From 1190b3ec3f8b07757f3b527e90962dcfe6c02d77 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 10 Oct 2023 15:21:11 +0100 Subject: [PATCH] :truck: Update child relationships of resources --- .../infrastructure/stacks/shm/data.py | 27 +++++++--- .../infrastructure/stacks/sre/data.py | 52 ++++++++++++++----- .../infrastructure/stacks/sre/dns_server.py | 2 +- 3 files changed, 62 insertions(+), 19 deletions(-) diff --git a/data_safe_haven/infrastructure/stacks/shm/data.py b/data_safe_haven/infrastructure/stacks/shm/data.py index 7ad0b7e89f..2ccc002744 100644 --- a/data_safe_haven/infrastructure/stacks/shm/data.py +++ b/data_safe_haven/infrastructure/stacks/shm/data.py @@ -129,7 +129,10 @@ def __init__( # Secret: Domain admin password password_domain_admin = pulumi_random.RandomPassword( - f"{self._name}_password_domain_admin", length=20, special=True + f"{self._name}_password_domain_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_domain_admin", @@ -139,13 +142,18 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-domain-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_domain_admin) + ), tags=child_tags, ) # Secret: Azure ADConnect password password_domain_azure_ad_connect = pulumi_random.RandomPassword( - f"{self._name}_password_domain_azure_ad_connect", length=20, special=True + f"{self._name}_password_domain_azure_ad_connect", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_domain_azure_ad_connect", @@ -155,13 +163,18 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-domain-azure-ad-connect", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_domain_azure_ad_connect) + ), tags=child_tags, ) # Secret: Linux update server admin password password_update_server_linux_admin = pulumi_random.RandomPassword( - f"{self._name}_password_update_server_linux_admin", length=20, special=True + f"{self._name}_password_update_server_linux_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_update_server_linux_admin", @@ -171,7 +184,9 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-update-server-linux-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_update_server_linux_admin) + ), tags=child_tags, ) diff --git a/data_safe_haven/infrastructure/stacks/sre/data.py b/data_safe_haven/infrastructure/stacks/sre/data.py index 6c7326342b..e1e5832462 100644 --- a/data_safe_haven/infrastructure/stacks/sre/data.py +++ b/data_safe_haven/infrastructure/stacks/sre/data.py @@ -240,7 +240,10 @@ def __init__( # Secret: database service admin password password_database_service_admin = pulumi_random.RandomPassword( - f"{self._name}_password_database_service_admin", length=20, special=True + f"{self._name}_password_database_service_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_database_service_admin", @@ -250,7 +253,9 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-database-service-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_database_service_admin) + ), tags=child_tags, ) @@ -269,7 +274,10 @@ def __init__( # Secret: Gitea database admin password password_gitea_database_admin = pulumi_random.RandomPassword( - f"{self._name}_password_gitea_database_admin", length=20, special=True + f"{self._name}_password_gitea_database_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_gitea_database_admin", @@ -279,13 +287,18 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-gitea-database-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_gitea_database_admin) + ), tags=child_tags, ) # Secret: Hedgedoc database admin password password_hedgedoc_database_admin = pulumi_random.RandomPassword( - f"{self._name}_password_hedgedoc_database_admin", length=20, special=True + f"{self._name}_password_hedgedoc_database_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_hedgedoc_database_admin", @@ -295,13 +308,18 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-hedgedoc-database-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_hedgedoc_database_admin) + ), tags=child_tags, ) # Secret: Nexus admin password password_nexus_admin = pulumi_random.RandomPassword( - f"{self._name}_password_nexus_admin", length=20, special=True + f"{self._name}_password_nexus_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_nexus_admin", @@ -309,13 +327,18 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-nexus-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_nexus_admin) + ), tags=child_tags, ) # Secret: Guacamole user database admin password password_user_database_admin = pulumi_random.RandomPassword( - f"{self._name}_password_user_database_admin", length=20, special=True + f"{self._name}_password_user_database_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) kvs_password_user_database_admin = keyvault.Secret( f"{self._name}_kvs_password_user_database_admin", @@ -325,13 +348,18 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-user-database-admin", vault_name=key_vault.name, - opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), + opts=ResourceOptions.merge( + child_opts, ResourceOptions(parent=password_user_database_admin) + ), tags=child_tags, ) # Secret: Workspace admin password password_workspace_admin = pulumi_random.RandomPassword( - f"{self._name}_password_workspace_admin", length=20, special=True + f"{self._name}_password_workspace_admin", + length=20, + special=True, + opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)), ) keyvault.Secret( f"{self._name}_kvs_password_workspace_admin", @@ -341,7 +369,7 @@ def __init__( resource_group_name=resource_group.name, secret_name="password-workspace-admin", vault_name=key_vault.name, - opts=ResourceOptions(parent=key_vault), + opts=ResourceOptions(parent=password_workspace_admin), tags=child_tags, ) diff --git a/data_safe_haven/infrastructure/stacks/sre/dns_server.py b/data_safe_haven/infrastructure/stacks/sre/dns_server.py index 133c8f5ce2..4d904be94d 100644 --- a/data_safe_haven/infrastructure/stacks/sre/dns_server.py +++ b/data_safe_haven/infrastructure/stacks/sre/dns_server.py @@ -68,7 +68,7 @@ def __init__( # Generate admin password password_admin = pulumi_random.RandomPassword( - f"{self._name}_password_admin", length=20, special=True + f"{self._name}_password_admin", length=20, special=True, opts=child_opts ) # Read AdGuardHome setup files