Enhance Bundle Registration Process

microsoft / AzureTRE

An accelerator to help organizations build Trusted Research Environments on Azure.

https://microsoft.github.io/AzureTRE

MIT License

178 stars 135 forks source link

Enhance Bundle Registration Process #424

Open marrobi opened 3 years ago

marrobi commented 3 years ago

Description

As a TRE System Integrator I want to specify the full repository where a bundle is stored So that I can store templates in different locations

As a TRE System Integrator I want the bundle to be read and imported without the need to manually generate a payload and call the API. So that I can quickly register new bundles

Acceptance criteria

[ ] Post/register template operations accepts and stores a repository
[ ] Post/register template operation extracts template details using resource processor and stores template details
[ ] Get Workspace Template returns the repository
[ ] Post Workspace with successfully deploys the workspace

Notes:

Docker calls the combination of [registry-url]/[namespace]/[image] a repository. For example https://myregistry.azurecr.io/workspaces/azureml

Lybecker commented 3 years ago

Remember firewall rules needs to be added for other ACR instances. Ref #421

marrobi commented 3 years ago

@Lybecker not sure they do as ACI pulls over the public internet. See https://docs.microsoft.com/en-us/azure/container-instances/container-instances-using-azure-container-registry#limitations

TessFerrandez commented 3 years ago

@marrobi Since this is listed as an API story - do you mean a cosmos repository? or are we talking something else?

marrobi commented 3 years ago

Container image repository.

tamirkamara commented 2 years ago

@marrobi, recent changes in the registration script (#1278) made porter use a bundle image stored on a remote container registry. However, to fully register a new TRE template the process also needs the template_schema.json available in the source code on the bundle/template. Do you have any thoughts around that?

marrobi commented 2 years ago

We discussed a while back possiblity of having a custom action that prints the schema file. I tried this and it does work but feels messy.

Unless we can extract a file another way open to suggestions.

tamirkamara commented 2 years ago

If we want to separate bundle creation from registration, then the only additional way would be to somehow get a url where the file can be accessed. But that brings me to another question, how would the flow look like? Would the TRE system integrator still need to register the templates one by one? Is the assumption that they were the ones who also published the bundles?

P. S. Currently the resource processor can only access one container registry.

marrobi commented 2 years ago

Just adding as a note, can retrieve single file from a porter bundle using:

image="mrtreint.azurecr.io/tre-service-guacamole-linuxvm-installer:v0.1.7"
container_id=$(docker create "$image")
docker cp "$container_id:/cnab/app/azure.json" "tmp_json.json"
docker rm "$container_id"