From ec958a503b9add63b4edd3d20c33b08853fc00bd Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Mon, 2 Dec 2024 13:57:47 +0000 Subject: [PATCH 1/5] Update release checklist --- .github/ISSUE_TEMPLATE/release_checklist.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/release_checklist.md b/.github/ISSUE_TEMPLATE/release_checklist.md index 575f5c9c53..f4e887e797 100644 --- a/.github/ISSUE_TEMPLATE/release_checklist.md +++ b/.github/ISSUE_TEMPLATE/release_checklist.md @@ -25,11 +25,9 @@ Refer to the [Deployment](https://data-safe-haven.readthedocs.io/en/latest/deplo ### For minor releases and above - [ ] Deploy an SHM from this branch and save a transcript of the deployment logs -- Using the new image, deploy a tier 2 and a tier 3 SRE - - [ ] Save the transcript of your tier 2 SRE deployment - - [ ] Save the transcript of your tier 3 SRE deployment +- [ ] Deploy a tier 2 SRE from this branch and save the transcript of the deployment logs +- [ ] Deploy a tier 3 SRE from this branch and save the transcript of the deployment logs - [ ] Complete the [Security evaluation checklist](https://data-safe-haven.readthedocs.io/en/latest/deployment/security_checklist.html) from the deployment documentation -- [ ] Add the new versions tag as an active build on [Read The Docs](https://readthedocs.org) (You can add as a hidden build, before release, to preview) ### For major releases only From ce17321cd28d2c4157df03a9f2b4a9b7f3ec1b64 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Mon, 2 Dec 2024 14:06:38 +0000 Subject: [PATCH 2/5] Update SECURITY.md --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index c81368a94e..9aee903593 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,8 +7,8 @@ All organisations using an earlier version in production should update to the la | Version | Supported | | --------------------------------------------------------------------------------------- | ------------------ | -| [5.1.0](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v5.1.0) | :white_check_mark: | -| < 5.1.0 | :x: | +| [5.2.0](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v5.1.0) | :white_check_mark: | +| < 5.2.0 | :x: | ## Reporting a Vulnerability From 9c371ba29523926f8ac2c071e10ee12b3c572d90 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 28 Nov 2024 09:47:20 +0000 Subject: [PATCH 3/5] Correct T2/3 PyPI/CRAN proxy information --- docs/source/overview/sensitivity_tiers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/overview/sensitivity_tiers.md b/docs/source/overview/sensitivity_tiers.md index 4aef9a32fe..995be6ab87 100644 --- a/docs/source/overview/sensitivity_tiers.md +++ b/docs/source/overview/sensitivity_tiers.md @@ -49,7 +49,7 @@ Non-technical restrictions related to information governance procedures may also - connections to the in-browser remote desktop can only be made from an agreed set of IP addresses - outbound connections to the internet from inside the environment are not possible - copy-and-paste between the environment and the user's device is not possible -- access to all packages on PyPI and CRAN is made available through a proxy or mirror server +- access to all packages on PyPI and CRAN is made available through a proxy server Non-technical restrictions related to information governance procedures may also be applied according to your organisation's needs. @@ -63,7 +63,7 @@ At the Turing connections to Tier 2 environments are only permitted from **Organ **Tier 3** environments impose the following technical controls on top of what is required at {ref}`policy_tier_2`. -- a partial replica of agreed PyPI and CRAN packages is made available through a proxy or mirror server +- an agreed subset of PyPI and CRAN packages is made available through a proxy server Non-technical restrictions related to information governance procedures may also be applied according to your organisation's needs. From 97fe53a40cdd5b446941b16948b3f1de6b7dfbd1 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Tue, 3 Dec 2024 10:33:15 +0000 Subject: [PATCH 4/5] Add checklist template --- docs/source/conf.py | 5 +- docs/source/deployment/security_checklist.md | 2 + .../security_checklist_template.md | 163 ++++++++++++++++++ 3 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 docs/source/deployment/security_checklist/security_checklist_template.md diff --git a/docs/source/conf.py b/docs/source/conf.py index f262d36dc2..dcc77557e7 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -64,7 +64,10 @@ # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. # This pattern also affects html_static_path and html_extra_path. -exclude_patterns = ["**/*.partial.md"] +exclude_patterns = [ + "**/*.partial.md", + "deployment/security_checklist/security_checklist_template.md", +] # -- Options for HTML output ------------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for diff --git a/docs/source/deployment/security_checklist.md b/docs/source/deployment/security_checklist.md index 7c6036402a..2c4ca4a6ca 100644 --- a/docs/source/deployment/security_checklist.md +++ b/docs/source/deployment/security_checklist.md @@ -559,3 +559,5 @@ To minimise the risk of unauthorised access to the dataset while the ingress vol ``` ```` + +{download}`this file <./security_checklist/security_checklist_template.md>`. diff --git a/docs/source/deployment/security_checklist/security_checklist_template.md b/docs/source/deployment/security_checklist/security_checklist_template.md new file mode 100644 index 0000000000..ba762aa699 --- /dev/null +++ b/docs/source/deployment/security_checklist/security_checklist_template.md @@ -0,0 +1,163 @@ +# Security checklist + +Running on SHM/SREs deployed using commit XXXXXXX + +## Summary + +- :white_check_mark: N tests passed +- :partly_sunny: N tests partially passed (see below for more details) +- :fast_forward: N tests skipped (see below for more details) +- :x: N tests failed (see below for more details) + +## Details + +Some security checks were skipped since: + +- No managed device was available +- No access to a physical space with its own dedicated network was possible + +### Multifactor Authentication and Password strength + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the SRE standard user cannot access the apps + -
:camera: Verify before adding to group: Microsoft Remote Desktop: Login works but apps cannot be viewed + +
+ -
:camera: Verify before adding to group: Guacamole: User is prompted to setup MFA + +
+ +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that adding the **SRE standard user** to the SRE group on the domain controller does not give them access + -
:camera: Verify after adding to group: Microsoft Remote Desktop: Login works and apps can be viewed + +
+ -
:camera: Verify after adding to group: Microsoft Remote Desktop: attempt to login to DSVM Main (Desktop) fails + +
+ -
:camera: Verify before adding to group: Guacamole: User is prompted to setup MFA + +
+ +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the **SRE standard user** is able to successfully set up MFA + -
:camera: Verify: successfully set up MFA + +
+ +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the **SRE standard user** can authenticate with MFA + -
:camera: Verify: Guacamole: respond to the MFA prompt + 122043131-47bc8080-cddb-11eb-8578-e45ab3efaef0.png"> +
+ -
:camera: Verify: Microsoft Remote Desktop: attempt to log in to DSVM Main (Desktop) and respond to the MFA prompt + 122043131-47bc8080-cddb-11eb-8578-e45ab3efaef0.png"> +
+ +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the **SRE standard user** can access the DSVM desktop + -
:camera: Verify: Microsoft Remote Desktop: connect to DSVM Main (Desktop) + +
+ -
:camera: Verify: Guacamole: connect to Desktop: Ubuntu0 + +
+ +### Isolated Network + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Connect to the SHM DC and NPS if connected to the SHM VPN +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Fail to connect to the SHM DC and NPS if not connected to the SHM VPN +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Fail to connect to the internet from within a DSVM on the SRE network. + -
:camera: Verify: Connection fails + 122045859-8142bb00-cdde-11eb-920c-3a162a180647.png"> +
+ -
:camera: Verify: that you cannot access a website using curl + +
+ -
:camera: Verify: that you cannot get the IP address for a website using nslookup + +
+- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that users cannot connect between two SREs within the same SHM, even if they have access to both SREs + -
:camera: Verify: SSH connection fails + +
+- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Network rules are set appropriately to block outgoing traffic + -
:camera: Verify: access rules + +
+ +### User devices + +#### Tier 2: + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Connection succeeds from a personal device with an allow-listed IP address +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No managed device available to check connection + +#### Tier 3: + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No managed device available to check user lacks root access +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Connection succeeds from a personal device with an allow-listed IP address +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No managed device available to check connection with an allow-listed IP address + +#### Tiers 2+: + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Network rules permit access only from allow-listed IP addresses + -
:camera: Verify: access rules + +
+- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: All non-deployment NSGs have rules denying inbound connections from outside the Virtual Network + +### Physical security + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No secure physical space available so connection from outside was not tested +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No secure physical space available so connection from inside was not tested +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check the network IP ranges corresponding to the research spaces and compare against the IPs accepted by the firewall. +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No secure physical space available so confirmation of physical measures was not tested + +### Remote connections + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Unable to connect as a user to the remote desktop server via SSH + -
:camera: Verify: SSH connection by FQDN fails + +
+ -
:camera: Verify: SSH connection by public IP address fails + +
+- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: The remote desktop server is the only SRE resource with a public IP address + +### Copy-and-paste + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Unable to paste local text into a DSVM +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Unable to copy text from a DSVM +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Copy between VMs in an SRE succeeds + +### Data ingress + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** secure upload token successfully created with write-only permissions +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** token was sent using a secure, out-of-band communication channel (e.g. secure email) +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** uploading a file from an allow-listed IP address succeeds +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** downloading a file from an allow-listed IP address fails +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** uploading a file from an non-allowed IP address fails +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** connection during lifetime of short-duration token succeeds +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** connection after lifetime of short-duration token fails +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** uploading different file types succeeds + +### Storage volumes and egress + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can read and write to the `/output` volume +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can only read from the `/data` volume +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can read and write to their directory in `/home` +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can read and write to the `/shared` volume +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** can see the files ready for egress +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** can download egress-ready files + +### Package mirrors + +#### Tier 2: + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Can install any packages + -
:camera: Verify: botocore can be installed + +
+ +#### Tier 3: + +- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Can install only allow-listed packages + -
:camera: Verify: aero-calc can be installed; botocore cannot be installed + +
From 4409e5cd88ac7dcaf39098f41e9ccb9c31b9776f Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Tue, 3 Dec 2024 11:31:48 +0000 Subject: [PATCH 5/5] Update checklist template Co-authored-by: Matt Craddock <5796417+craddm@users.noreply.github.com> --- docs/source/deployment/security_checklist.md | 4 +- .../security_checklist_template.md | 232 ++++++++---------- 2 files changed, 106 insertions(+), 130 deletions(-) diff --git a/docs/source/deployment/security_checklist.md b/docs/source/deployment/security_checklist.md index 2c4ca4a6ca..b2f8308181 100644 --- a/docs/source/deployment/security_checklist.md +++ b/docs/source/deployment/security_checklist.md @@ -20,6 +20,8 @@ Work your way through the actions described in each section, taking care to noti - {{white_check_mark}} This indicates a checklist item for which a screenshot is either not appropriate or difficult ``` +You can use {download}`this template Markdown file <./security_checklist/security_checklist_template.md>` to complete the checklist. + ## Prerequisites ### Roles @@ -559,5 +561,3 @@ To minimise the risk of unauthorised access to the dataset while the ingress vol ``` ```` - -{download}`this file <./security_checklist/security_checklist_template.md>`. diff --git a/docs/source/deployment/security_checklist/security_checklist_template.md b/docs/source/deployment/security_checklist/security_checklist_template.md index ba762aa699..5c1a64a119 100644 --- a/docs/source/deployment/security_checklist/security_checklist_template.md +++ b/docs/source/deployment/security_checklist/security_checklist_template.md @@ -1,163 +1,139 @@ # Security checklist -Running on SHM/SREs deployed using commit XXXXXXX +Running on SHM/SREs deployed using commit ## Summary -- :white_check_mark: N tests passed -- :partly_sunny: N tests partially passed (see below for more details) -- :fast_forward: N tests skipped (see below for more details) -- :x: N tests failed (see below for more details) +- :white_check_mark: tests passed +- :partly_sunny: tests partially passed (see below for more details) +- :fast_forward: tests skipped (see below for more details) +- :x: tests failed (see below for more details) ## Details -Some security checks were skipped since: +Some security checks were skipped because: -- No managed device was available -- No access to a physical space with its own dedicated network was possible +- … +- … ### Multifactor Authentication and Password strength -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the SRE standard user cannot access the apps - -
:camera: Verify before adding to group: Microsoft Remote Desktop: Login works but apps cannot be viewed - -
- -
:camera: Verify before adding to group: Guacamole: User is prompted to setup MFA - -
- -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that adding the **SRE standard user** to the SRE group on the domain controller does not give them access - -
:camera: Verify after adding to group: Microsoft Remote Desktop: Login works and apps can be viewed - -
- -
:camera: Verify after adding to group: Microsoft Remote Desktop: attempt to login to DSVM Main (Desktop) fails - -
- -
:camera: Verify before adding to group: Guacamole: User is prompted to setup MFA - -
- -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the **SRE standard user** is able to successfully set up MFA - -
:camera: Verify: successfully set up MFA - -
- -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the **SRE standard user** can authenticate with MFA - -
:camera: Verify: Guacamole: respond to the MFA prompt - 122043131-47bc8080-cddb-11eb-8578-e45ab3efaef0.png"> -
- -
:camera: Verify: Microsoft Remote Desktop: attempt to log in to DSVM Main (Desktop) and respond to the MFA prompt - 122043131-47bc8080-cddb-11eb-8578-e45ab3efaef0.png"> -
- -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that the **SRE standard user** can access the DSVM desktop - -
:camera: Verify: Microsoft Remote Desktop: connect to DSVM Main (Desktop) - -
- -
:camera: Verify: Guacamole: connect to Desktop: Ubuntu0 - -
+- :white_check_mark: Check: Users can reset their own password +- Verify that: User can reset their own password + + +- :white_check_mark: Check: non-registered users cannot connect to any SRE workspace + - Verify that: User can authenticate but cannot see any workspaces + +- :white_check_mark: Check: registered users can see SRE workspaces + - Verify that: User can authenticate and can see workspaces + +- :white_check_mark: Check: Authenticated user can access workspaces + - Verify that: You can connect to any workspace + ### Isolated Network -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Connect to the SHM DC and NPS if connected to the SHM VPN -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Fail to connect to the SHM DC and NPS if not connected to the SHM VPN -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Fail to connect to the internet from within a DSVM on the SRE network. - -
:camera: Verify: Connection fails - 122045859-8142bb00-cdde-11eb-920c-3a162a180647.png"> -
- -
:camera: Verify: that you cannot access a website using curl - -
- -
:camera: Verify: that you cannot get the IP address for a website using nslookup - -
-- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check that users cannot connect between two SREs within the same SHM, even if they have access to both SREs - -
:camera: Verify: SSH connection fails - -
-- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Network rules are set appropriately to block outgoing traffic - -
:camera: Verify: access rules - -
+- :white_check_mark: Fail to connect to the internet from a workspace + - Verify that: Browsing to the service fails + + - Verify that: You cannot access the service using curl + + - Verify: You cannot get the IP address for the service using nslookup + ### User devices -#### Tier 2: +#### Tier 2 -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Connection succeeds from a personal device with an allow-listed IP address -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No managed device available to check connection +- Connect to the environment using an allowed IP address and credentials + - :white_check_mark: Verify that: Connection succeeds +- Connect to the environment from an IP address that is not allowed but with correct credentials + - :white_check_mark: Verify that: Connection fails -#### Tier 3: +#### Tier 3 -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No managed device available to check user lacks root access -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Connection succeeds from a personal device with an allow-listed IP address -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No managed device available to check connection with an allow-listed IP address +- All managed devices should be provided by a known IT team at an approved organisation. + - :fast_forward: Verify that: the IT team of the approved organisation take responsibility for managing the device. + - :fast_forward: Verify that: the user does not have administrator permissions on the device. + - :fast_forward: Verify that: allowed IP addresses are exclusive to managed devices. +- Connect to the environment using an allowed IP address and credentials + - :fast_forward: Verify that: Connection succeeds +- Connect to the environment from an IP address that is not allowed but with correct credentials + - :fast_forward: Verify that: Connection fails -#### Tiers 2+: +#### Tiers 2 and above -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Network rules permit access only from allow-listed IP addresses - -
:camera: Verify: access rules - -
-- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: All non-deployment NSGs have rules denying inbound connections from outside the Virtual Network +- :white_check_mark: Network rules permit access only from allow-listed IP addresses + - In the Azure portal navigate to the Guacamole application gateway NSG for this SRE shm--sre--nsg-application-gateway + - Verify that: the NSG has network rules allowing Inbound access from allowed IP addresses only + +- :white_check_mark: all other NSGs have an inbound Deny All rule and no higher priority rule allowing inbound connections from outside the Virtual Network ### Physical security -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No secure physical space available so connection from outside was not tested -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No secure physical space available so connection from inside was not tested -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Check the network IP ranges corresponding to the research spaces and compare against the IPs accepted by the firewall. -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: No secure physical space available so confirmation of physical measures was not tested +#### Tier 3 only + +- Attempt to connect to the Tier 3 SRE web client from home using a managed device and the correct VPN connection and credentials. + - :fast_forward: Verify that: connection fails. +- Attempt to connect from research office using a managed device and the correct VPN connection and credentials. + - :fast_forward: Verify that: connection succeeds + - :fast_forward: Verify that: the network IP ranges corresponding to the research spaces correspond to those allowed by storage account firewall + - :fast_forward: Verify that: physical measures such as screen adaptions or desk partitions are present if risk of visual eavesdropping is high ### Remote connections -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Unable to connect as a user to the remote desktop server via SSH - -
:camera: Verify: SSH connection by FQDN fails - -
- -
:camera: Verify: SSH connection by public IP address fails - -
-- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: The remote desktop server is the only SRE resource with a public IP address +- :white_check_mark: Unable to connect as a user to the remote desktop server via SSH + - Verify that: SSH login by fully-qualified domain name fails + + - Verify that: SSH login by public IP address fails + +- :white_check_mark: Verify that: the remote desktop web client application gateway (shm--sre--ag-entrypoint) and the firewall are the only SRE resources with public IP addresses. ### Copy-and-paste -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Unable to paste local text into a DSVM -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Unable to copy text from a DSVM -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Copy between VMs in an SRE succeeds +- Unable to paste text from a local device into a workspace + - :white_check_mark: Verify that: paste fails +- Unable to copy text from a workspace to a local device + - :white_check_mark: Verify that: paste fails ### Data ingress -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** secure upload token successfully created with write-only permissions -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** token was sent using a secure, out-of-band communication channel (e.g. secure email) -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** uploading a file from an allow-listed IP address succeeds -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** downloading a file from an allow-listed IP address fails -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** uploading a file from an non-allowed IP address fails -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** connection during lifetime of short-duration token succeeds -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** connection after lifetime of short-duration token fails -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **Data Provider:** uploading different file types succeeds - -### Storage volumes and egress - -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can read and write to the `/output` volume -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can only read from the `/data` volume -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can read and write to their directory in `/home` -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **SRE standard user** can read and write to the `/shared` volume -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** can see the files ready for egress -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: **System administrator:** can download egress-ready files - -### Package mirrors - -#### Tier 2: - -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Can install any packages - -
:camera: Verify: botocore can be installed - -
- -#### Tier 3: - -- :white_check_mark:/:partly_sunny:/:fast_forward:/:x: Can install only allow-listed packages - -
:camera: Verify: aero-calc can be installed; botocore cannot be installed - -
+- Check that the **System Manager** can send an upload token to the **Dataset Provider Representative** + - :white_check_mark: Verify that: the upload token is successfully created. + - :white_check_mark: Verify that: you are able to send this token using a secure mechanism. +- Ensure that data ingress works only for connections from the accepted IP address range + - :white_check_mark: Verify that: writing succeeds by uploading a file + - :white_check_mark: Verify that: attempting to open or download any of the files results in the following error: "Failed to start transfer: Insufficient credentials" under the Activities pane at the bottom of the MS Azure Storage Explorer window. + - :white_check_mark: Verify that: the access token fails when using a device with a non-allowed IP address +- Check that the upload fails if the token has expired + - :white_check_mark: Verify that: you can connect and write with the token during the duration + - :white_check_mark: Verify that: you cannot connect and write with the token after the duration has expired + - :white_check_mark: Verify that:the data ingress process works by uploading different kinds of files, e.g. data, images, scripts (if appropriate) + +### Data egress + +- Confirm that a non-privileged user is able to read the different storage volumes and write to output + - :white_check_mark: Verify that: the `/mnt/output` volume exists and can be written to + - :white_check_mark: Verify that: the permissions of other storage volumes match that described in the user guide +- Confirm that System Manager can see and download files from output + - :white_check_mark: Verify that: you can see the files written to the `/mnt/output` storage volume. + - :white_check_mark: Verify that: a written file can be taken out of the environment via download + +### Software package repositories + +#### Tier 2 + +- :white_check_mark: Can install any packages + - Verify that: pytz can be installed + + - Verify that: awscli can be installed + + +#### Tier 3 + +- :white_check_mark: Can install only allow-listed packages + - Verify: pytz can be installed + + - Verify: awscli cannot be installed +