Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix inconsistent firewall rules #1883

Merged
merged 11 commits into from May 14, 2024
Merged

Fix inconsistent firewall rules #1883

merged 11 commits into from May 14, 2024

Conversation

jemrobinson
Copy link
Member

@jemrobinson jemrobinson commented May 10, 2024
edited

✅ Checklist

  • You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
  • You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
  • Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).
  • You have marked this pull request as a draft and added '[WIP]' to the title if needed (if you're not yet ready to merge).

⤴️ Summary

  • Allow graph.microsoft.com from SRE identity servers
    • Note that this was allowed by DNS and the NSG, but not by the firewall
  • Replace all use of raw domain names with a PermittedDomains enum
  • Replace all use of ordered_private_dns_zones() with an AzureDnsZoneNames enum
  • Move time_as_string to strings so that miscellaneous.py can be dropped
  • Rename time_as_string to next_occurrence, fix logic and add tests.

🌂 Related issues

Closes #1882

🔬 Tests

n/a

@jemrobinson jemrobinson requested a review from a team as a code owner May 10, 2024 16:43
@github-actions GitHub Actions
Copy link

github-actions bot commented May 10, 2024
edited

Coverage report

Click to see where and how coverage changed

FileStatementsMissingCoverageCoverage
(new stmts)		Lines missing
  data_safe_haven/functions
  __init__.py
  strings.py
  data_safe_haven/infrastructure/common
  __init__.py
  data_safe_haven/infrastructure/programs/shm
  firewall.py 331
  monitoring.py
  networking.py 167
  data_safe_haven/infrastructure/programs/sre
  apt_proxy_server.py 84
  data.py
  dns_server.py 287
  hedgedoc_server.py
  monitoring.py
  networking.py 1703
  software_repositories.py
  data_safe_haven/types
  __init__.py
  enums.py
  tests/functions
  test_strings.py
Project Total  

This report was generated by python-coverage-comment-action

@jemrobinson jemrobinson requested a review from a team May 10, 2024 21:04
@jemrobinson jemrobinson changed the title Fix user synchronisation Fix inconsistent firewall rules May 10, 2024
JimMadge
JimMadge requested changes May 13, 2024
View reviewed changes
Copy link
Member

@JimMadge JimMadge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I much prefer these as Enums rather than functions.

data_safe_haven/functions/strings.py Outdated Show resolved Hide resolved
data_safe_haven/functions/__init__.py Show resolved Hide resolved
@jemrobinson jemrobinson mentioned this pull request May 13, 2024
Open
5 tasks
@jemrobinson
Copy link
Member Author

@JimMadge @craddm Are you happy to approve this now?

@jemrobinson jemrobinson mentioned this pull request May 13, 2024
Merged
4 tasks
@jemrobinson jemrobinson merged commit 9e5b72a into alan-turing-institute:develop May 14, 2024
11 checks passed
@JimMadge JimMadge mentioned this pull request May 17, 2024
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JimMadge JimMadge JimMadge approved these changes

@craddm craddm Awaiting requested review from craddm

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

User synchronisation not working
2 participants
@jemrobinson @JimMadge