⚰️ Do not expose Guacamole container private IP address as traffic can be routed to any available IP by the ApplicationGateway backend pool

jemrobinson · jemrobinson · commit 308b145d65dd · 2024-04-19T10:35:58.000+01:00
diff --git a/data_safe_haven/infrastructure/stacks/sre/remote_desktop.py b/data_safe_haven/infrastructure/stacks/sre/remote_desktop.py
@@ -13,7 +13,6 @@
 from data_safe_haven.external import AzureIPv4Range
 from data_safe_haven.infrastructure.common import (
     get_id_from_subnet,
-    get_ip_address_from_container_group,
 )
 from data_safe_haven.infrastructure.components import (
     AzureADApplication,
@@ -421,9 +420,6 @@ def __init__(
             "connection_db_name": db_guacamole_connections,
             "connection_db_server_name": db_server_guacamole.db_server.name,
             "container_group_name": container_group.name,
-            "container_ip_address": get_ip_address_from_container_group(
-                container_group
-            ),
             "disable_copy": props.disable_copy,
             "disable_paste": props.disable_paste,
             "resource_group_name": resource_group.name,
diff --git a/data_safe_haven/provisioning/sre_provisioning_manager.py b/data_safe_haven/provisioning/sre_provisioning_manager.py
@@ -84,9 +84,7 @@ def restart_remote_desktop_containers(self) -> None:
             self.remote_desktop_params["resource_group_name"],
             self.subscription_name,
         )
-        guacamole_provisioner.restart(
-            self.remote_desktop_params["container_ip_address"]
-        )
+        guacamole_provisioner.restart()
 
     def update_remote_desktop_connections(self) -> None:
         """Update connection information on the Guacamole PostgreSQL server"""
