async Task <string> CreateVmSettingsString(string region, int vmId, int studyId, int sandboxId, VirtualMachineCreateDto userInput)
{
var vmSettings = _mapper.Map <VmSettingsDto>(userInput);
var availableOs = await _virtualMachineOperatingSystemService.AvailableOperatingSystems(region);
vmSettings.OperatingSystemCategory = AzureVmUtil.GetOsCategory(availableOs, vmSettings.OperatingSystem);
vmSettings.Password = await StoreNewVmPasswordAsKeyVaultSecretAndReturnReference(studyId, sandboxId, vmSettings.Password);
var diagStorageResource = await CloudResourceQueries.GetDiagStorageAccountEntry(_db, sandboxId);
vmSettings.DiagnosticStorageAccountName = diagStorageResource.ResourceName;
var networkResource = await CloudResourceQueries.GetNetworkEntry(_db, sandboxId);
vmSettings.NetworkName = networkResource.ResourceName;
var networkSetting = CloudResourceConfigStringSerializer.NetworkSettings(networkResource.ConfigString);
vmSettings.SubnetName = networkSetting.SandboxSubnetName;
vmSettings.Rules = VmRuleUtils.CreateInitialVmRules(vmId);
return(CloudResourceConfigStringSerializer.Serialize(vmSettings));
}
async Task ScheduleCreationOfSandboxResourceGroupRoleAssignments(SandboxResourceCreationAndSchedulingDto dto, ProvisioningQueueParentDto queueParentItem)
{
var desiredState = CloudResourceConfigStringSerializer.Serialize(new CloudResourceOperationStateForRoleUpdate(dto.StudyId));
var resourceGroupCreateOperation = dto.ResourceGroup.Operations.FirstOrDefault().Id;
var updateOpId = await _cloudResourceOperationCreateService.CreateUpdateOperationAsync(dto.ResourceGroup.Id, CloudResourceOperationType.ENSURE_ROLES, dependsOn : resourceGroupCreateOperation, desiredState : desiredState);
queueParentItem.Children.Add(new ProvisioningQueueChildDto()
{
ResourceOperationId = updateOpId.Id
});
}
public static string TranslateAllowedIpsToOperationDesiredState(List <DatasetFirewallRule> datasetFirewallRules)
{
if (datasetFirewallRules.Count == 0)
{
return(null);
}
var translated = TranslateAllowedIpsToGenericFirewallRule(datasetFirewallRules);
return(CloudResourceConfigStringSerializer.Serialize(translated));
}
async Task ScheduleResourceGroupRoleAssignments(Study study, CloudResource resourceGroup, ProvisioningQueueParentDto queueParentItem)
{
var participants = await _db.StudyParticipants.Include(sp => sp.User).Where(p => p.StudyId == study.Id).ToListAsync();
var desiredState = CloudResourceConfigStringSerializer.Serialize(new CloudResourceOperationStateForRoleUpdate(study.Id));
var resourceGroupCreateOperation = CloudResourceOperationUtil.GetCreateOperation(resourceGroup);
var roleAssignmentUpdateOperation = await _cloudResourceOperationCreateService.CreateUpdateOperationAsync(resourceGroup.Id, CloudResourceOperationType.ENSURE_ROLES, dependsOn : resourceGroupCreateOperation.Id, desiredState : desiredState);
ProvisioningQueueUtil.CreateChildAndAdd(queueParentItem, roleAssignmentUpdateOperation);
}
protected async Task CreateRoleUpdateOperationsAsync(int studyId)
{
var resourcesToUpdate = await _cloudResourceReadService.GetDatasetResourceGroupIdsForStudy(studyId);
resourcesToUpdate.AddRange(await _cloudResourceReadService.GetSandboxResourceGroupIdsForStudy(studyId));
foreach (var currentResourceId in resourcesToUpdate)
{
var desiredState = CloudResourceConfigStringSerializer.Serialize(new CloudResourceOperationStateForRoleUpdate(studyId));
var updateOperation = await _cloudResourceOperationCreateService.CreateUpdateOperationAsync(currentResourceId, CloudResourceOperationType.ENSURE_ROLES, desiredState : desiredState);
await _provisioningQueueService.CreateItemAndEnqueue(updateOperation);
}
}
async Task ScheduleCreationOfVirtualNetwork(SandboxResourceCreationAndSchedulingDto dto, ProvisioningQueueParentDto queueParentItem)
{
var networkName = AzureResourceNameUtil.VNet(dto.StudyName, dto.SandboxName);
var sandboxSubnetName = AzureResourceNameUtil.SubNet(dto.StudyName, dto.SandboxName);
var networkSettings = new NetworkSettingsDto()
{
SandboxSubnetName = sandboxSubnetName
};
var networkSettingsString = CloudResourceConfigStringSerializer.Serialize(networkSettings);
var nsgCreateOperation = dto.NetworkSecurityGroup.Operations.FirstOrDefault().Id;
var resourceEntry = await CreateResourceEntryAndAddToQueue(dto, queueParentItem, AzureResourceType.VirtualNetwork, resourceName : networkName, configString : networkSettingsString, dependsOn : nsgCreateOperation);
dto.Network = resourceEntry;
}
static string CreateVmSettingsString(string size = VirtualMachineConstants.SIZE, string osCategory = "windows", string os = "win2019datacenter")
{
var vmSettings = new VmSettingsDto()
{
DiagnosticStorageAccountName = "diagstorageaccountname",
NetworkName = "networkName",
SubnetName = "subnetname",
Size = size,
Rules = VmRuleUtils.CreateInitialVmRules(1),
OperatingSystemCategory = osCategory,
OperatingSystem = os,
Username = VirtualMachineConstants.USERNAME,
Password = "******",
};
return(CloudResourceConfigStringSerializer.Serialize(vmSettings));
}
public async Task <List <VmRuleDto> > SetRules(int vmId, List <VmRuleDto> updatedRuleSet, CancellationToken cancellationToken = default)
{
var vm = await GetVirtualMachineResourceEntry(vmId, UserOperation.Study_Crud_Sandbox);
//Get config string
var vmSettings = CloudResourceConfigStringSerializer.VmSettings(vm.ConfigString);
await ValidateRuleUpdateInputThrowIfNot(vm, vmSettings.Rules, updatedRuleSet);
bool saveAfterwards = false;
if (updatedRuleSet == null || updatedRuleSet != null && updatedRuleSet.Count == 0) //Easy, all rules should be deleted
{
vmSettings.Rules = null;
saveAfterwards = true;
}
else
{
var newRules = updatedRuleSet.Where(r => String.IsNullOrWhiteSpace(r.Name)).ToList();
var rulesThatShouldExistAllready = updatedRuleSet.Where(r => !String.IsNullOrWhiteSpace(r.Name)).ToList();
//Check that the new rules does not have a duplicate in existing rules
foreach (var curNew in newRules)
{
ThrowIfRuleExists(rulesThatShouldExistAllready, curNew);
}
foreach (var curRule in updatedRuleSet)
{
if (curRule.Direction == RuleDirection.Inbound)
{
if (curRule.Action == RuleAction.Deny)
{
throw new ArgumentException("Inbound rules can only have Action: Allow");
}
if (String.IsNullOrWhiteSpace(curRule.Name))
{
curRule.Name = AzureResourceNameUtil.NsgRuleNameForVm(vmId);
//curRule.Priority = AzureVmUtil.GetNextVmRulePriority(updatedRuleSet, curRule.Direction);
}
}
else
{
if (String.IsNullOrWhiteSpace(curRule.Name) || !curRule.Name.Contains(AzureVmConstants.RulePresets.OPEN_CLOSE_INTERNET))
{
throw new ArgumentException("Custom outbound rules are not allowed");
}
}
}
vmSettings.Rules = updatedRuleSet;
saveAfterwards = true;
}
if (saveAfterwards)
{
vm.ConfigString = CloudResourceConfigStringSerializer.Serialize(vmSettings);
await _db.SaveChangesAsync();
await CreateUpdateOperationAndAddQueueItem(vm, "Updated rules");
}
return(updatedRuleSet != null ? updatedRuleSet : new List <VmRuleDto>());
}
