async Task MakeDatasetsAvailable(Sandbox sandbox, CancellationToken cancellation = default) { var resourceGroupResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.ResourceGroup, true); var vNetResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.VirtualNetwork, true); if (resourceGroupResource == null) { throw new Exception($"Could not locate Resource Group entry for Sandbox {sandbox.Id}"); } if (vNetResource == null) { throw new Exception($"Could not locate VNet entry for Sandbox {sandbox.Id}"); } await _azureVirtualNetworkService.EnsureSandboxSubnetHasServiceEndpointForStorage(resourceGroupResource.ResourceName, vNetResource.ResourceName); var sandboxDatasets = await _sandboxDatasetModelService.GetSandboxDatasetsForPhaseShiftAsync(sandbox.Id); foreach (var curDatasetRelation in sandboxDatasets) { if (!curDatasetRelation.Dataset.StudySpecific) { throw new Exception($"Only study specific datasets are supported. Please remove dataset {curDatasetRelation.Dataset.Name} from Sandbox"); } var datasetResourceEntry = DatasetUtils.GetStudySpecificStorageAccountResourceEntry(curDatasetRelation.Dataset); await _azureStorageAccountNetworkRuleService.AddStorageAccountToVNet(datasetResourceEntry.ResourceGroupName, datasetResourceEntry.ResourceName, resourceGroupResource.ResourceName, vNetResource.ResourceName, cancellation); } }
void EnsureSandboxHasResourceTypeThrowIfNot(Sandbox sandbox, string resourceType) { var resource = CloudResourceUtil.GetResourceByType(sandbox.Resources, resourceType, true); if (resource == null) { throw new Exception($"Unable to find sandbox resource of type {resourceType}"); } }
async Task <List <string> > VerifyInternetClosed(Sandbox sandbox, CancellationToken cancellation = default) { var validationErrors = new List <string>(); _logger.LogInformation(_sandboxNextPhaseEventId, "Sandbox {0}: Verifying that internet is closed for all VMs ", sandbox.Id); var allVms = CloudResourceUtil.GetAllResourcesByType(sandbox.Resources, AzureResourceType.VirtualMachine, false); var networkSecurityGroup = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.NetworkSecurityGroup, true); bool anyVmsFound = false; foreach (var curVm in allVms) { anyVmsFound = true; var vmInternetRule = await _virtualMachineRuleService.GetInternetRule(curVm.Id); //Check if internet is set to open in Sepes if (!_virtualMachineRuleService.IsRuleSetToDeny(vmInternetRule)) { validationErrors.Add($"Internet is set to open on VM {curVm.ResourceName}"); } else if (await _azureNetworkSecurityGroupRuleService.IsRuleSetTo(curVm.ResourceGroupName, networkSecurityGroup.ResourceName, vmInternetRule.Name, RuleAction.Allow, cancellation)) //Verify that internet is actually closed in Network Security Group in Azure { validationErrors.Add($"Internet is actually open on VM in Azure {curVm.ResourceName}"); } if (await _cloudResourceOperationReadService.HasUnstartedCreateOrUpdateOperation(curVm.Id)) //Other unfinished VM update { validationErrors.Add($"Unfinished operation exists for VM {curVm.ResourceName}"); } } if (!anyVmsFound) { validationErrors.Add($"Sandbox contains no Virtual Machines"); } return(validationErrors); }
async Task MakeDatasetsUnAvailable(Sandbox sandbox, bool continueOnError = true, CancellationToken cancellation = default) { var resourceGroupResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.ResourceGroup, true); var vNetResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.VirtualNetwork, true); if (resourceGroupResource == null) { throw new Exception($"Could not locate Resource Group entry for Sandbox {sandbox.Id}"); } if (vNetResource == null) { throw new Exception($"Could not locate VNet entry for Sandbox {sandbox.Id}"); } var sandboxDatasets = await _sandboxDatasetModelService.GetSandboxDatasetsForPhaseShiftAsync(sandbox.Id); foreach (var curDatasetRelation in sandboxDatasets) { try { if (!curDatasetRelation.Dataset.StudySpecific) { throw new Exception($"Only study specific datasets are supported. Please remove dataset {curDatasetRelation.Dataset.Name} from Sandbox"); } var datasetResourceEntry = DatasetUtils.GetStudySpecificStorageAccountResourceEntry(curDatasetRelation.Dataset); await _azureStorageAccountNetworkRuleService.RemoveStorageAccountFromVNet(datasetResourceEntry.ResourceGroupName, datasetResourceEntry.ResourceName, resourceGroupResource.ResourceName, vNetResource.ResourceName, cancellation); } catch (Exception ex) { _logger.LogError(ex, $"Unable to make dataset {curDatasetRelation.Dataset.Name} unavailable"); if (!continueOnError) { throw; } } } }