From 28c3f09dbd4cb37614b274317837dbedffa32c08 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 24 Jul 2024 14:35:32 +0100 Subject: [PATCH 01/14] Move smoke tests to /usr/local --- .../resources/workspace/ansible/desired_state.yaml | 10 ++++------ .../tests => usr/local/smoke_tests}/run_all_tests.bats | 0 .../tests => usr/local/smoke_tests}/test_databases.sh | 0 .../tests => usr/local/smoke_tests}/test_databases_R.R | 0 .../local/smoke_tests}/test_databases_python.py | 0 .../local/smoke_tests}/test_functionality_R.R | 0 .../local/smoke_tests}/test_functionality_python.py | 0 .../local/smoke_tests}/test_mounted_drives.sh | 0 .../local/smoke_tests}/test_repository_R.mustache.sh | 0 .../smoke_tests}/test_repository_python.mustache.sh | 0 10 files changed, 4 insertions(+), 6 deletions(-) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/run_all_tests.bats (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_databases.sh (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_databases_R.R (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_databases_python.py (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_functionality_R.R (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_functionality_python.py (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_mounted_drives.sh (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_repository_R.mustache.sh (100%) rename data_safe_haven/resources/workspace/ansible/files/{home/dshadmin/tests => usr/local/smoke_tests}/test_repository_python.mustache.sh (100%) diff --git a/data_safe_haven/resources/workspace/ansible/desired_state.yaml b/data_safe_haven/resources/workspace/ansible/desired_state.yaml index 55a0249f26..c3a86e864d 100644 --- a/data_safe_haven/resources/workspace/ansible/desired_state.yaml +++ b/data_safe_haven/resources/workspace/ansible/desired_state.yaml @@ -99,14 +99,12 @@ - xrdp - xrdp-sesman - - name: Copy test files + - name: Copy smoke test files ansible.builtin.copy: src: "{{ item }}" - dest: /home/dshadmin/tests/ - mode: '0700' - owner: dshadmin - group: dshadmin - with_fileglob: 'home/dshadmin/tests/*' + dest: /usr/local/smoke_tests/ + mode: '0755' + with_fileglob: 'usr/local/smoke_tests/*' handlers: diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/run_all_tests.bats b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/run_all_tests.bats similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/run_all_tests.bats rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/run_all_tests.bats diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_databases.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases.sh similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_databases.sh rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases.sh diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_databases_R.R b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_R.R similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_databases_R.R rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_R.R diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_databases_python.py b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_python.py similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_databases_python.py rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_python.py diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_functionality_R.R b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_functionality_R.R similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_functionality_R.R rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_functionality_R.R diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_functionality_python.py b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_functionality_python.py similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_functionality_python.py rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_functionality_python.py diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_mounted_drives.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_mounted_drives.sh similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_mounted_drives.sh rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_mounted_drives.sh diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_repository_R.mustache.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.mustache.sh similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_repository_R.mustache.sh rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.mustache.sh diff --git a/data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_repository_python.mustache.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.mustache.sh similarity index 100% rename from data_safe_haven/resources/workspace/ansible/files/home/dshadmin/tests/test_repository_python.mustache.sh rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.mustache.sh From 1baab48f10d760be69f5a48f838030690f156e6e Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 24 Jul 2024 15:02:52 +0100 Subject: [PATCH 02/14] Add python3 and venv to common packages --- .../resources/workspace/ansible/host_vars/localhost.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml b/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml index 2c541280b0..b68bf31ddd 100644 --- a/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml +++ b/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml @@ -50,6 +50,8 @@ package_categories: - ninja-build # Ninja build system - octave # Open source Matlab implementation - python-is-python3 # symlinks python to python3 + - python3 # System Python3 distribution + - python3-venv # Python3 venv module - r-base # R programming language - racket # Racket functional programming language implementation - racket-common # Racket shared files From b0382078cd81f1d353f992ee04876abd2fd1ebd8 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 24 Jul 2024 15:16:12 +0100 Subject: [PATCH 03/14] Don't use mustache templates --- .../{test_repository_R.mustache.sh => test_repository_R.sh} | 2 +- ..._repository_python.mustache.sh => test_repository_python.sh} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/{test_repository_R.mustache.sh => test_repository_R.sh} (97%) rename data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/{test_repository_python.mustache.sh => test_repository_python.sh} (96%) diff --git a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.mustache.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.sh similarity index 97% rename from data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.mustache.sh rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.sh index 03568b1e62..ed0c1aee25 100644 --- a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.mustache.sh +++ b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_R.sh @@ -25,7 +25,7 @@ for package in "${packages[@]}"; do fi done # If requested, demonstrate that installation fails for packages *not* on the approved list -TEST_FAILURE="{{check_uninstallable_packages}}" +TEST_FAILURE=0 if [ $TEST_FAILURE -eq 1 ]; then for package in "${uninstallable_packages[@]}"; do echo "Attempting to install ${package}..." diff --git a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.mustache.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.sh similarity index 96% rename from data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.mustache.sh rename to data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.sh index 28e46a23e1..311c352f26 100644 --- a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.mustache.sh +++ b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_repository_python.sh @@ -19,7 +19,7 @@ for package in "${installable_packages[@]}"; do fi done # If requested, demonstrate that installation fails for packages *not* on the approved list -TEST_FAILURE="{{check_uninstallable_packages}}" +TEST_FAILURE=0 if [ $TEST_FAILURE -eq 1 ]; then for package in "${uninstallable_packages[@]}"; do echo "Attempting to install ${package}..." From 632d9c238c15f685f4798edb09e92df5da3ef75e Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 25 Jul 2024 14:07:25 +0100 Subject: [PATCH 04/14] Correct comment --- data_safe_haven/infrastructure/programs/sre/data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/infrastructure/programs/sre/data.py b/data_safe_haven/infrastructure/programs/sre/data.py index d05ee17a78..5ab63b3de9 100644 --- a/data_safe_haven/infrastructure/programs/sre/data.py +++ b/data_safe_haven/infrastructure/programs/sre/data.py @@ -254,7 +254,7 @@ def __init__( tags=child_tags, ) - # Secret: database service admin password + # Secret: dns server admin password keyvault.Secret( f"{self._name}_kvs_password_dns_server_admin", properties=keyvault.SecretPropertiesArgs( From e8ec16d958da761ad5fb369a127c9813036fdd13 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 25 Jul 2024 14:12:31 +0100 Subject: [PATCH 05/14] Write database credential to workspaces --- data_safe_haven/infrastructure/programs/declarative_sre.py | 1 + data_safe_haven/infrastructure/programs/sre/workspaces.py | 7 +++++-- .../resources/workspace/workspace.cloud_init.mustache.yaml | 5 +++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/data_safe_haven/infrastructure/programs/declarative_sre.py b/data_safe_haven/infrastructure/programs/declarative_sre.py index c1acff48fa..1698be923b 100644 --- a/data_safe_haven/infrastructure/programs/declarative_sre.py +++ b/data_safe_haven/infrastructure/programs/declarative_sre.py @@ -350,6 +350,7 @@ def __call__(self) -> None: apt_proxy_server_hostname=apt_proxy_server.hostname, data_collection_rule_id=monitoring.data_collection_rule_vms.id, data_collection_endpoint_id=monitoring.data_collection_endpoint.id, + database_service_admin_password=data.password_database_service_admin, ldap_group_filter=ldap_group_filter, ldap_group_search_base=ldap_group_search_base, ldap_server_hostname=identity.hostname, diff --git a/data_safe_haven/infrastructure/programs/sre/workspaces.py b/data_safe_haven/infrastructure/programs/sre/workspaces.py index 86ea1341be..2b1947c6db 100644 --- a/data_safe_haven/infrastructure/programs/sre/workspaces.py +++ b/data_safe_haven/infrastructure/programs/sre/workspaces.py @@ -27,8 +27,9 @@ def __init__( self, admin_password: Input[str], apt_proxy_server_hostname: Input[str], - data_collection_rule_id: Input[str], data_collection_endpoint_id: Input[str], + data_collection_rule_id: Input[str], + database_service_admin_password: Input[str], ldap_group_filter: Input[str], ldap_group_search_base: Input[str], ldap_server_hostname: Input[str], @@ -41,8 +42,8 @@ def __init__( software_repository_hostname: Input[str], sre_name: Input[str], storage_account_data_desired_state_name: Input[str], - storage_account_data_private_user_name: Input[str], storage_account_data_private_sensitive_name: Input[str], + storage_account_data_private_user_name: Input[str], subnet_workspaces: Input[network.GetSubnetResult], subscription_name: Input[str], virtual_network: Input[network.VirtualNetwork], @@ -53,6 +54,7 @@ def __init__( self.apt_proxy_server_hostname = apt_proxy_server_hostname self.data_collection_rule_id = data_collection_rule_id self.data_collection_endpoint_id = data_collection_endpoint_id + self.database_service_admin_password = (database_service_admin_password,) self.ldap_group_filter = ldap_group_filter self.ldap_group_search_base = ldap_group_search_base self.ldap_server_hostname = ldap_server_hostname @@ -113,6 +115,7 @@ def __init__( # Load cloud-init file cloudinit = Output.all( apt_proxy_server_hostname=props.apt_proxy_server_hostname, + database_service_admin_password=props.database_service_admin_password, ldap_group_filter=props.ldap_group_filter, ldap_group_search_base=props.ldap_group_search_base, ldap_server_hostname=props.ldap_server_hostname, diff --git a/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml b/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml index e580ca30d5..2ce95e8cb2 100644 --- a/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml +++ b/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml @@ -1,6 +1,11 @@ #cloud-config write_files: + - path: "/etc/database_credential" + permissions: "0400" + content: | + {{ database_service_admin_password }} + - path: "/etc/nslcd.conf" permissions: "0400" content: | From 893e2e46ffb86737b65d2b5d6b987df318c60d3a Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 25 Jul 2024 14:20:12 +0100 Subject: [PATCH 06/14] Update database credential location in tests --- .../ansible/files/usr/local/smoke_tests/run_all_tests.bats | 2 +- .../ansible/files/usr/local/smoke_tests/test_databases.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/run_all_tests.bats b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/run_all_tests.bats index 800a55cd3d..c2e9550a71 100644 --- a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/run_all_tests.bats +++ b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/run_all_tests.bats @@ -32,7 +32,7 @@ install_r_package_version() { } check_db_credentials() { - db_credentials="${HOME}/.local/db.dsh" + db_credentials="/etc/database_credential" if [ -f "$db_credentials" ]; then return 0 fi diff --git a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases.sh b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases.sh index 69fd7a456c..c09ff85602 100644 --- a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases.sh +++ b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases.sh @@ -12,7 +12,7 @@ while getopts d:l: flag; do esac done -db_credentials="${HOME}/.local/db.dsh" +db_credentials="/etc/database_credential" if [ -f "$db_credentials" ]; then username="databaseadmin" password="$(cat "$db_credentials")" From 0a9c6a63b2a1ca5a4af0eab86ccf2c25356c29cb Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 25 Jul 2024 14:20:23 +0100 Subject: [PATCH 07/14] Remove unused database username variable --- .../infrastructure/programs/sre/database_servers.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/data_safe_haven/infrastructure/programs/sre/database_servers.py b/data_safe_haven/infrastructure/programs/sre/database_servers.py index 93aaf45d06..ce030fc49f 100644 --- a/data_safe_haven/infrastructure/programs/sre/database_servers.py +++ b/data_safe_haven/infrastructure/programs/sre/database_servers.py @@ -24,13 +24,10 @@ def __init__( resource_group_name: Input[str], sre_fqdn: Input[str], subnet_id: Input[str], - database_username: Input[str] | None = None, ) -> None: self.database_password = database_password self.database_system = database_system - self.database_username = ( - database_username if database_username else "databaseadmin" - ) + self.database_username = "databaseadmin" self.location = location self.resource_group_name = resource_group_name self.sre_fqdn = sre_fqdn From 4b6599622b410352ced381049efa9287a8762fa7 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 11:15:25 +0100 Subject: [PATCH 08/14] Correct postgresql client package name --- .../resources/workspace/ansible/host_vars/localhost.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml b/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml index b68bf31ddd..fb7c612544 100644 --- a/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml +++ b/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml @@ -24,7 +24,7 @@ package_categories: common: - libpq-dev # interact with PostgreSQL databases - msodbcsql17 # interact with Microsoft SQL databases - - postgresql-client-common # CLI psql client + - postgresql-client # CLI psql client - unixodbc-dev # interact with Microsoft SQL databases focal: jammy: From 4f78cd8a8c70d34ef39f81bf566fb6290c9a8c16 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 11:58:44 +0100 Subject: [PATCH 09/14] Disable require_secure_transport for postgres --- .../components/composite/postgresql_database.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/data_safe_haven/infrastructure/components/composite/postgresql_database.py b/data_safe_haven/infrastructure/components/composite/postgresql_database.py index a817eb2974..002088bc85 100644 --- a/data_safe_haven/infrastructure/components/composite/postgresql_database.py +++ b/data_safe_haven/infrastructure/components/composite/postgresql_database.py @@ -76,6 +76,15 @@ def __init__( opts=child_opts, tags=child_tags, ) + # Configure require_secure_transport + dbforpostgresql.Configuration( + f"{self._name}_secure_transport_configuration", + configuration_name="require_secure_transport", + resource_group_name=props.database_resource_group_name, + server_name=props.database_server_name, + source="Pulumi", + value="off", + ) # Add any databases that are requested props.database_names.apply( lambda db_names: [ From 3062ad6865786142c336c5013732469e02838dab Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 11:59:55 +0100 Subject: [PATCH 10/14] Correct password value What on earth happened there?! --- data_safe_haven/infrastructure/programs/sre/workspaces.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/infrastructure/programs/sre/workspaces.py b/data_safe_haven/infrastructure/programs/sre/workspaces.py index 2b1947c6db..34accfe537 100644 --- a/data_safe_haven/infrastructure/programs/sre/workspaces.py +++ b/data_safe_haven/infrastructure/programs/sre/workspaces.py @@ -54,7 +54,7 @@ def __init__( self.apt_proxy_server_hostname = apt_proxy_server_hostname self.data_collection_rule_id = data_collection_rule_id self.data_collection_endpoint_id = data_collection_endpoint_id - self.database_service_admin_password = (database_service_admin_password,) + self.database_service_admin_password = database_service_admin_password self.ldap_group_filter = ldap_group_filter self.ldap_group_search_base = ldap_group_search_base self.ldap_server_hostname = ldap_server_hostname From cae10312a93962935f5475315bdfc598622a2dc5 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 14:05:15 +0100 Subject: [PATCH 11/14] Correct psql connection string --- .../files/usr/local/smoke_tests/test_databases_python.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_python.py b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_python.py index ab0f01a3fe..c3401bae29 100644 --- a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_python.py +++ b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_python.py @@ -24,7 +24,7 @@ def test_database( server=server_name, user=username_full, password=password, database=db_name ) elif db_type == "postgresql": - connection_string = f"host={server_name} port={port} dbname={db_name} user={username_full} password={password}" + connection_string = f"host={server_name} port={port} dbname={db_name} user={username} password={password}" cnxn = psycopg.connect(connection_string) else: msg = f"Database type '{db_type}' was not recognised" From 318a43d0c4411582831d494d452c9c330a3c2547 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 14:13:39 +0100 Subject: [PATCH 12/14] Correct psql connection in R script --- .../ansible/files/usr/local/smoke_tests/test_databases_R.R | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_R.R b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_R.R index a261f21532..efade84bcf 100644 --- a/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_R.R +++ b/data_safe_haven/resources/workspace/ansible/files/usr/local/smoke_tests/test_databases_R.R @@ -34,7 +34,7 @@ if (db_type == "mssql") { host = server_name, port = port, dbname = db_name, - user = paste(username, "@", hostname, sep=""), + user = username, password = password ) } else { From 63ee366c191b4cb04594c76fa4c37c9d53ba59f1 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 14:34:46 +0100 Subject: [PATCH 13/14] Correct db configuration parameters --- .../components/composite/postgresql_database.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data_safe_haven/infrastructure/components/composite/postgresql_database.py b/data_safe_haven/infrastructure/components/composite/postgresql_database.py index 002088bc85..95f2d24777 100644 --- a/data_safe_haven/infrastructure/components/composite/postgresql_database.py +++ b/data_safe_haven/infrastructure/components/composite/postgresql_database.py @@ -82,8 +82,8 @@ def __init__( configuration_name="require_secure_transport", resource_group_name=props.database_resource_group_name, server_name=props.database_server_name, - source="Pulumi", - value="off", + source="user-override", + value="OFF", ) # Add any databases that are requested props.database_names.apply( From e99904652cee8467e54fd612dff8bf698590cd52 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 26 Jul 2024 14:40:46 +0100 Subject: [PATCH 14/14] Update data_safe_haven/infrastructure/programs/sre/data.py Co-authored-by: James Robinson --- data_safe_haven/infrastructure/programs/sre/data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/infrastructure/programs/sre/data.py b/data_safe_haven/infrastructure/programs/sre/data.py index 5ab63b3de9..faf183c344 100644 --- a/data_safe_haven/infrastructure/programs/sre/data.py +++ b/data_safe_haven/infrastructure/programs/sre/data.py @@ -254,7 +254,7 @@ def __init__( tags=child_tags, ) - # Secret: dns server admin password + # Secret: DNS server admin password keyvault.Secret( f"{self._name}_kvs_password_dns_server_admin", properties=keyvault.SecretPropertiesArgs(