Move pulumi context settings and persistent data

.github/workflows/build_documentation.yaml

@@ -6,7 +6,6 @@ on:  # yamllint disable-line rule:truthy
   push:
     branches: [develop, latest]
   pull_request:
-    branches: [develop, latest]
 
 jobs:
   build:

.github/workflows/lint_code.yaml

@@ -6,7 +6,6 @@ on:  # yamllint disable-line rule:truthy
   push:
     branches: [develop, latest]
   pull_request:
-    branches: [develop, latest]
 
 jobs:
   lint_json:

.github/workflows/test_code.yaml

@@ -6,7 +6,6 @@ on:  # yamllint disable-line rule:truthy
   push:
     branches: [develop, latest]
   pull_request:
-    branches: [develop, latest]
 
 jobs:
   test_python:

data_safe_haven/administration/users/guacamole_users.py

@@ -2,19 +2,28 @@
 from collections.abc import Sequence
 from typing import Any
 
-from data_safe_haven.config import Config
+from data_safe_haven.config import Config, DSHPulumiProject
+from data_safe_haven.context import Context
 from data_safe_haven.external import AzureApi, AzurePostgreSQLDatabase
 from data_safe_haven.infrastructure import SREStackManager
 
 from .research_user import ResearchUser
 
 
 class GuacamoleUsers:
-    def __init__(self, config: Config, sre_name: str, *args: Any, **kwargs: Any):
+    def __init__(
+        self,
+        context: Context,
+        config: Config,
+        pulumi_project: DSHPulumiProject,
+        sre_name: str,
+        *args: Any,
+        **kwargs: Any,
+    ):
         super().__init__(*args, **kwargs)
-        sre_stack = SREStackManager(config, sre_name)
+        sre_stack = SREStackManager(context, config, pulumi_project, sre_name)
         # Read the SRE database secret from key vault
-        azure_api = AzureApi(config.context.subscription_name)
+        azure_api = AzureApi(context.subscription_name)
         connection_db_server_password = azure_api.get_keyvault_secret(
             sre_stack.output("data")["key_vault_name"],
             sre_stack.output("data")["password_user_database_admin_secret"],
@@ -24,7 +33,7 @@ def __init__(self, config: Config, sre_name: str, *args: Any, **kwargs: Any):
             connection_db_server_password,
             sre_stack.output("remote_desktop")["connection_db_server_name"],
             sre_stack.output("remote_desktop")["resource_group_name"],
-            config.context.subscription_name,
+            context.subscription_name,
         )
         self.users_: Sequence[ResearchUser] | None = None
         self.postgres_script_path: pathlib.Path = (

data_safe_haven/administration/users/user_handler.py

@@ -2,7 +2,8 @@
 import pathlib
 from collections.abc import Sequence
 
-from data_safe_haven.config import Config
+from data_safe_haven.config import Config, DSHPulumiConfig, DSHPulumiProject
+from data_safe_haven.context import Context
 from data_safe_haven.exceptions import DataSafeHavenUserHandlingError
 from data_safe_haven.external import GraphApi
 from data_safe_haven.utility import LoggingSingleton
@@ -15,11 +16,15 @@
 class UserHandler:
     def __init__(
         self,
+        context: Context,
         config: Config,
+        pulumi_config: DSHPulumiConfig,
         graph_api: GraphApi,
     ):
         self.azure_ad_users = AzureADUsers(graph_api)
+        self.context = context
         self.config = config
+        self.pulumi_config = pulumi_config
         self.logger = LoggingSingleton()
         self.sre_guacamole_users_: dict[str, GuacamoleUsers] = {}
 
@@ -72,19 +77,24 @@ def get_usernames(self) -> dict[str, list[str]]:
         usernames = {}
         usernames["Azure AD"] = self.get_usernames_azure_ad()
         for sre_name in self.config.sre_names:
-            usernames[f"SRE {sre_name}"] = self.get_usernames_guacamole(sre_name)
+            usernames[f"SRE {sre_name}"] = self.get_usernames_guacamole(
+                sre_name,
+                self.pulumi_config[sre_name],
+            )
         return usernames
 
     def get_usernames_azure_ad(self) -> list[str]:
         """Load usernames from Azure AD"""
         return [user.username for user in self.azure_ad_users.list()]
 
-    def get_usernames_guacamole(self, sre_name: str) -> list[str]:
+    def get_usernames_guacamole(
+        self, sre_name: str, sre_pulumi_project: DSHPulumiProject
+    ) -> list[str]:
         """Lazy-load usernames from Guacamole"""
         try:
             if sre_name not in self.sre_guacamole_users_.keys():
                 self.sre_guacamole_users_[sre_name] = GuacamoleUsers(
-                    self.config, sre_name
+                    self.context, self.config, sre_pulumi_project, sre_name
                 )
             return [
                 user.username for user in self.sre_guacamole_users_[sre_name].list()

data_safe_haven/commands/admin_add_users.py

@@ -3,7 +3,8 @@
 import pathlib
 
 from data_safe_haven.administration.users import UserHandler
-from data_safe_haven.config import Config, ContextSettings
+from data_safe_haven.config import Config, DSHPulumiConfig
+from data_safe_haven.context import ContextSettings
 from data_safe_haven.exceptions import DataSafeHavenError
 from data_safe_haven.external import GraphApi
 
@@ -12,6 +13,7 @@ def admin_add_users(csv_path: pathlib.Path) -> None:
     """Add users to a deployed Data Safe Haven"""
     context = ContextSettings.from_file().assert_context()
     config = Config.from_remote(context)
+    pulumi_config = DSHPulumiConfig.from_remote(context)
 
     shm_name = context.shm_name
 
@@ -27,7 +29,7 @@ def admin_add_users(csv_path: pathlib.Path) -> None:
         )
 
         # Add users to SHM
-        users = UserHandler(config, graph_api)
+        users = UserHandler(context, config, pulumi_config, graph_api)
         users.add(csv_path)
     except DataSafeHavenError as exc:
         msg = f"Could not add users to Data Safe Haven '{shm_name}'.\n{exc}"

data_safe_haven/commands/admin_list_users.py

@@ -1,7 +1,8 @@
 """List users from a deployed Data Safe Haven"""
 
 from data_safe_haven.administration.users import UserHandler
-from data_safe_haven.config import Config, ContextSettings
+from data_safe_haven.config import Config, DSHPulumiConfig
+from data_safe_haven.context import ContextSettings
 from data_safe_haven.exceptions import DataSafeHavenError
 from data_safe_haven.external import GraphApi
 
@@ -10,6 +11,7 @@ def admin_list_users() -> None:
     """List users from a deployed Data Safe Haven"""
     context = ContextSettings.from_file().assert_context()
     config = Config.from_remote(context)
+    pulumi_config = DSHPulumiConfig.from_remote(context)
 
     shm_name = context.shm_name
 
@@ -21,7 +23,7 @@ def admin_list_users() -> None:
         )
 
         # List users from all sources
-        users = UserHandler(config, graph_api)
+        users = UserHandler(context, config, pulumi_config, graph_api)
         users.list()
     except DataSafeHavenError as exc:
         msg = f"Could not list users for Data Safe Haven '{shm_name}'.\n{exc}"

data_safe_haven/commands/admin_register_users.py

@@ -1,9 +1,11 @@
 """Register existing users with a deployed SRE"""
 
 from data_safe_haven.administration.users import UserHandler
-from data_safe_haven.config import Config, ContextSettings
+from data_safe_haven.config import Config, DSHPulumiConfig
+from data_safe_haven.context import ContextSettings
 from data_safe_haven.exceptions import DataSafeHavenError
 from data_safe_haven.external import GraphApi
+from data_safe_haven.functions import sanitise_sre_name
 from data_safe_haven.utility import LoggingSingleton
 
 
@@ -14,10 +16,11 @@ def admin_register_users(
     """Register existing users with a deployed SRE"""
     context = ContextSettings.from_file().assert_context()
     config = Config.from_remote(context)
+    pulumi_config = DSHPulumiConfig.from_remote(context)
 
     shm_name = context.shm_name
     # Use a JSON-safe SRE name
-    sre_name = config.sanitise_sre_name(sre)
+    sre_name = sanitise_sre_name(sre)
 
     try:
         # Check that SRE option has been provided
@@ -35,7 +38,7 @@ def admin_register_users(
         )
 
         # List users
-        users = UserHandler(config, graph_api)
+        users = UserHandler(context, config, pulumi_config, graph_api)
         available_usernames = users.get_usernames_azure_ad()
         usernames_to_register = []
         for username in usernames:

data_safe_haven/commands/admin_remove_users.py

@@ -1,7 +1,8 @@
 """Remove existing users from a deployed Data Safe Haven"""
 
 from data_safe_haven.administration.users import UserHandler
-from data_safe_haven.config import Config, ContextSettings
+from data_safe_haven.config import Config, DSHPulumiConfig
+from data_safe_haven.context import ContextSettings
 from data_safe_haven.exceptions import DataSafeHavenError
 from data_safe_haven.external import GraphApi
 
@@ -12,6 +13,7 @@ def admin_remove_users(
     """Remove existing users from a deployed Data Safe Haven"""
     context = ContextSettings.from_file().assert_context()
     config = Config.from_remote(context)
+    pulumi_config = DSHPulumiConfig.from_remote(context)
 
     shm_name = context.shm_name
 
@@ -24,7 +26,7 @@ def admin_remove_users(
 
         # Remove users from SHM
         if usernames:
-            users = UserHandler(config, graph_api)
+            users = UserHandler(context, config, pulumi_config, graph_api)
             users.remove(usernames)
     except DataSafeHavenError as exc:
         msg = f"Could not remove users from Data Safe Haven '{shm_name}'.\n{exc}"

data_safe_haven/commands/admin_unregister_users.py

@@ -1,9 +1,11 @@
 """Unregister existing users from a deployed SRE"""
 
 from data_safe_haven.administration.users import UserHandler
-from data_safe_haven.config import Config, ContextSettings
+from data_safe_haven.config import Config, DSHPulumiConfig
+from data_safe_haven.context import ContextSettings
 from data_safe_haven.exceptions import DataSafeHavenError
 from data_safe_haven.external import GraphApi
+from data_safe_haven.functions import sanitise_sre_name
 from data_safe_haven.utility import LoggingSingleton
 
 
@@ -14,9 +16,12 @@ def admin_unregister_users(
     """Unregister existing users from a deployed SRE"""
     context = ContextSettings.from_file().assert_context()
     config = Config.from_remote(context)
+    pulumi_config = DSHPulumiConfig.from_remote(context)
 
     shm_name = context.shm_name
-    sre_name = config.sanitise_sre_name(sre)
+    sre_name = sanitise_sre_name(sre)
+
+    # sre_pulumi_project = pulumi_config.create_or_select_project(sre_name)
 
     try:
         # Check that SRE option has been provided
@@ -34,7 +39,7 @@ def admin_unregister_users(
         )
 
         # List users
-        users = UserHandler(config, graph_api)
+        users = UserHandler(context, config, pulumi_config, graph_api)
         available_usernames = users.get_usernames_azure_ad()
         usernames_to_unregister = []
         for username in usernames:

data_safe_haven/commands/config.py

@@ -6,7 +6,8 @@
 import typer
 from rich import print
 
-from data_safe_haven.config import Config, ContextSettings
+from data_safe_haven.config import Config
+from data_safe_haven.context import ContextSettings
 
 config_command_group = typer.Typer()
 
@@ -19,8 +20,7 @@ def template(
     ] = None
 ) -> None:
     """Write a template Data Safe Haven configuration."""
-    context = ContextSettings.from_file().assert_context()
-    config = Config.template(context)
+    config = Config.template()
     if file:
         with open(file, "w") as outfile:
             outfile.write(config.to_yaml())
@@ -36,8 +36,8 @@ def upload(
     context = ContextSettings.from_file().assert_context()
     with open(file) as config_file:
         config_yaml = config_file.read()
-    config = Config.from_yaml(context, config_yaml)
-    config.upload()
+    config = Config.from_yaml(config_yaml)
+    config.upload(context)
 
 
 @config_command_group.command()

data_safe_haven/commands/context.py

@@ -5,9 +5,12 @@
 import typer
 from rich import print
 
-from data_safe_haven.config import ContextSettings
-from data_safe_haven.config.context_settings import Context, default_config_file_path
-from data_safe_haven.context import ContextInfra
+from data_safe_haven.context import (
+    Context,
+    ContextInfra,
+    ContextSettings,
+)
+from data_safe_haven.exceptions import DataSafeHavenConfigError
 from data_safe_haven.functions.typer_validators import typer_validate_aad_guid
 
 context_command_group = typer.Typer()
@@ -16,7 +19,11 @@
 @context_command_group.command()
 def show() -> None:
     """Show information about the selected context."""
-    settings = ContextSettings.from_file()
+    try:
+        settings = ContextSettings.from_file()
+    except DataSafeHavenConfigError as exc:
+        print("No context configuration file.")
+        raise typer.Exit(code=1) from exc
 
     current_context_key = settings.selected
     current_context = settings.context
@@ -84,7 +91,7 @@ def add(
     ],
 ) -> None:
     """Add a new context to the context list."""
-    if default_config_file_path().exists():
+    if ContextSettings.default_config_file_path().exists():
         settings = ContextSettings.from_file()
         settings.add(
             key=key,