async Task MakeDatasetsAvailable(Sandbox sandbox, CancellationToken cancellation = default)
{
var resourceGroupResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.ResourceGroup, true);
var vNetResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.VirtualNetwork, true);
if (resourceGroupResource == null)
{
throw new Exception($"Could not locate Resource Group entry for Sandbox {sandbox.Id}");
}
if (vNetResource == null)
{
throw new Exception($"Could not locate VNet entry for Sandbox {sandbox.Id}");
}
await _azureVirtualNetworkService.EnsureSandboxSubnetHasServiceEndpointForStorage(resourceGroupResource.ResourceName, vNetResource.ResourceName);
var sandboxDatasets = await _sandboxDatasetModelService.GetSandboxDatasetsForPhaseShiftAsync(sandbox.Id);
foreach (var curDatasetRelation in sandboxDatasets)
{
if (!curDatasetRelation.Dataset.StudySpecific)
{
throw new Exception($"Only study specific datasets are supported. Please remove dataset {curDatasetRelation.Dataset.Name} from Sandbox");
}
var datasetResourceEntry = DatasetUtils.GetStudySpecificStorageAccountResourceEntry(curDatasetRelation.Dataset);
await _azureStorageAccountNetworkRuleService.AddStorageAccountToVNet(datasetResourceEntry.ResourceGroupName, datasetResourceEntry.ResourceName, resourceGroupResource.ResourceName, vNetResource.ResourceName, cancellation);
}
}
void EnsureSandboxHasResourceTypeThrowIfNot(Sandbox sandbox, string resourceType)
{
var resource = CloudResourceUtil.GetResourceByType(sandbox.Resources, resourceType, true);
if (resource == null)
{
throw new Exception($"Unable to find sandbox resource of type {resourceType}");
}
}
async Task <List <string> > VerifyInternetClosed(Sandbox sandbox, CancellationToken cancellation = default)
{
var validationErrors = new List <string>();
_logger.LogInformation(_sandboxNextPhaseEventId, "Sandbox {0}: Verifying that internet is closed for all VMs ", sandbox.Id);
var allVms = CloudResourceUtil.GetAllResourcesByType(sandbox.Resources, AzureResourceType.VirtualMachine, false);
var networkSecurityGroup = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.NetworkSecurityGroup, true);
bool anyVmsFound = false;
foreach (var curVm in allVms)
{
anyVmsFound = true;
var vmInternetRule = await _virtualMachineRuleService.GetInternetRule(curVm.Id);
//Check if internet is set to open in Sepes
if (!_virtualMachineRuleService.IsRuleSetToDeny(vmInternetRule))
{
validationErrors.Add($"Internet is set to open on VM {curVm.ResourceName}");
}
else if (await _azureNetworkSecurityGroupRuleService.IsRuleSetTo(curVm.ResourceGroupName, networkSecurityGroup.ResourceName, vmInternetRule.Name, RuleAction.Allow, cancellation)) //Verify that internet is actually closed in Network Security Group in Azure
{
validationErrors.Add($"Internet is actually open on VM in Azure {curVm.ResourceName}");
}
if (await _cloudResourceOperationReadService.HasUnstartedCreateOrUpdateOperation(curVm.Id)) //Other unfinished VM update
{
validationErrors.Add($"Unfinished operation exists for VM {curVm.ResourceName}");
}
}
if (!anyVmsFound)
{
validationErrors.Add($"Sandbox contains no Virtual Machines");
}
return(validationErrors);
}
async Task MakeDatasetsUnAvailable(Sandbox sandbox, bool continueOnError = true, CancellationToken cancellation = default)
{
var resourceGroupResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.ResourceGroup, true);
var vNetResource = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.VirtualNetwork, true);
if (resourceGroupResource == null)
{
throw new Exception($"Could not locate Resource Group entry for Sandbox {sandbox.Id}");
}
if (vNetResource == null)
{
throw new Exception($"Could not locate VNet entry for Sandbox {sandbox.Id}");
}
var sandboxDatasets = await _sandboxDatasetModelService.GetSandboxDatasetsForPhaseShiftAsync(sandbox.Id);
foreach (var curDatasetRelation in sandboxDatasets)
{
try
{
if (!curDatasetRelation.Dataset.StudySpecific)
{
throw new Exception($"Only study specific datasets are supported. Please remove dataset {curDatasetRelation.Dataset.Name} from Sandbox");
}
var datasetResourceEntry = DatasetUtils.GetStudySpecificStorageAccountResourceEntry(curDatasetRelation.Dataset);
await _azureStorageAccountNetworkRuleService.RemoveStorageAccountFromVNet(datasetResourceEntry.ResourceGroupName, datasetResourceEntry.ResourceName, resourceGroupResource.ResourceName, vNetResource.ResourceName, cancellation);
}
catch (Exception ex)
{
_logger.LogError(ex, $"Unable to make dataset {curDatasetRelation.Dataset.Name} unavailable");
if (!continueOnError)
{
throw;
}
}
}
}
