Fix Azure Health Data Services deployment failure#4845
Merged
Conversation
Unit Test Results0 tests 0 ✅ 0s ⏱️ Results for commit 611e91e. ♻️ This comment has been updated with latest results. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the Azure Health Data Services workspace service to use a newer AzureRM provider and switch from app-role based assignments to RBAC assignments for workspace owner/researcher groups, aligning it with other workspace services and fixing deployment failures.
Changes:
- Bumped the AzureRM provider for the health-services Terraform module to
4.58.0and updated the lock file accordingly. - Replaced app-role–based role assignments with direct RBAC assignments to workspace owners and researchers AAD groups, wiring new group ID parameters through
template_schema.json,porter.yaml, and Terraform variables. - Updated the workspace service bundle version to
0.3.4and added a corresponding BUG FIX entry inCHANGELOG.md.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
templates/workspace_services/health-services/terraform/variables.tf |
Introduces workspace_owners_group_id and workspace_researchers_group_id Terraform variables with non-empty validation for use in RBAC role assignments. |
templates/workspace_services/health-services/terraform/roles.tf |
Removes external/script-based app role member resolution and adds direct role assignments for FHIR and DICOM services to workspace owner and researcher groups using built-in Azure roles. |
templates/workspace_services/health-services/terraform/providers.tf |
Updates the azurerm provider constraint to 4.58.0 (note: external provider is still declared even though it’s no longer used in this module). |
templates/workspace_services/health-services/terraform/.terraform.lock.hcl |
Refreshes the lockfile to pin hashicorp/azurerm at 4.58.0 with updated hashes while retaining the external provider lock. |
templates/workspace_services/health-services/template_schema.json |
Adds hidden properties and pipeline mappings for workspace_owners_group_id and workspace_researchers_group_id to flow group IDs from the parent workspace into the service deployment. |
templates/workspace_services/health-services/porter.yaml |
Bumps bundle version to 0.3.4, drops obsolete AAD auth credentials, and threads the new workspace group ID parameters into install/upgrade/uninstall Terraform invocations. |
CHANGELOG.md |
Adds a BUG FIX entry documenting the Azure Health Data Services deployment fix via provider upgrade and RBAC group assignments. |
Files not reviewed (1)
- templates/workspace_services/health-services/terraform/.terraform.lock.hcl: Language not supported
Comments suppressed due to low confidence (1)
templates/workspace_services/health-services/terraform/providers.tf:11
- The
externalprovider is still declared here, but there are no remainingdata "external"or other uses of this provider in the health-services Terraform module (e.g.roles.tfno longer references it). To simplify the module and avoid downloading an unused provider, consider removing theexternalentry fromrequired_providers(and updating.terraform.lock.hclaccordingly).
external = {
source = "hashicorp/external"
version = "= 2.3.5"
}
tamirkamara
approved these changes
Feb 19, 2026
Member
Author
|
/test-force-approve workspace service, tested locally. |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit 573e289) (in response to this comment from @marrobi) |
Member
Author
|
/test-force-approve workspace service, tested locally. |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit 611e91e) (in response to this comment from @marrobi) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is being addressed
Fix Azure Health Data Services deployment failures due to outdated AzureRM provider and missing role assignments for workspace groups.
How is this addressed