Skip to content

Commit

Permalink
🚚 Update child relationships of resources
Browse files Browse the repository at this point in the history
  • Loading branch information
@jemrobinson
jemrobinson committed Oct 10, 2023
1 parent fd15158 commit 1190b3e
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 19 deletions.
27 changes: 21 additions & 6 deletions data_safe_haven/infrastructure/stacks/shm/data.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,10 @@ def __init__(

# Secret: Domain admin password
password_domain_admin = pulumi_random.RandomPassword(
f"{self._name}_password_domain_admin", length=20, special=True
f"{self._name}_password_domain_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_domain_admin",
Expand All @@ -139,13 +142,18 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-domain-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_domain_admin)
),
tags=child_tags,
)

# Secret: Azure ADConnect password
password_domain_azure_ad_connect = pulumi_random.RandomPassword(
f"{self._name}_password_domain_azure_ad_connect", length=20, special=True
f"{self._name}_password_domain_azure_ad_connect",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_domain_azure_ad_connect",
Expand All @@ -155,13 +163,18 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-domain-azure-ad-connect",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_domain_azure_ad_connect)
),
tags=child_tags,
)

# Secret: Linux update server admin password
password_update_server_linux_admin = pulumi_random.RandomPassword(
f"{self._name}_password_update_server_linux_admin", length=20, special=True
f"{self._name}_password_update_server_linux_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_update_server_linux_admin",
Expand All @@ -171,7 +184,9 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-update-server-linux-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_update_server_linux_admin)
),
tags=child_tags,
)

Expand Down
52 changes: 40 additions & 12 deletions data_safe_haven/infrastructure/stacks/sre/data.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,10 @@ def __init__(

# Secret: database service admin password
password_database_service_admin = pulumi_random.RandomPassword(
f"{self._name}_password_database_service_admin", length=20, special=True
f"{self._name}_password_database_service_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_database_service_admin",
Expand All @@ -250,7 +253,9 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-database-service-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_database_service_admin)
),
tags=child_tags,
)

Expand All @@ -269,7 +274,10 @@ def __init__(

# Secret: Gitea database admin password
password_gitea_database_admin = pulumi_random.RandomPassword(
f"{self._name}_password_gitea_database_admin", length=20, special=True
f"{self._name}_password_gitea_database_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_gitea_database_admin",
Expand All @@ -279,13 +287,18 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-gitea-database-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_gitea_database_admin)
),
tags=child_tags,
)

# Secret: Hedgedoc database admin password
password_hedgedoc_database_admin = pulumi_random.RandomPassword(
f"{self._name}_password_hedgedoc_database_admin", length=20, special=True
f"{self._name}_password_hedgedoc_database_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_hedgedoc_database_admin",
Expand All @@ -295,27 +308,37 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-hedgedoc-database-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_hedgedoc_database_admin)
),
tags=child_tags,
)

# Secret: Nexus admin password
password_nexus_admin = pulumi_random.RandomPassword(
f"{self._name}_password_nexus_admin", length=20, special=True
f"{self._name}_password_nexus_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_nexus_admin",
properties=keyvault.SecretPropertiesArgs(value=password_nexus_admin.result),
resource_group_name=resource_group.name,
secret_name="password-nexus-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_nexus_admin)
),
tags=child_tags,
)

# Secret: Guacamole user database admin password
password_user_database_admin = pulumi_random.RandomPassword(
f"{self._name}_password_user_database_admin", length=20, special=True
f"{self._name}_password_user_database_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
kvs_password_user_database_admin = keyvault.Secret(
f"{self._name}_kvs_password_user_database_admin",
Expand All @@ -325,13 +348,18 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-user-database-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_user_database_admin)
),
tags=child_tags,
)

# Secret: Workspace admin password
password_workspace_admin = pulumi_random.RandomPassword(
f"{self._name}_password_workspace_admin", length=20, special=True
f"{self._name}_password_workspace_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_workspace_admin",
Expand All @@ -341,7 +369,7 @@ def __init__(
resource_group_name=resource_group.name,
secret_name="password-workspace-admin",
vault_name=key_vault.name,
opts=ResourceOptions(parent=key_vault),
opts=ResourceOptions(parent=password_workspace_admin),
tags=child_tags,
)

Expand Down
2 changes: 1 addition & 1 deletion data_safe_haven/infrastructure/stacks/sre/dns_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def __init__(

# Generate admin password
password_admin = pulumi_random.RandomPassword(
f"{self._name}_password_admin", length=20, special=True
f"{self._name}_password_admin", length=20, special=True, opts=child_opts
)

# Read AdGuardHome setup files
Expand Down

0 comments on commit 1190b3e

Please sign in to comment.