Add sort/filter options to Workspace list

CHANGELOG.md

@@ -5,6 +5,7 @@
 ENHANCEMENTS:
 * Add revoke functionality and confirmation dialogs for Airlock requests ([#4543](https://github.com/microsoft/AzureTRE/issues/4543))
 * Migrate Azure Firewall and Route Tables to Core Terraform ([#4342](https://github.com/microsoft/AzureTRE/pull/4342))
+* Add sort/filter options to Workspace list ([#4462](https://github.com/microsoft/AzureTRE/issues/4462))
 * Added backup vault to base workspace & updated Azurerm provider to match core. ([[#4362](https://github.com/microsoft/AzureTRE/issues/4362)])
 
 BUG FIXES:

core/terraform/deploy.sh

@@ -9,7 +9,10 @@ set -o nounset
 source "../../devops/scripts/kv_add_network_exception.sh"
 
 # shellcheck disable=SC1091
-source "../../devops/scripts/mgmtstorage_enable_public_access.sh"
+# shellcheck disable=SC2154
+source "../../devops/scripts/storage_enable_public_access.sh" \
+  --storage-account-name "${TF_VAR_mgmt_storage_account_name}" \
+  --resource-group-name "${TF_VAR_mgmt_resource_group_name}"
 
 # This is where we can migrate any Terraform before we plan and apply
 # For instance deprecated Terraform resources

core/terraform/migrate.sh

@@ -5,9 +5,6 @@ set -o pipefail
 set -o nounset
 # set -o xtrace
 
-# shellcheck disable=SC1091
-source ../../devops/scripts/mgmtstorage_enable_public_access.sh
-
 get_resource_id() {
   local json_data="$1"
   local resource_addr="$2"
@@ -206,34 +203,34 @@ popd > /dev/null
 echo "IMPORTING STATE FOR FIREWALL..."
 
 tf_state_list="$(terraform state list)"
-RESOURCE_GROUP_NAME="rg-${TRE_ID}"
+CORE_RESOURCE_GROUP_NAME="rg-${TRE_ID}"
 
 # if resource group exists
-if az group show --name "${RESOURCE_GROUP_NAME}" > /dev/null 2>&1; then
-  echo "Resource group ${RESOURCE_GROUP_NAME} exists, proceeding with import."
+if az group show --name "${CORE_RESOURCE_GROUP_NAME}" > /dev/null 2>&1; then
+  echo "Resource group ${CORE_RESOURCE_GROUP_NAME} exists, proceeding with import."
 
   # Firewall
-  import_if_exists module.firewall.azurerm_firewall.fw "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/azureFirewalls/fw-${TRE_ID}"
+  import_if_exists module.firewall.azurerm_firewall.fw "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/azureFirewalls/fw-${TRE_ID}"
 
   # Firewall IPs
   if [[ "${FIREWALL_SKU:-}" == "Basic" ]]; then
-    import_if_exists module.firewall.azurerm_public_ip.fwmanagement[0] "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/publicIPAddresses/pip-fw-management-${TRE_ID}"
+    import_if_exists module.firewall.azurerm_public_ip.fwmanagement[0] "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/publicIPAddresses/pip-fw-management-${TRE_ID}"
   fi
 
-  import_if_exists module.firewall.azurerm_public_ip.fwtransit[0] "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/publicIPAddresses/pip-fw-${TRE_ID}"
+  import_if_exists module.firewall.azurerm_public_ip.fwtransit[0] "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/publicIPAddresses/pip-fw-${TRE_ID}"
 
   # Firewall policy
-  import_if_exists module.firewall.azurerm_firewall_policy.root "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/firewallPolicies/fw-policy-${TRE_ID}"
+  import_if_exists module.firewall.azurerm_firewall_policy.root "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/firewallPolicies/fw-policy-${TRE_ID}"
   import_if_exists module.firewall.azurerm_firewall_policy_rule_collection_group.core \
-    "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/firewallPolicies/fw-policy-${TRE_ID}/ruleCollectionGroups/rcg-core"
+    "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/firewallPolicies/fw-policy-${TRE_ID}/ruleCollectionGroups/rcg-core"
 
 
   # Diagnostic settings
   import_if_exists module.firewall.azurerm_monitor_diagnostic_setting.firewall \
-    "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/azureFirewalls/fw-${TRE_ID}|diagnostics-fw-${TRE_ID}" \
+    "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/azureFirewalls/fw-${TRE_ID}|diagnostics-fw-${TRE_ID}" \
     "az monitor diagnostic-settings show --resource /subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/rg-${TRE_ID}/providers/microsoft.network/azureFirewalls/fw-${TRE_ID} --name diagnostics-fw-${TRE_ID}"
 
   # Route tables
   import_if_exists azurerm_route_table.rt \
-    "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.Network/routeTables/rt-${TRE_ID}"
+    "/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${CORE_RESOURCE_GROUP_NAME}/providers/Microsoft.Network/routeTables/rt-${TRE_ID}"
 fi

core/terraform/outputs.sh

@@ -2,7 +2,10 @@
 set -e
 
 # shellcheck disable=SC1091
-source ../../devops/scripts/mgmtstorage_enable_public_access.sh
+# shellcheck disable=SC2154
+source ../../devops/scripts/storage_enable_public_access.sh \
+  --storage-account-name "${TF_VAR_mgmt_storage_account_name}" \
+  --resource-group-name "${TF_VAR_mgmt_resource_group_name}"
 
 if [ ! -f ../tre_output.json ] || [ ! -s ../tre_output.json ]; then
   # Connect to the remote backend of Terraform

core/terraform/scripts/letsencrypt.sh

@@ -19,43 +19,14 @@ fi
 # already exists and, if not, create it. The firewall rules also need lifting so that the
 # certificate can be uploaded.
 #
-# By default, this process adds the IP address of the machine running this script to the allow-list
-# of the storage account network rules. In some situations this approach may not work. For example,
-# where the machine running this script (an AzDo build agent, for example), and the storage account
-# are both on the same private network, and the public IP of the machine running the script is never
-# used. In this situation, you may need to drop the default Deny rule.
-#
-# If the environment variable LETSENCRYPT_DROP_ALL_RULES=1 is set then this script will drop the
-# default Deny rule, and then re-enable it once the script is complete, rather add the IP address
-# to the allow rules.
-
-if  [[ "${LETSENCRYPT_DROP_ALL_RULES}" == "1" ]]; then
-
-  echo "Removing default DENY rule on storage account ${STORAGE_ACCOUNT}"
-  az storage account update \
-    --default-action Allow \
-    --name "${STORAGE_ACCOUNT}" \
-    --resource-group "${RESOURCE_GROUP_NAME}"
-
-else
-
-  if [[ -z ${PUBLIC_DEPLOYMENT_IP_ADDRESS:-} ]]; then
-    IPADDR=$(curl ipecho.net/plain; echo)
-  else
-    IPADDR=${PUBLIC_DEPLOYMENT_IP_ADDRESS}
-  fi
-
-  echo "Creating network rule on storage account ${STORAGE_ACCOUNT} for $IPADDR"
-  az storage account network-rule add \
-    --account-name "${STORAGE_ACCOUNT}" \
-    --resource-group "${RESOURCE_GROUP_NAME}" \
-    --ip-address "$IPADDR"
-
-fi
+# shellcheck disable=SC1091
+source "$script_dir/../../../devops/scripts/storage_enable_public_access.sh" \
+  --storage-account-name "${STORAGE_ACCOUNT}" \
+  --resource-group-name "${RESOURCE_GROUP_NAME}"
 
 echo "Waiting for network rule to take effect"
 sleep 30s
-echo "Created network rule on storage account"
+echo "Storage account network access configured"
 
 echo "Checking for index.html file in storage account"
 
@@ -150,20 +121,3 @@ else
         --cert-password "${CERT_PASSWORD}"
 fi
 
-if  [[ "${LETSENCRYPT_DROP_ALL_RULES}" == "1" ]]; then
-
-  echo "Resetting the default DENY rule on storage account ${STORAGE_ACCOUNT}"
-  az storage account update \
-    --default-action Deny \
-    --name "${STORAGE_ACCOUNT}" \
-    --resource-group "${RESOURCE_GROUP_NAME}"
-
-else
-
-  echo "Ressetting network rule on storage account (removing $IPADDR from allow list)"
-  az storage account network-rule remove \
-    --account-name "${STORAGE_ACCOUNT}" \
-    --resource-group "${RESOURCE_GROUP_NAME}" \
-    --ip-address "${IPADDR}"
-
-fi

core/terraform/update_tags.sh

@@ -5,9 +5,6 @@ set -o pipefail
 set -o nounset
 # set -o xtrace
 
-# shellcheck disable=SC1091
-source ../../devops/scripts/mgmtstorage_enable_public_access.sh
-
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
 core_rg_rid=$(terraform show -json | jq -r '.values.root_module.resources[] | select(.address=="azurerm_resource_group.core") | .values.id')

core/version.txt

@@ -1 +1 @@
-__version__ = "0.16.0"
+__version__ = "0.16.1"