Merge pull request #1930 from jemrobinson/1902-remove-sre-index

Remove SRE index
alan-turing-institute · Jun 12, 2024 · 5e9593e · 5e9593e
2 parents 99b6148 + f02895c
commit 5e9593e
Show file tree

Hide file tree

Showing 11 changed files with 204 additions and 325 deletions.
diff --git a/data_safe_haven/config/config.py b/data_safe_haven/config/config.py
@@ -7,10 +7,8 @@
 from pydantic import (
     BaseModel,
     Field,
-    field_validator,
 )
 
-from data_safe_haven import validators
 from data_safe_haven.exceptions import DataSafeHavenConfigError
 from data_safe_haven.serialisers import AzureSerialisableModel
 from data_safe_haven.types import (
@@ -124,7 +122,6 @@ class ConfigSectionSRE(BaseModel, validate_assignment=True):
     data_provider_ip_addresses: list[IpAddress] = Field(
         ..., default_factory=list[IpAddress]
     )
-    index: int = Field(..., ge=1, le=256)
     remote_desktop: ConfigSubsectionRemoteDesktopOpts = Field(
         ..., default_factory=ConfigSubsectionRemoteDesktopOpts
     )
@@ -194,15 +191,6 @@ class Config(AzureSerialisableModel):
         ..., default_factory=dict[str, ConfigSectionSRE]
     )
 
-    @field_validator("sres")
-    @classmethod
-    def all_sre_indices_must_be_unique(
-        cls, v: dict[str, ConfigSectionSRE]
-    ) -> dict[str, ConfigSectionSRE]:
-        indices = [s.index for s in v.values()]
-        validators.unique_list(indices)
-        return v
-
     @property
     def sre_names(self) -> list[str]:
         """Names of all SREs"""
@@ -247,7 +235,6 @@ def template(cls) -> Config:
                 "example": ConfigSectionSRE.model_construct(
                     databases=["List of database systems to enable"],
                     data_provider_ip_addresses=["Data provider IP addresses"],
-                    index="Unique index integer for this SRE",
                     remote_desktop=ConfigSubsectionRemoteDesktopOpts.model_construct(
                         allow_copy="Whether to allow copying text out of the environment",
                         allow_paste="Whether to allow pasting text into the environment",

diff --git a/data_safe_haven/external/interface/azure_ipv4_range.py b/data_safe_haven/external/interface/azure_ipv4_range.py
@@ -30,6 +30,10 @@ def from_cidr(cls, ip_cidr: str) -> "AzureIPv4Range":
         network = ipaddress.IPv4Network(ip_cidr)
         return cls(network[0], network[-1])
 
+    @property
+    def prefix(self) -> str:
+        return str(self)
+
     def all_ips(self) -> list[ipaddress.IPv4Address]:
         """All IP addresses in the range"""
         return list(self.hosts())

diff --git a/data_safe_haven/infrastructure/common/ip_ranges.py b/data_safe_haven/infrastructure/common/ip_ranges.py
@@ -1,40 +1,34 @@
 """Calculate SRE IP address ranges for a given SRE index"""
 
-from data_safe_haven.exceptions import DataSafeHavenParameterError
+from dataclasses import dataclass
+
 from data_safe_haven.external import AzureIPv4Range
 
 
+@dataclass(frozen=True)
 class SREIpRanges:
     """Calculate SRE IP address ranges for a given SRE index"""
 
-    max_index = 256
-
-    def __init__(self, index: int) -> None:
-        """Constructor"""
-        if index < 1 or index > self.max_index:
-            msg = f"Index '{index}' must be between 1 and {self.max_index}"
-            raise DataSafeHavenParameterError(msg)
-        self.vnet = AzureIPv4Range(f"10.{index}.0.0", f"10.{index}.255.255")
-        self.application_gateway = self.vnet.next_subnet(256)
-        self.apt_proxy_server = self.vnet.next_subnet(8)
-        self.data_configuration = self.vnet.next_subnet(8)
-        self.data_private = self.vnet.next_subnet(8)
-        self.firewall = self.vnet.next_subnet(64)  # 64 address minimum
-        self.firewall_management = self.vnet.next_subnet(64)  # 64 address minimum
-        self.guacamole_containers = self.vnet.next_subnet(8)
-        self.guacamole_containers_support = self.vnet.next_subnet(8)
-        self.identity_containers = self.vnet.next_subnet(8)
-        self.monitoring = self.vnet.next_subnet(32)
-        self.user_services_containers = self.vnet.next_subnet(8)
-        self.user_services_containers_support = self.vnet.next_subnet(8)
-        self.user_services_databases = self.vnet.next_subnet(8)
-        self.user_services_software_repositories = self.vnet.next_subnet(8)
-        self.workspaces = self.vnet.next_subnet(256)
-
-
+    vnet = AzureIPv4Range("10.0.0.0", "10.0.255.255")
+    application_gateway = vnet.next_subnet(256)
+    apt_proxy_server = vnet.next_subnet(8)
+    data_configuration = vnet.next_subnet(8)
+    data_private = vnet.next_subnet(8)
+    firewall = vnet.next_subnet(64)  # 64 address minimum
+    firewall_management = vnet.next_subnet(64)  # 64 address minimum
+    guacamole_containers = vnet.next_subnet(8)
+    guacamole_containers_support = vnet.next_subnet(8)
+    identity_containers = vnet.next_subnet(8)
+    monitoring = vnet.next_subnet(32)
+    user_services_containers = vnet.next_subnet(8)
+    user_services_containers_support = vnet.next_subnet(8)
+    user_services_databases = vnet.next_subnet(8)
+    user_services_software_repositories = vnet.next_subnet(8)
+    workspaces = vnet.next_subnet(256)
+
+
+@dataclass(frozen=True)
 class SREDnsIpRanges:
     """Calculate SRE DNS IP address ranges."""
 
-    def __init__(self) -> None:
-        """Constructor"""
-        self.vnet = AzureIPv4Range("192.168.0.0", "192.168.0.7")
+    vnet = AzureIPv4Range("192.168.0.0", "192.168.0.7")
diff --git a/data_safe_haven/infrastructure/programs/declarative_sre.py b/data_safe_haven/infrastructure/programs/declarative_sre.py
@@ -133,7 +133,6 @@ def __call__(self) -> None:
                 shm_networking_resource_group_name=self.pulumi_opts.require(
                     "shm-networking-resource_group_name"
                 ),
-                sre_index=self.cfg.sre(self.sre_name).index,
             ),
             tags=self.tags,
         )
@@ -153,7 +152,6 @@ def __call__(self) -> None:
                     "shm-networking-resource_group_name"
                 ),
                 shm_zone_name=self.cfg.shm.fqdn,
-                sre_index=self.cfg.sre(self.sre_name).index,
                 sre_name=self.sre_name,
                 user_public_ip_ranges=self.cfg.sre(
                     self.sre_name

diff --git a/data_safe_haven/infrastructure/programs/sre/dns_server.py b/data_safe_haven/infrastructure/programs/sre/dns_server.py
@@ -30,15 +30,11 @@ def __init__(
         location: Input[str],
         shm_fqdn: Input[str],
         shm_networking_resource_group_name: Input[str],
-        sre_index: Input[int],
     ) -> None:
-        subnet_ranges = Output.from_input(sre_index).apply(lambda idx: SREIpRanges(idx))
         self.admin_username = "dshadmin"
-        self.ip_range_prefix = str(SREDnsIpRanges().vnet)
         self.location = location
         self.shm_fqdn = shm_fqdn
         self.shm_networking_resource_group_name = shm_networking_resource_group_name
-        self.sre_vnet_prefix = subnet_ranges.apply(lambda r: str(r.vnet))
 
 
 class SREDnsServerComponent(ComponentResource):
@@ -110,13 +106,13 @@ def __init__(
                 network.SecurityRuleArgs(
                     access=network.SecurityRuleAccess.ALLOW,
                     description="Allow inbound connections from attached.",
-                    destination_address_prefix=props.ip_range_prefix,
+                    destination_address_prefix=SREDnsIpRanges.vnet.prefix,
                     destination_port_ranges=[Ports.DNS],
                     direction=network.SecurityRuleDirection.INBOUND,
                     name="AllowSREInbound",
                     priority=NetworkingPriorities.INTERNAL_SRE_ANY,
                     protocol=network.SecurityRuleProtocol.ASTERISK,
-                    source_address_prefix=props.sre_vnet_prefix,
+                    source_address_prefix=SREIpRanges.vnet.prefix,
                     source_port_range="*",
                 ),
                 network.SecurityRuleArgs(
@@ -141,7 +137,7 @@ def __init__(
                     name="AllowDnsInternetOutbound",
                     priority=NetworkingPriorities.EXTERNAL_INTERNET,
                     protocol=network.SecurityRuleProtocol.ASTERISK,
-                    source_address_prefix=props.ip_range_prefix,
+                    source_address_prefix=SREDnsIpRanges.vnet.prefix,
                     source_port_range="*",
                 ),
                 network.SecurityRuleArgs(
@@ -166,13 +162,13 @@ def __init__(
         virtual_network = network.VirtualNetwork(
             f"{self._name}_virtual_network",
             address_space=network.AddressSpaceArgs(
-                address_prefixes=[props.ip_range_prefix],
+                address_prefixes=[SREDnsIpRanges.vnet.prefix],
             ),
             resource_group_name=resource_group.name,
             subnets=[  # Note that we define subnets inline to avoid creation order issues
                 # DNS subnet
                 network.SubnetArgs(
-                    address_prefix=props.ip_range_prefix,
+                    address_prefix=SREDnsIpRanges.vnet.prefix,
                     delegations=[
                         network.DelegationArgs(
                             name="SubnetDelegationContainerGroups",