Skip to content

Commit

Permalink
⚰️ Remove remaining SRE dependencies on SHM domain controller resourc…
Browse files Browse the repository at this point in the history
…e outputs
  • Loading branch information
jemrobinson committed Apr 10, 2024
1 parent 829a867 commit 974378c
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 44 deletions.
15 changes: 0 additions & 15 deletions data_safe_haven/commands/deploy.py
Original file line number Diff line number Diff line change
Expand Up @@ -133,21 +133,6 @@ def sre(
)
stack.add_option("azure-native:tenantId", config.azure.tenant_id, replace=False)
# Load SHM stack outputs
stack.add_option(
"shm-domain_controllers-ldap_root_dn",
shm_stack.output("domain_controllers")["ldap_root_dn"],
replace=True,
)
stack.add_option(
"shm-domain_controllers-ldap_server_ip",
shm_stack.output("domain_controllers")["ldap_server_ip"],
replace=True,
)
stack.add_option(
"shm-domain_controllers-netbios_name",
shm_stack.output("domain_controllers")["netbios_name"],
replace=True,
)
stack.add_option(
"shm-firewall-private-ip-address",
shm_stack.output("firewall")["private_ip_address"],
Expand Down
3 changes: 0 additions & 3 deletions data_safe_haven/infrastructure/stacks/declarative_sre.py
Original file line number Diff line number Diff line change
Expand Up @@ -305,9 +305,6 @@ def run(self) -> None:
databases=self.cfg.sre(self.sre_name).databases,
dns_resource_group_name=dns.resource_group.name,
dns_server_ip=dns.ip_address,
domain_netbios_name=self.pulumi_opts.require(
"shm-domain_controllers-netbios_name"
),
gitea_database_password=data.password_gitea_database_admin,
hedgedoc_database_password=data.password_hedgedoc_database_admin,
ldap_server_ip=identity.ip_address,
Expand Down
4 changes: 1 addition & 3 deletions data_safe_haven/infrastructure/stacks/sre/hedgedoc_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ def __init__(
database_subnet_id: Input[str],
dns_resource_group_name: Input[str],
dns_server_ip: Input[str],
domain_netbios_name: Input[str],
ldap_server_ip: Input[str],
ldap_server_port: Input[int],
ldap_user_filter: Input[str],
Expand All @@ -53,7 +52,6 @@ def __init__(
)
self.dns_resource_group_name = dns_resource_group_name
self.dns_server_ip = dns_server_ip
self.domain_netbios_name = domain_netbios_name
self.ldap_server_ip = ldap_server_ip
self.ldap_server_port = Output.from_input(ldap_server_port).apply(str)
self.ldap_user_filter = ldap_user_filter
Expand Down Expand Up @@ -206,7 +204,7 @@ def __init__(
),
containerinstance.EnvironmentVariableArgs(
name="CMD_LDAP_PROVIDERNAME",
value=props.domain_netbios_name,
value="Data Safe Haven",
),
containerinstance.EnvironmentVariableArgs(
name="CMD_LDAP_SEARCHBASE",
Expand Down
3 changes: 0 additions & 3 deletions data_safe_haven/infrastructure/stacks/sre/user_services.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ def __init__(
databases: list[DatabaseSystem], # this must *not* be passed as an Input[T]
dns_resource_group_name: Input[str],
dns_server_ip: Input[str],
domain_netbios_name: Input[str],
gitea_database_password: Input[str],
hedgedoc_database_password: Input[str],
ldap_server_ip: Input[str],
Expand All @@ -50,7 +49,6 @@ def __init__(
self.databases = databases
self.dns_resource_group_name = dns_resource_group_name
self.dns_server_ip = dns_server_ip
self.domain_netbios_name = domain_netbios_name
self.gitea_database_password = gitea_database_password
self.hedgedoc_database_password = hedgedoc_database_password
self.ldap_server_ip = ldap_server_ip
Expand Down Expand Up @@ -143,7 +141,6 @@ def __init__(
database_subnet_id=props.subnet_containers_support_id,
dns_resource_group_name=props.dns_resource_group_name,
dns_server_ip=props.dns_server_ip,
domain_netbios_name=props.domain_netbios_name,
ldap_server_ip=props.ldap_server_ip,
ldap_server_port=props.ldap_server_port,
ldap_username_attribute=props.ldap_username_attribute,
Expand Down
31 changes: 11 additions & 20 deletions data_safe_haven/provisioning/sre_provisioning_manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,22 +49,15 @@ def __init__(

# Construct security group parameters
self.security_group_params = {
"dn_base": shm_stack.output("domain_controllers")["ldap_root_dn"],
"resource_group_name": shm_stack.output("domain_controllers")[
"resource_group_name"
"admin_security_group_name": sre_stack.output("ldap")[
"admin_security_group_name"
],
"privileged_user_security_group_name": sre_stack.output("ldap")[
"privileged_user_security_group_name"
],
"user_security_group_name": sre_stack.output("ldap")[
"user_security_group_name"
],
"security_group_names": {
"admin_security_group_name": sre_stack.output("ldap")[
"admin_security_group_name"
],
"privileged_user_security_group_name": sre_stack.output("ldap")[
"privileged_user_security_group_name"
],
"user_security_group_name": sre_stack.output("ldap")[
"user_security_group_name"
],
},
"vm_name": shm_stack.output("domain_controllers")["vm_name"],
}

# Construct VM parameters
Expand All @@ -91,7 +84,7 @@ def available_vm_skus(self) -> dict[str, dict[str, Any]]:

def create_security_groups(self) -> None:
"""Create groups in AzureAD"""
for group_name in self.security_group_params["security_group_names"].values():
for group_name in self.security_group_params.values():
self.graph_api.create_group(group_name)

def restart_remote_desktop_containers(self) -> None:
Expand Down Expand Up @@ -129,11 +122,9 @@ def update_remote_desktop_connections(self) -> None:
for vm_identifier, vm_details in self.workspaces.items()
],
"system_administrator_group_name": self.security_group_params[
"security_group_names"
]["admin_security_group_name"],
"user_group_name": self.security_group_params["security_group_names"][
"user_security_group_name"
"admin_security_group_name"
],
"user_group_name": self.security_group_params["user_security_group_name"],
}
for details in connection_data["connections"]:
self.logger.info(
Expand Down

0 comments on commit 974378c

Please sign in to comment.