Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove SHM DC #1805

Merged
9 changes: 1 addition & 8 deletions data_safe_haven/commands/deploy.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
from data_safe_haven.exceptions import DataSafeHavenError
from data_safe_haven.external import GraphApi
from data_safe_haven.infrastructure import SHMStackManager, SREStackManager
from data_safe_haven.provisioning import SHMProvisioningManager, SREProvisioningManager
from data_safe_haven.provisioning import SREProvisioningManager
from data_safe_haven.utility import LoggingSingleton

deploy_command_group = typer.Typer()
Expand Down Expand Up @@ -73,13 +73,6 @@ def shm(
config.shm.fqdn,
stack.output("networking")["fqdn_nameservers"],
)

# Provision SHM with anything that could not be done in Pulumi
manager = SHMProvisioningManager(
subscription_name=config.context.subscription_name,
stack=stack,
)
manager.run()
except DataSafeHavenError as exc:
msg = f"Could not deploy Data Safe Haven Management environment.\n{exc}"
raise DataSafeHavenError(msg) from exc
Expand Down
44 changes: 0 additions & 44 deletions data_safe_haven/infrastructure/stacks/declarative_shm.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,7 @@

from data_safe_haven.config import Config

from .shm.bastion import SHMBastionComponent, SHMBastionProps
from .shm.data import SHMDataComponent, SHMDataProps
from .shm.domain_controllers import (
SHMDomainControllersComponent,
SHMDomainControllersProps,
)
from .shm.firewall import SHMFirewallComponent, SHMFirewallProps
from .shm.monitoring import SHMMonitoringComponent, SHMMonitoringProps
from .shm.networking import SHMNetworkingComponent, SHMNetworkingProps
Expand Down Expand Up @@ -49,30 +44,16 @@ def run(self) -> None:
"shm_firewall",
self.stack_name,
SHMFirewallProps(
domain_controller_private_ip=networking.domain_controller_private_ip,
dns_zone=networking.dns_zone,
location=self.cfg.azure.location,
resource_group_name=networking.resource_group_name,
route_table_name=networking.route_table.name,
subnet_firewall=networking.subnet_firewall,
subnet_identity_servers=networking.subnet_identity_servers,
subnet_update_servers=networking.subnet_update_servers,
),
tags=self.cfg.tags.model_dump(),
)

# Deploy firewall and routing
SHMBastionComponent(
"shm_bastion",
self.stack_name,
SHMBastionProps(
location=self.cfg.azure.location,
resource_group_name=networking.resource_group_name,
subnet=networking.subnet_bastion,
),
tags=self.cfg.tags.model_dump(),
)

# Deploy data storage
data = SHMDataComponent(
"shm_data",
Expand Down Expand Up @@ -116,32 +97,7 @@ def run(self) -> None:
tags=self.cfg.tags.model_dump(),
)

# Deploy domain controllers
domain_controllers = SHMDomainControllersComponent(
"shm_domain_controllers",
self.stack_name,
SHMDomainControllersProps(
automation_account=monitoring.automation_account,
automation_account_modules=monitoring.automation_account_modules,
automation_account_private_dns=monitoring.automation_account_private_dns,
domain_fqdn=networking.dns_zone.name,
domain_netbios_name=self.shm_name.upper(),
location=self.cfg.azure.location,
log_analytics_workspace=monitoring.log_analytics_workspace,
password_domain_admin=data.password_domain_admin,
password_domain_azuread_connect=data.password_domain_azure_ad_connect,
password_domain_searcher=data.password_domain_searcher,
private_ip_address=networking.domain_controller_private_ip,
subnet_identity_servers=networking.subnet_identity_servers,
subscription_name=self.cfg.context.subscription_name,
virtual_network_name=networking.virtual_network.name,
virtual_network_resource_group_name=networking.resource_group_name,
),
tags=self.cfg.tags.model_dump(),
)

# Export values for later use
pulumi.export("domain_controllers", domain_controllers.exports)
pulumi.export("firewall", firewall.exports)
pulumi.export("monitoring", monitoring.exports)
pulumi.export("networking", networking.exports)
Expand Down
70 changes: 0 additions & 70 deletions data_safe_haven/infrastructure/stacks/shm/bastion.py

This file was deleted.

46 changes: 0 additions & 46 deletions data_safe_haven/infrastructure/stacks/shm/data.py
Original file line number Diff line number Diff line change
Expand Up @@ -124,48 +124,6 @@ def __init__(
tags=child_tags,
)

# Secret: Domain admin password
password_domain_admin = pulumi_random.RandomPassword(
f"{self._name}_password_domain_admin",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_domain_admin",
properties=keyvault.SecretPropertiesArgs(
value=password_domain_admin.result
),
resource_group_name=resource_group.name,
secret_name="password-domain-admin",
vault_name=key_vault.name,
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_domain_admin)
),
tags=child_tags,
)

# Secret: Azure ADConnect password
password_domain_azure_ad_connect = pulumi_random.RandomPassword(
f"{self._name}_password_domain_azure_ad_connect",
length=20,
special=True,
opts=ResourceOptions.merge(child_opts, ResourceOptions(parent=key_vault)),
)
keyvault.Secret(
f"{self._name}_kvs_password_domain_azure_ad_connect",
properties=keyvault.SecretPropertiesArgs(
value=password_domain_azure_ad_connect.result
),
resource_group_name=resource_group.name,
secret_name="password-domain-azure-ad-connect",
vault_name=key_vault.name,
opts=ResourceOptions.merge(
child_opts, ResourceOptions(parent=password_domain_azure_ad_connect)
),
tags=child_tags,
)

# Secret: Linux update server admin password
password_update_server_linux_admin = pulumi_random.RandomPassword(
f"{self._name}_password_update_server_linux_admin",
Expand Down Expand Up @@ -243,10 +201,6 @@ def __init__(
)

# Register outputs
self.password_domain_admin = Output.secret(password_domain_admin.result)
self.password_domain_azure_ad_connect = Output.secret(
password_domain_azure_ad_connect.result
)
self.password_update_server_linux_admin = Output.secret(
password_update_server_linux_admin.result
)
Expand Down
167 changes: 0 additions & 167 deletions data_safe_haven/infrastructure/stacks/shm/domain_controllers.py

This file was deleted.

Loading