Routing approved airlock data to shared storage automatically

[yahya130]

Is your feature request related to a problem? Please describe.
Whenever data arrives into approved workspace storage via airlock there is a use case for moving it to shared workspace storage (which is file share). The reason for this is to make the data available to VMs/desktops (via mounted file share) which can be deployed to a workspace and avoids the need to manually use Azure CLI commands per VM to access the data. Note that VMs are one use case there can be other services which can consume the file share.

Describe the solution you'd like
The ideal solution would be to automatically move the approved airlock data on arrival to shared workspace storage. The service which takes care of the automation can be a workspace service or deployed as part of a base workspace, this is open for discussion.

Describe alternatives you've considered
No alternatives considered.

[marrobi]

@yahya130 I think it would be useful for "destination" to be an option when creating an import request. It could later enable this - #1307 ?

Option could be "Private workspace storage", "Shared workspace storage", "Another Workspace", but focus on the first two for now?

Stored in a request_data field as described here - #3609 (comment) ?

WDYT?

[marrobi]

AzureTRE/airlock_processor/StatusChangedQueueTrigger/__init__.py

Lines 154 to 155 in 8153f8e

	def get_storage_account_destination_for_copy(new_status: str, request_type: str, short_workspace_id: str) -> str:
	tre_id = _get_tre_id()

This function would need to set the storage account based on the request_data.destination field?

[TonyWildish-BH]

Option could be "Private workspace storage", "Shared workspace storage", "Another Workspace", but focus on the first two for now?

not "Another Workspace", that would violate containment, which is what the TRE exists to provide. If they want the data in another workspace, they should make the import request from there.

[marrobi]

We can make it configurable. We have scenarios where a organisation has multiple workspaces and they want to transfer data, with approvals - this if for export (if you think about an import already has a destination workspace - it's whichever you create the request from) - lets keep this issue to routing to shared storage, please comment here if have thoughts - #1307

[yahya130]

@marrobi Yes sorry, I forget to mention that part, where we need a mechanism where a user can tag the request which will determine where the routing service will move the data to. request data as mentioned in that comment looks good. Just to add further, that moving to shared storage is just one example, there can be more complex scenarios where we are routing data into 3rd party systems via their APIs which we have done. But if we're only specifically looking at moving it to shared storage that is fine and shouldn't be too difficult to implement as shown by your code snippet there. In terms of exporting to another workspace I think as you say it's worth it's own separate issue and mechanism.

[marrobi]

@yahya130 thanks, I'll assign it to you then.