsoft#4503) * Fix Resource History List Item (microsoft#4562) * Keyvault + mgmt storage just in time access scripts traps conflict in the same shell (microsoft#4567) * Keyvault + mgmt storage just in time access scripts traps conflict in the same shell * Fix [nitpick] Declare the variable 'existing_command' as local to avoid polluting the global namespace within the function. * Fix Gitea workspace service being exposed externally (microsoft#4559) * Initial plan for issue * Add is_exposed_externally parameter to Gitea workspace service Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Update porter.yaml, add is_exposed_externally parameter and update changelog Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Remove conditional creation of private endpoint in Gitea workspace service Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Remove is_exposed_externally option and hardcode external access to false Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Remove is_exposed_externally option while keeping security fix Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Add GitHub Copilot Instructions (microsoft#4561) * Certs service deployment failed updating static website (microsoft#4573) * Refactor to use private endpoints * Update staticweb.tf * Pin package versions in resource processor cloud-init script (microsoft#4581) * Packages installed via cloud-init on resource processor are not pinned. Fixes microsoft#4580 * remove space * Enable diagnostic settings for Databricks and Databricks Auth services (Defender warning) (microsoft#4576) * Allow UI_SITE_NAME and UI_FOOTER_TEXT to be passed to deploy_tre_reusable.yaml (microsoft#4575) * Allow UI_SITE_NAME and UI_FOOTER_TEXT to be dynamically calculated passed in deploy_tre_reusable.yaml * Update CHANGELOG.md * Prep for release v0.23.0 (microsoft#4584) * Fix "log analytics workspaces not found" error when deploying Databricks workspace service (microsoft#4585) * Update Azure Machine Learning workspace to use AD integrated auth to storage (microsoft#4341) * Migrate Azure Firewall and route tables to core configuration (microsoft#4342) * Renew Letsencrypt GitHub action is failing to access storage account (microsoft#4594) * Renew Letsencrypt GitHub action is failing to access storage account * Fix linting * Enable firewall support for Databricks storage account (microsoft#4579) microsoft#4391 Enable firewall support for Databricks storage account * Fix deployment pipeline failures due to KeyVault network policies (microsoft#4599) * Add Backups to Workspaces (microsoft#4555) * Fix resource lock indicator persisting when switching resources (microsoft#4591) * Reduce frequency of queue reader logging to improve log readability (microsoft#4551) * Update copilot instructions with version files and editorconfig formatting rules (microsoft#4604) * Remove resource locks before deleting resource groups in destroy_env_no_terraform.sh (microsoft#4614) * Fix error details display when workspace deletion fails with deleted Entra app (microsoft#4552) * Fix UI display issue when workspace is deploying & user management is enabled (microsoft#4554) * Add revoke functionality and confirmation dialogs for Airlock requests (microsoft#4589) * Add sort/filter options to Workspace list (microsoft#4608) * Fix: Ensure storage rule is removed if Let's Encrypt process fails (microsoft#4602) * [WIP] Display VM creator on info popup (microsoft#4610) * Bug/vmss porter gnpug2 update (microsoft#4620) * Update VMSS to use latest gnupg2 version * Update: Change log * Update changelog to have PR linked and bump version of core * Make change log message more reflective of issue * Fix CostTag API calls to reduce 429 errors (microsoft#4578) * Fix for terraform dependency related to Azure Firewall (microsoft#4626) Update versions and changelog. * Prep for Release v0.24.0 release (microsoft#4629) * Allow ENABLE_DNS_POLICY and ALLOWED_DNS variables to set via CI/CD (microsoft#4625) * Fix App Gateway is destroyed on 2nd and subsequent deploys (microsoft#4633) * Update appgateway.tf * Update CHANGELOG.md * Update CHANGELOG.md * Update version.txt * Update appgateway.tf * Prep for release v0.25.0 (microsoft#4635) * Fix disable public network access for stwebcertsTREID is still flagging in Defender (microsoft#4642) * Update staticweb.tf * Update porter.yaml * Update CHANGELOG.md * Extend DNS list (microsoft#4636) * Extend DNS list * Update CHANGELOG.md * Update allowed-dns.json * Update allowed-dns.json * Bump the pip group across 3 directories with 1 update (microsoft#4627) * Bump the pip group across 3 directories with 1 update --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.12.14 dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-version: 3.12.14 dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-version: 3.12.14 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com> * update versions --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Bump form-data from 3.0.2 to 3.0.4 in /.github/scripts in the npm_and_yarn group across 1 directory (microsoft#4643) Bump form-data Bumps the npm_and_yarn group with 1 update in the /.github/scripts directory: [form-data](https://github.com/form-data/form-data). Updates `form-data` from 3.0.2 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.2...v3.0.4) --- updated-dependencies: - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Bump @eslint/plugin-kit from 0.2.5 to 0.2.8 in /ui/app in the npm_and_yarn group (microsoft#4639) Bump @eslint/plugin-kit in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit). Updates `@eslint/plugin-kit` from 0.2.5 to 0.2.8 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.2.8/packages/plugin-kit) --- updated-dependencies: - dependency-name: "@eslint/plugin-kit" dependency-version: 0.2.8 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Firewall migration issue re FIREWALL_SKU (microsoft#4662) * Add backup lock handling in storage configuration (microsoft#4665) * Refactor porter commands and add more tests (microsoft#4663) * Enable Workspace to deploy to separate subscription (microsoft#4455) * Change Guacamaole VM OS disk to default to Standard SSD (microsoft#4622) * Change Guacamaole VM OS disk defaults to Standard SSD * Update CHANGELOG.md * Update CHANGELOG.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Docs/barts case study (microsoft#4656) * Add Barts Health Data Platform case study * Add target = blank * Add target = blank * Use hyphen instead of long dash * Bump the npm_and_yarn group across 1 directory with 4 updates (microsoft#4668) Bumps the npm_and_yarn group with 4 updates in the /ui/app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit), [eslint](https://github.com/eslint/eslint) and [brace-expansion](https://github.com/juliangruber/brace-expansion). Updates `vite` from 7.0.2 to 7.1.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite) Updates `@eslint/plugin-kit` from 0.2.8 to 0.3.5 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.3.5/packages/plugin-kit) Updates `eslint` from 9.20.1 to 9.35.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v9.20.1...v9.35.0) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) --- updated-dependencies: - dependency-name: vite dependency-version: 7.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@eslint/plugin-kit" dependency-version: 0.3.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eslint dependency-version: 9.35.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Add missing image_gallery_id parameter to portal.yaml for export review vm (microsoft#4678) * Update starlette & fastapi versions (microsoft#4683) * update starlette, fastapi versions * api version * Fix core subnet route table associations deleted on subsequent deploys (microsoft#4673) * Initial plan * Fix subnet route table association deletion by moving associations inline Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * working route tables. * Fix route table import and circular dependency issues Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Add clarifying comments for route table migration path Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Add plan mode for Core infra (microsoft#4684) * Update oauth2-proxy and Tomcat versions to latest in Guacamole container (microsoft#4688) * Automation of Azure Resource Provider and Feature Registration and remove Check Dependencies Script (microsoft#4689) * Create CODEOWNERS file with repository maintainers (microsoft#4696) * Initial plan * Create CODEOWNERS file with repository maintainers Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Update CODEOWNERS to use @microsoft/azuretreadmins team Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> * Standardize Database Query Parameter Handling Across Repository Classes (microsoft#4698) * fix pipeline template documentation (microsoft#4708) * Add tm-azurefd.net to allowed-dns (microsoft#4705) * Fix exit trap error "unexpected EOF while looking for matching `''" in storage_enable_public_access.sh (microsoft#4693) * Remove deprecated ms-teams-notification action from workflows and documentation (microsoft#4717) * Initial plan * Remove deprecated ms-teams-notification action and secret references Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Update CHANGELOG with issue number microsoft#4716 Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Remove MS_TEAMS_WEBHOOK_URI references from documentation Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * fix validation error when mulitple lists are used in config.yaml (microsoft#4711) * add ability to configure ntp_server_ip_addresses * update changelog and schema * remove unnecessary has_dupes check and print output of pajv validate * update changelog * revert changes from wrong branch * reinstate emoji error message --------- Co-authored-by: Marcus Robinson <marrobi@microsoft.com> * config_schema.json schema fixes (microsoft#4715) * update config_schema to add dns settings * update changelog * add missing values to schema Comment out developer_settings * update changelog * move cmk to developer section as per existing docs * update changelog * update descriptions --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Ashis Kar <32232936+ashis-kar91@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Yuval Yaron <yuvalyaron@microsoft.com> Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ron Shakutai <58519179+ShakutaiGit@users.noreply.github.com> Co-authored-by: Liza Shakury <42377481+LizaShak@users.noreply.github.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> Co-authored-by: Stephen Askew <2727893+askew@users.noreply.github.com> Co-authored-by: Siobhan Baynes <SiobhanBaynes@users.noreply.github.com> Co-authored-by: Matthew Fortunka <1851394+fortunkam@users.noreply.github.com> Co-authored-by: Steve Haigh <steve_a_haigh@hotmail.com> Co-authored-by: Jonny Rylands <jonnyry@users.noreply.github.com> Co-authored-by: Ashis Kar <v-akar@mubadalahealth.ae> Co-authored-by: Ashis Kar <ashiskar@microsoft.com> Co-authored-by: vijayaraghavan-s <vsanka@m42.ae> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: Martin Peck <mpeck@microsoft.com> Co-authored-by: Jade Wilson <jade_wilson66@hotmail.co.uk> Co-authored-by: Tony Wildish <153200306+TonyWildish-BH@users.noreply.github.com> Co-authored-by: JC-wk <james.chapman8@nhs.net> Co-authored-by: James Chapman <196318169+JC-wk@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #4362
This pull request is based upon @james-annages's original PR. It introduces significant updates to the base template for workspaces, primarily focusing on adding backup capabilities and enhancing the cleanup process for Azure Recovery Services Vaults. The key changes include the addition of new parameters and outputs, updates to the
porter.yamlfile for handling backups, and the creation of new Terraform resources for managing backups.Backup and Recovery Enhancements:
templates/workspaces/base/cleanup_vault.sh: Added a new script to handle the cleanup of Azure Recovery Services Vaults, including disabling soft delete and removing protected items.templates/workspaces/base/terraform/backup/backup.tf: Introduced new Terraform resources to create and manage Azure Recovery Services Vaults, VM backup policies, and file share backup policies.templates/workspaces/base/porter.yaml: Updated to include new parameters and outputs related to backup configuration, and added steps to handle backup vault cleanup during uninstallation. [1] [2] [3] [4] [5] [6] [7] [8]Parameter and Schema Updates:
templates/workspaces/base/parameters.json: Added new parametersenable_backupandshared_storage_nameto support backup configurations.templates/workspaces/base/template_schema.json: Updated the schema to include theenable_backupparameter, allowing backups to be enabled or disabled for the workspace. [1] [2]Terraform Configuration:
templates/workspaces/base/terraform/backup/variables.tf: Defined new variables for backup configurations, includinglocation,tre_id,resource_group_name, andshared_storage_name.templates/workspaces/base/terraform/backup/outputs.tf: Added new outputs for backup vault and policy names to be used in other parts of the configuration.templates/workspaces/base/terraform/storage.tf: Updated the shared storage name variable to be configurable.Role Assignments:
templates/workspaces/base/terraform/api-permissions.tf: Added new role assignments forBackup ContributorandSite Recovery Contributorto manage backup and site recovery permissions.These changes collectively enhance the robustness of the workspace by adding comprehensive backup and recovery functionalities, ensuring that critical data can be protected and restored as needed.
What is being addressed
Added in a boolen for enable_backup that is set in the workspace config window. The system will deploy a recovery vault and the needed policy's.
It passes the names of the polices back out so they can be used by other services (sql, vm, etc).
How is this addressed