Skip to content

Commit 058ef41

Browse files
authored
Merge pull request #2143 from jemrobinson/tier-defaults
Add --tier option to provide default settings
2 parents f43521c + 92f4e34 commit 058ef41

File tree

3 files changed

+54
-11
lines changed

3 files changed

+54
-11
lines changed

data_safe_haven/commands/config.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -148,10 +148,14 @@ def template(
148148
file: Annotated[
149149
Optional[Path], # noqa: UP007
150150
typer.Option(help="File path to write configuration template to."),
151-
] = None
151+
] = None,
152+
tier: Annotated[
153+
Optional[int], # noqa: UP007
154+
typer.Option(help="Which security tier to base this template on."),
155+
] = None,
152156
) -> None:
153157
"""Write a template Data Safe Haven SRE configuration."""
154-
sre_config = SREConfig.template()
158+
sre_config = SREConfig.template(tier)
155159
# The template uses explanatory strings in place of the expected types.
156160
# Serialisation warnings are therefore suppressed to avoid misleading the users into
157161
# thinking there is a problem and contaminating the output.

data_safe_haven/config/sre_config.py

Lines changed: 33 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
from data_safe_haven.functions import json_safe
88
from data_safe_haven.serialisers import AzureSerialisableModel, ContextBase
9-
from data_safe_haven.types import SafeString
9+
from data_safe_haven.types import SafeString, SoftwarePackageCategory
1010

1111
from .config_sections import (
1212
ConfigSectionAzure,
@@ -44,8 +44,34 @@ def from_remote_by_name(
4444
return cls.from_remote(context, filename=sre_config_name(sre_name))
4545

4646
@classmethod
47-
def template(cls: type[Self]) -> SREConfig:
47+
def template(cls: type[Self], tier: int | None = None) -> SREConfig:
4848
"""Create SREConfig without validation to allow "replace me" prompts."""
49+
# Set tier-dependent defaults
50+
if tier == 0:
51+
remote_desktop_allow_copy = True
52+
remote_desktop_allow_paste = True
53+
software_packages = SoftwarePackageCategory.ANY
54+
elif tier == 1:
55+
remote_desktop_allow_copy = True
56+
remote_desktop_allow_paste = True
57+
software_packages = SoftwarePackageCategory.ANY
58+
elif tier == 2: # noqa: PLR2004
59+
remote_desktop_allow_copy = False
60+
remote_desktop_allow_paste = False
61+
software_packages = SoftwarePackageCategory.ANY
62+
elif tier == 3: # noqa: PLR2004
63+
remote_desktop_allow_copy = False
64+
remote_desktop_allow_paste = False
65+
software_packages = SoftwarePackageCategory.PRE_APPROVED
66+
elif tier == 4: # noqa: PLR2004
67+
remote_desktop_allow_copy = False
68+
remote_desktop_allow_paste = False
69+
software_packages = SoftwarePackageCategory.NONE
70+
else:
71+
remote_desktop_allow_copy = "True/False: whether to allow copying text out of the environment." # type: ignore
72+
remote_desktop_allow_paste = "True/False: whether to allow pasting text into the environment." # type: ignore
73+
software_packages = "Which Python/R packages to allow users to install: [any/pre-approved/none]" # type: ignore
74+
4975
return SREConfig.model_construct(
5076
azure=ConfigSectionAzure.model_construct(
5177
location="Azure location where SRE resources will be deployed.",
@@ -66,14 +92,14 @@ def template(cls: type[Self]) -> SREConfig:
6692
"List of IP addresses belonging to data providers"
6793
],
6894
remote_desktop=ConfigSubsectionRemoteDesktopOpts.model_construct(
69-
allow_copy="True/False: whether to allow copying text out of the environment.", # type:ignore
70-
allow_paste="True/False: whether to allow pasting text into the environment.", # type:ignore
95+
allow_copy=remote_desktop_allow_copy,
96+
allow_paste=remote_desktop_allow_paste,
7197
),
7298
research_user_ip_addresses=["List of IP addresses belonging to users"],
73-
software_packages="Which Python/R packages to allow users to install: [any/pre-approved/none]", # type:ignore
99+
software_packages=software_packages,
74100
storage_quota_gb=ConfigSubsectionStorageQuotaGB.model_construct(
75-
home="Total size in GiB across all home directories [minimum: 100].", # type:ignore
76-
shared="Total size in GiB for the shared directories [minimum: 100].", # type:ignore
101+
home="Total size in GiB across all home directories [minimum: 100].", # type: ignore
102+
shared="Total size in GiB for the shared directories [minimum: 100].", # type: ignore
77103
),
78104
timezone="Timezone in pytz format (eg. Europe/London)",
79105
workspace_skus=[

docs/source/deployment/deploy_sre.md

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ $ hatch shell
1717
This ensures that you are using the intended version of Data Safe Haven with the correct set of dependencies.
1818
::::
1919

20-
::::{important}
20+
::::{note}
2121
As the Basic Application Gateway is still in preview, you will need to run the following commands once per subscription:
2222

2323
:::{code} shell
@@ -33,11 +33,24 @@ $ az provider register --name Microsoft.Network
3333

3434
Each project will have its own dedicated SRE.
3535

36-
- Create a configuration file
36+
- Create a configuration file (optionally starting from one of our standard {ref}`policy_classification_sensitivity_tiers`)
37+
38+
::::{admonition} EITHER start from a blank template
39+
:class: dropdown note
3740

3841
:::{code} shell
3942
$ dsh config template --file PATH_YOU_WANT_TO_SAVE_YOUR_YAML_FILE_TO
4043
:::
44+
::::
45+
46+
::::{admonition} OR start from a predefined tier
47+
:class: dropdown note
48+
49+
:::{code} shell
50+
$ dsh config template --file PATH_YOU_WANT_TO_SAVE_YOUR_YAML_FILE_TO \
51+
--tier TIER_YOU_WANT_TO_USE
52+
:::
53+
::::
4154

4255
- Edit this file in your favourite text editor, replacing the placeholder text with appropriate values for your setup.
4356

0 commit comments

Comments
 (0)