Migrate Azure Firewall and route tables to core configuration#4342
Merged
marrobi merged 32 commits intomicrosoft:mainfrom Jun 18, 2025
Merged
Migrate Azure Firewall and route tables to core configuration#4342marrobi merged 32 commits intomicrosoft:mainfrom
marrobi merged 32 commits intomicrosoft:mainfrom
Conversation
….com/microsoft/AzureTRE into marrobi/firewall-to-core
…robi/firewall-to-core
Unit Test Results0 tests 0 ✅ 0s ⏱️ Results for commit cc14315. ♻️ This comment has been updated with latest results. |
Member
|
@marrobi please update with |
marrobi
force-pushed
the
marrobi/firewall-to-core
branch
from
af6ed73 to
ff24de2
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR migrates the Azure Firewall deployment and associated route table configurations to the core configuration. Key changes include:
- Upgrading the version in the porter.yaml template.
- Removing firewall-related parameters and the tre_resource_id from the shared services deployment template.
- Updating the CHANGELOG with the new migration entry.
Reviewed Changes
Copilot reviewed 6 out of 24 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| templates/shared_services/firewall/porter.yaml | Updated version and removed firewall-related parameters and IDs. |
| CHANGELOG.md | Added a changelog entry for the migration of Azure Firewall configurations. |
Files not reviewed (18)
- Makefile: Language not supported
- core/terraform/.terraform.lock.hcl: Language not supported
- core/terraform/firewall/firewall.tf: Language not supported
- core/terraform/firewall/import_state.sh: Language not supported
- core/terraform/firewall/locals.tf: Language not supported
- core/terraform/firewall/main.tf: Language not supported
- core/terraform/firewall/outputs.tf: Language not supported
- core/terraform/firewall/remove_state.sh: Language not supported
- core/terraform/firewall/rules.tf: Language not supported
- core/terraform/firewall/variables.tf: Language not supported
- core/terraform/main.tf: Language not supported
- core/terraform/network/outputs.tf: Language not supported
- core/terraform/routetable.tf: Language not supported
- core/terraform/variables.tf: Language not supported
- core/version.txt: Language not supported
- templates/shared_services/firewall/template_schema.json: Language not supported
- templates/shared_services/firewall/terraform/data.tf: Language not supported
- templates/shared_services/firewall/terraform/import_state.sh: Language not supported
Comments suppressed due to low confidence (3)
templates/shared_services/firewall/porter.yaml:45
- The removal of firewall-related parameters is intended by the PR; however, please verify that all consumers of this template have been updated to use the new core configuration and no references to these parameters remain.
- - name: firewall_sku
templates/shared_services/firewall/porter.yaml:59
- Removing the tre_resource_id from the install/upgrade/uninstall sections requires confirmation that resource identification is now handled elsewhere; please ensure the new configuration covers this need.
- tre_resource_id: ${ bundle.parameters.id }
CHANGELOG.md:9
- [nitpick] Consider aligning the changelog entry with the PR title by using 'core configuration' instead of 'Core Terraform' for consistency.
+* Migrate Azure Firewall and Route Tables to Core Terraform ([#4342](https://github.com/microsoft/AzureTRE/pull/4342))
Member
Author
tamirkamara
reviewed
Apr 2, 2025
Member
Author
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/15581267023 (with refid (in response to this comment from @marrobi) |
Member
Author
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/15582341080 (with refid (in response to this comment from @marrobi) |
Member
Author
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/15586284665 (with refid (in response to this comment from @marrobi) |
Member
Author
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/15586550016 (with refid (in response to this comment from @marrobi) |
tamirkamara
approved these changes
Jun 12, 2025
Collaborator
tamirkamara
left a comment
tamirkamara
left a comment
There was a problem hiding this comment.
LGTM but I didn't test myself.
Member
Author
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/15676967084 (with refid (in response to this comment from @marrobi) |
Member
Author
|
/test-force-approve Passed: https://github.com/microsoft/AzureTRE/actions/runs/15676967084 |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit 0d7e6a4) (in response to this comment from @marrobi) |
jonnyry
approved these changes
Jun 18, 2025
Member
Author
|
/test-force-approve |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit cc14315) (in response to this comment from @marrobi) |
JaimieWi
added a commit
to OxBRCInformatics/AzureTRE
that referenced
this pull request
Oct 21, 2025
* Enable Structured Azure Firewall logs for TRE firewall (microsoft#4431) * Update mysql commands in control_tre (microsoft#4438) * Update mysql commands in control_tre * changelog * Add support for CMK options in workflows (microsoft#4249) * github action support * cmk var validation * config schema validation * add support for branch and bot * install Terraform as the image doesn't include it anymore * fix prbot * update docs * fix up * Update docs/tre-admins/setup-instructions/workflows.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix docs * update core version * improve condition for local.key_store_id to support empty values * replace null defaults to empty string to be inline with default CI values --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Yuval Yaron <yuvalyaron@microsoft.com> Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> * Organize passing params to bundles (microsoft#4437) * organize passing params to bundles * changelog * Bump the npm_and_yarn group in /ui/app with 2 updates (microsoft#4439) * Bump the npm_and_yarn group in /ui/app with 2 updates Bumps the npm_and_yarn group in /ui/app with 2 updates: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) and [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime). Updates `@babel/helpers` from 7.26.7 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers) Updates `@babel/runtime` from 7.26.7 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Fix static web deprecated message (microsoft#4443) * Update Terraform static website configuration to use new resource format * Update CHANGELOG to reference new issue for Terraform static website configuration update * Bump version to 0.12.10 * Document Makefile Commands (microsoft#4422) * Makefile documentation * Add documentation on make commands * CR fix: Remove the unnecessary Command note * Fix Guacamole session end when browser is closed (microsoft#4425) * Fix use of deprecated argument in jq (microsoft#4447) * Bump the npm_and_yarn group in /ui/app with 2 updates (microsoft#4444) * Bump the npm_and_yarn group in /ui/app with 2 updates Bumps the npm_and_yarn group in /ui/app with 2 updates: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [esbuild](https://github.com/evanw/esbuild). Updates `vite` from 6.1.0 to 6.2.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.3/packages/vite) Updates `esbuild` from 0.24.2 to 0.25.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.24.2...v0.25.1) --- updated-dependencies: - dependency-name: vite dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Extend documentation on Airlock export and review setup (microsoft#4440) * Add more documentation on Airlock * Add example on configure properties * fix broken links * Skip removing keyvault rule when resource group is deleting (microsoft#4454) * skip removing KV rule when RG is deleting * changelog * update how we get the kv's rg * Add malware scanning to workspace storage account for airlock exports (microsoft#4418) * Add soft delete to workspace storage account (microsoft#4389) * Bump vite from 6.2.3 to 6.2.4 in /ui/app in the npm_and_yarn group (microsoft#4456) * Bump vite from 6.2.3 to 6.2.4 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.3 to 6.2.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.4/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Workspace user management (microsoft#4337) * Bump vite from 6.2.4 to 6.2.5 in /ui/app in the npm_and_yarn group (microsoft#4468) * Bump vite from 6.2.4 to 6.2.5 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.4 to 6.2.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.5 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * update ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Add dependency between Airlock processor and storage account private endpoint (microsoft#4470) * Prevent VMs From Being Replaced when `custom_data` changes (microsoft#4465) * Add custom_data to ignore_changes * Update changelog * Bump minor instead of major * Update firewall rules documentation (microsoft#4434) * Bump vite from 6.2.5 to 6.2.6 in /ui/app in the npm_and_yarn group (microsoft#4486) * Bump vite from 6.2.5 to 6.2.6 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.5 to 6.2.6 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.6 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * update ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Prep for release 0.22.0 (microsoft#4492) * update changelog for release 0.22.0 * Update CHANGELOG.md * Update CHANGELOG.md * Auto grant workspace consent (microsoft#4458) * Update GitHub issue templates (microsoft#4497) * Format operations error message (microsoft#4494) * Update upgrading-tre.md documentation (microsoft#4481) * Fix typo in deploy reusable workflow step name (microsoft#4498) * Document CI_CACHE_ACR_NAME secret for CI/CD (microsoft#4453) * Document CI_CACHE_ACR_NAME secret for CI/CD Fixes microsoft#4424 --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/microsoft/AzureTRE/issues/4424?shareId=XXXX-XXXX-XXXX-XXXX). * Rephrase * Unify CI_CACHE_ACR_NAME check in workflow * Test missing secret message * Fail initial acr login for test * Rephrase error message * CR changes * Update .github/workflows/deploy_tre_reusable.yml Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> --------- Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> * Add ability to pass values to install stage on pipleine. (microsoft#4451) * Tested, but feels wrong using patch for install. * Update api_app/tests_ma/test_db/test_repositories/test_resource_repository.py * fix indentation. * PR comments and move to string constant * PR comment * up version * update changelog * Letsencrypt.yml fails with “Invalid reference in variable validation” (microsoft#4507) * Intermittent management storage account access failure during core deployment (microsoft#4508) * Add ability to assign VMs to other users at creation (microsoft#4501) * Add owner_id field to template schema * Add logic to API to set ownerId field if owner_id passed in properties. * Bump API version * Rephrase message prompt for clarity * Add unit tests * Ensure AirLock review VMs delete OS disk (microsoft#4515) * Add bastion deploy and sku configuration (microsoft#4383) * Enable scheduled shutdown of Guacamole Windows VMs (microsoft#4211) * Enhance logout message for improved security awareness (microsoft#4519) * Re-enable shared access key on core storage account (microsoft#4518) * Bump vite from 6.2.6 to 6.3.4 in /ui/app in the npm_and_yarn group (microsoft#4513) * Bump vite from 6.2.6 to 6.3.4 in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.6 to 6.3.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.4 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ui version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Allow USER_MANAGEMENT_ENABLED config variable to set via CI/CD (microsoft#4520) * Fix CI/CD workflow caused by PR microsoft#4520 (microsoft#4527) Update action.yml * Enable vnet exception for core key vault (microsoft#4495) * Add support for allowed subnet ID in Key Vault network access configuration Add ALLOWED_SUBNET_ID input to workflows and scripts for VNet exception handling * Update CHANGELOG and version files for Key Vault subnet ID support and version bump * Refactor deploy workflow: make ALLOWED_SUBNET_ID optional and simplify matrix definitions * Bump version to 0.13.3 * Update Key Vault network access configuration for deployment exceptions * Rename ALLOWED_SUBNET_ID to PRIVATE_AGENT_SUBNET_ID across workflows, actions, and scripts for consistency and clarity * Fix formatting of private_agent_subnet_id assignment for consistency * Bump version numbers to 0.13.5 and 0.5.9 in core and devops respectively * Updated CHANGELOG.md file after merge * Add private_agent_subnet_id to configuration schema and documentation * Update kv_network_default_action logic to conditionally allow or deny access based on private_agent_subnet_id * bump version to 0.13.6 * Update user management input handling in devcontainer action --------- Co-authored-by: Ashis Kar <v-akar@mubadalahealth.ae> Co-authored-by: Ashis Kar <ashiskar@microsoft.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> * Fix rogue comma in Windows VM JSON (microsoft#4529) * Ability to customise UI header and footer text (microsoft#4522) * Remove strtobool from airlock function (microsoft#4535) * remove strtobool from airlock function * changelog * Container registry should not allow public network access (microsoft#4490) * Adding option to disable public network access to mgmt acr * Updating script name * Updating terraform formatting * Fixing lint failures * fixing lint issues * fixing terraform validation * Updating versions * fixing typo * Use rp_bundle_values_all to pass value to resource processor * Updating formatting * creting acr private endpoint irrespective of the flag * Pulling image over vnet irrespecitve of the flag * Gitea to pull image over vnet irrespective of the flag * removing dependency * removing dependency on flag to create private endpoint * Removing dependency on the flag to create private endpoint * Removing the flag from resource processor files * Removing the flag * reverting version * cleaning up changes * cleaning up changes * Updating azapi version * Updating az api version * moving privae endpoint to core resource group * Updating version * Adding vnet image pull for airlock function app * Increasing version * Update core/version.txt Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update devops/version.txt Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update templates/shared_services/gitea/porter.yaml Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update templates/workspace_services/gitea/porter.yaml Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Update templates/workspace_services/guacamole/porter.yaml Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * removing unused variables * setting default value of disable_acr_public_access to true * Adding changelog --------- Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Allow AUTO_GRANT_WORKSPACE_CONSENT to be set via CI/CD (microsoft#4533) * Allow AUTO_GRANT_WORKSPACE_CONSENT to be set via CI/CD * Update CHANGELOG.md * Remove unnecessary check in cli-package workflow (microsoft#4536) Remove check Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Remove firewall ACR rule (microsoft#4538) * Remove firewall ACR rule * update changelog * Remove old API migrations (microsoft#4168) * Reduce terraform churn. (microsoft#4539) * Add 180 second delay to NIC delete (microsoft#4511) * Update AzAPI to version 2.3 and improve provider version consistency (microsoft#4523) * Disable ACR admin account (microsoft#4542) * Disable ACR admin user * Remove Airlock restart that isn't needed anymore * update lock file * Add Azure DNS Security Policy (microsoft#4429) * Add more error mesage parsing (microsoft#4503) * Fix Resource History List Item (microsoft#4562) * Keyvault + mgmt storage just in time access scripts traps conflict in the same shell (microsoft#4567) * Keyvault + mgmt storage just in time access scripts traps conflict in the same shell * Fix [nitpick] Declare the variable 'existing_command' as local to avoid polluting the global namespace within the function. * Fix Gitea workspace service being exposed externally (microsoft#4559) * Initial plan for issue * Add is_exposed_externally parameter to Gitea workspace service Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Update porter.yaml, add is_exposed_externally parameter and update changelog Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Remove conditional creation of private endpoint in Gitea workspace service Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Remove is_exposed_externally option and hardcode external access to false Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Remove is_exposed_externally option while keeping security fix Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Add GitHub Copilot Instructions (microsoft#4561) * Certs service deployment failed updating static website (microsoft#4573) * Refactor to use private endpoints * Update staticweb.tf * Pin package versions in resource processor cloud-init script (microsoft#4581) * Packages installed via cloud-init on resource processor are not pinned. Fixes microsoft#4580 * remove space * Enable diagnostic settings for Databricks and Databricks Auth services (Defender warning) (microsoft#4576) * Allow UI_SITE_NAME and UI_FOOTER_TEXT to be passed to deploy_tre_reusable.yaml (microsoft#4575) * Allow UI_SITE_NAME and UI_FOOTER_TEXT to be dynamically calculated passed in deploy_tre_reusable.yaml * Update CHANGELOG.md * Prep for release v0.23.0 (microsoft#4584) * Fix "log analytics workspaces not found" error when deploying Databricks workspace service (microsoft#4585) * Update Azure Machine Learning workspace to use AD integrated auth to storage (microsoft#4341) * Migrate Azure Firewall and route tables to core configuration (microsoft#4342) * Renew Letsencrypt GitHub action is failing to access storage account (microsoft#4594) * Renew Letsencrypt GitHub action is failing to access storage account * Fix linting * Enable firewall support for Databricks storage account (microsoft#4579) microsoft#4391 Enable firewall support for Databricks storage account * Fix deployment pipeline failures due to KeyVault network policies (microsoft#4599) * Add Backups to Workspaces (microsoft#4555) * Fix resource lock indicator persisting when switching resources (microsoft#4591) * Reduce frequency of queue reader logging to improve log readability (microsoft#4551) * Update copilot instructions with version files and editorconfig formatting rules (microsoft#4604) * Remove resource locks before deleting resource groups in destroy_env_no_terraform.sh (microsoft#4614) * Fix error details display when workspace deletion fails with deleted Entra app (microsoft#4552) * Fix UI display issue when workspace is deploying & user management is enabled (microsoft#4554) * Add revoke functionality and confirmation dialogs for Airlock requests (microsoft#4589) * Add sort/filter options to Workspace list (microsoft#4608) * Fix: Ensure storage rule is removed if Let's Encrypt process fails (microsoft#4602) * [WIP] Display VM creator on info popup (microsoft#4610) * Bug/vmss porter gnpug2 update (microsoft#4620) * Update VMSS to use latest gnupg2 version * Update: Change log * Update changelog to have PR linked and bump version of core * Make change log message more reflective of issue * Fix CostTag API calls to reduce 429 errors (microsoft#4578) * Fix for terraform dependency related to Azure Firewall (microsoft#4626) Update versions and changelog. * Prep for Release v0.24.0 release (microsoft#4629) * Allow ENABLE_DNS_POLICY and ALLOWED_DNS variables to set via CI/CD (microsoft#4625) * Fix App Gateway is destroyed on 2nd and subsequent deploys (microsoft#4633) * Update appgateway.tf * Update CHANGELOG.md * Update CHANGELOG.md * Update version.txt * Update appgateway.tf * Prep for release v0.25.0 (microsoft#4635) * Fix disable public network access for stwebcertsTREID is still flagging in Defender (microsoft#4642) * Update staticweb.tf * Update porter.yaml * Update CHANGELOG.md * Extend DNS list (microsoft#4636) * Extend DNS list * Update CHANGELOG.md * Update allowed-dns.json * Update allowed-dns.json * Bump the pip group across 3 directories with 1 update (microsoft#4627) * Bump the pip group across 3 directories with 1 update --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.12.14 dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-version: 3.12.14 dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-version: 3.12.14 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com> * update versions --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Bump form-data from 3.0.2 to 3.0.4 in /.github/scripts in the npm_and_yarn group across 1 directory (microsoft#4643) Bump form-data Bumps the npm_and_yarn group with 1 update in the /.github/scripts directory: [form-data](https://github.com/form-data/form-data). Updates `form-data` from 3.0.2 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.2...v3.0.4) --- updated-dependencies: - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Bump @eslint/plugin-kit from 0.2.5 to 0.2.8 in /ui/app in the npm_and_yarn group (microsoft#4639) Bump @eslint/plugin-kit in /ui/app in the npm_and_yarn group Bumps the npm_and_yarn group in /ui/app with 1 update: [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit). Updates `@eslint/plugin-kit` from 0.2.5 to 0.2.8 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.2.8/packages/plugin-kit) --- updated-dependencies: - dependency-name: "@eslint/plugin-kit" dependency-version: 0.2.8 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Firewall migration issue re FIREWALL_SKU (microsoft#4662) * Add backup lock handling in storage configuration (microsoft#4665) * Refactor porter commands and add more tests (microsoft#4663) * Enable Workspace to deploy to separate subscription (microsoft#4455) * Change Guacamaole VM OS disk to default to Standard SSD (microsoft#4622) * Change Guacamaole VM OS disk defaults to Standard SSD * Update CHANGELOG.md * Update CHANGELOG.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Docs/barts case study (microsoft#4656) * Add Barts Health Data Platform case study * Add target = blank * Add target = blank * Use hyphen instead of long dash * Bump the npm_and_yarn group across 1 directory with 4 updates (microsoft#4668) Bumps the npm_and_yarn group with 4 updates in the /ui/app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit), [eslint](https://github.com/eslint/eslint) and [brace-expansion](https://github.com/juliangruber/brace-expansion). Updates `vite` from 7.0.2 to 7.1.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite) Updates `@eslint/plugin-kit` from 0.2.8 to 0.3.5 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/plugin-kit-v0.3.5/packages/plugin-kit) Updates `eslint` from 9.20.1 to 9.35.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v9.20.1...v9.35.0) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) --- updated-dependencies: - dependency-name: vite dependency-version: 7.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@eslint/plugin-kit" dependency-version: 0.3.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eslint dependency-version: 9.35.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> * Add missing image_gallery_id parameter to portal.yaml for export review vm (microsoft#4678) * Update starlette & fastapi versions (microsoft#4683) * update starlette, fastapi versions * api version * Fix core subnet route table associations deleted on subsequent deploys (microsoft#4673) * Initial plan * Fix subnet route table association deletion by moving associations inline Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * working route tables. * Fix route table import and circular dependency issues Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Add clarifying comments for route table migration path Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Add plan mode for Core infra (microsoft#4684) * Update oauth2-proxy and Tomcat versions to latest in Guacamole container (microsoft#4688) * Automation of Azure Resource Provider and Feature Registration and remove Check Dependencies Script (microsoft#4689) * Create CODEOWNERS file with repository maintainers (microsoft#4696) * Initial plan * Create CODEOWNERS file with repository maintainers Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Update CODEOWNERS to use @microsoft/azuretreadmins team Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> * Standardize Database Query Parameter Handling Across Repository Classes (microsoft#4698) * fix pipeline template documentation (microsoft#4708) * Add tm-azurefd.net to allowed-dns (microsoft#4705) * Fix exit trap error "unexpected EOF while looking for matching `''" in storage_enable_public_access.sh (microsoft#4693) * Remove deprecated ms-teams-notification action from workflows and documentation (microsoft#4717) * Initial plan * Remove deprecated ms-teams-notification action and secret references Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Update CHANGELOG with issue number microsoft#4716 Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * Remove MS_TEAMS_WEBHOOK_URI references from documentation Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> * fix validation error when mulitple lists are used in config.yaml (microsoft#4711) * add ability to configure ntp_server_ip_addresses * update changelog and schema * remove unnecessary has_dupes check and print output of pajv validate * update changelog * revert changes from wrong branch * reinstate emoji error message --------- Co-authored-by: Marcus Robinson <marrobi@microsoft.com> * config_schema.json schema fixes (microsoft#4715) * update config_schema to add dns settings * update changelog * add missing values to schema Comment out developer_settings * update changelog * move cmk to developer section as per existing docs * update changelog * update descriptions --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Ashis Kar <32232936+ashis-kar91@users.noreply.github.com> Co-authored-by: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Yuval Yaron <yuvalyaron@microsoft.com> Co-authored-by: Yuval Yaron <43217306+yuvalyaron@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ron Shakutai <58519179+ShakutaiGit@users.noreply.github.com> Co-authored-by: Liza Shakury <42377481+LizaShak@users.noreply.github.com> Co-authored-by: Marcus Robinson <marrobi@microsoft.com> Co-authored-by: Stephen Askew <2727893+askew@users.noreply.github.com> Co-authored-by: Siobhan Baynes <SiobhanBaynes@users.noreply.github.com> Co-authored-by: Matthew Fortunka <1851394+fortunkam@users.noreply.github.com> Co-authored-by: Steve Haigh <steve_a_haigh@hotmail.com> Co-authored-by: Jonny Rylands <jonnyry@users.noreply.github.com> Co-authored-by: Ashis Kar <v-akar@mubadalahealth.ae> Co-authored-by: Ashis Kar <ashiskar@microsoft.com> Co-authored-by: vijayaraghavan-s <vsanka@m42.ae> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: marrobi <17089773+marrobi@users.noreply.github.com> Co-authored-by: Martin Peck <mpeck@microsoft.com> Co-authored-by: Jade Wilson <jade_wilson66@hotmail.co.uk> Co-authored-by: Tony Wildish <153200306+TonyWildish-BH@users.noreply.github.com> Co-authored-by: JC-wk <james.chapman8@nhs.net> Co-authored-by: James Chapman <196318169+JC-wk@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Move Azure Firewall Deployment to Core
Why:
$ make tre-stop#3953 (comment) ).Had to modify GitHub workflow for linting. Can someone verify this is correct?
Tested upgrade a few times, more wouldn't hurt.