From 678f420115460b0eb607f293444b744275950afe Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 16 Apr 2024 13:04:10 +0100 Subject: [PATCH] :coffin: Do not expose Guacamole container private IP address as traffic can be routed to any available IP by the ApplicationGateway backend pool --- data_safe_haven/infrastructure/stacks/sre/remote_desktop.py | 3 --- data_safe_haven/provisioning/sre_provisioning_manager.py | 4 +--- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/data_safe_haven/infrastructure/stacks/sre/remote_desktop.py b/data_safe_haven/infrastructure/stacks/sre/remote_desktop.py index 3d7cd87b0e..342e94ab9b 100644 --- a/data_safe_haven/infrastructure/stacks/sre/remote_desktop.py +++ b/data_safe_haven/infrastructure/stacks/sre/remote_desktop.py @@ -421,9 +421,6 @@ def __init__( "connection_db_name": db_guacamole_connections, "connection_db_server_name": db_server_guacamole.db_server.name, "container_group_name": container_group.name, - "container_ip_address": get_ip_address_from_container_group( - container_group - ), "disable_copy": props.disable_copy, "disable_paste": props.disable_paste, "resource_group_name": resource_group.name, diff --git a/data_safe_haven/provisioning/sre_provisioning_manager.py b/data_safe_haven/provisioning/sre_provisioning_manager.py index 68884808fa..63655458df 100644 --- a/data_safe_haven/provisioning/sre_provisioning_manager.py +++ b/data_safe_haven/provisioning/sre_provisioning_manager.py @@ -84,9 +84,7 @@ def restart_remote_desktop_containers(self) -> None: self.remote_desktop_params["resource_group_name"], self.subscription_name, ) - guacamole_provisioner.restart( - self.remote_desktop_params["container_ip_address"] - ) + guacamole_provisioner.restart() def update_remote_desktop_connections(self) -> None: """Update connection information on the Guacamole PostgreSQL server"""