Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add location specifiers to network resources #2023

Merged
merged 8 commits into from
Jul 18, 2024
Merged

Add location specifiers to network resources #2023

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4246390
:bug: Add location specifiers to VirtualNetworks and NSGs as these wi…
jemrobinson Jul 17, 2024
0af9f33
:bug: Add location to PublicIPAddresses
jemrobinson Jul 17, 2024
04034b0
:white_check_mark: Fix SREApplicationGateway tests
jemrobinson Jul 17, 2024
affbbea
:bug: Add location specifiers to ContainerGroups
jemrobinson Jul 17, 2024
e88beae
:bug: Add location specifiers to ApplicationGateway
jemrobinson Jul 17, 2024
f54ccf2
:bug: Ensure that PrivateEndpoints use location
jemrobinson Jul 17, 2024
a17d467
:bug: Ensure that NetworkInterfaces use location
jemrobinson Jul 17, 2024
2b58df1
:white_check_mark: Test for now-available location property on SREApp…
jemrobinson Jul 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/components/composite/microsoft_sql_database.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ def __init__(
# Deploy a private endpoint for the PostgreSQL server
private_endpoint = network.PrivateEndpoint(
f"{self._name}_private_endpoint",
location=props.location,
private_endpoint_name=Output.concat(
props.database_server_name, "-endpoint"
),
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/components/composite/postgresql_database.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ def __init__(
# Deploy a private endpoint for the PostgreSQL server
private_endpoint = network.PrivateEndpoint(
f"{self._name}_private_endpoint",
location=props.location,
private_endpoint_name=Output.concat(
props.database_server_name, "-endpoint"
),
Expand Down
2 changes: 2 additions & 0 deletions data_safe_haven/infrastructure/components/composite/virtual_machine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ def __init__(
if props.ip_address_public:
public_ip = network.PublicIPAddress(
f"{name_underscored}_public_ip",
location=props.location,
public_ip_address_name=Output.concat(props.vm_name, "-public-ip"),
public_ip_allocation_method="Static",
resource_group_name=props.resource_group_name,
Expand Down Expand Up @@ -189,6 +190,7 @@ def __init__(
**network_interface_ip_params,
)
],
location=props.location,
network_interface_name=Output.concat(props.vm_name, "-nic"),
resource_group_name=props.resource_group_name,
opts=child_opts,
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/declarative_sre.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,7 @@ def __call__(self) -> None:
SREApplicationGatewayProps(
key_vault_certificate_id=data.sre_fqdn_certificate_secret_id,
key_vault_identity=data.managed_identity,
location=self.config.azure.location,
resource_group=networking.resource_group,
subnet_application_gateway=networking.subnet_application_gateway,
subnet_guacamole_containers=networking.subnet_guacamole_containers,
Expand Down
4 changes: 4 additions & 0 deletions data_safe_haven/infrastructure/programs/sre/application_gateway.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,14 @@ def __init__(
self,
key_vault_certificate_id: Input[str],
key_vault_identity: Input[managedidentity.UserAssignedIdentity],
location: Input[str],
resource_group: Input[resources.ResourceGroup],
sre_fqdn: Input[str],
subnet_application_gateway: Input[network.GetSubnetResult],
subnet_guacamole_containers: Input[network.GetSubnetResult],
) -> None:
self.key_vault_certificate_id = key_vault_certificate_id
self.location = location
self.resource_group_id = Output.from_input(resource_group).apply(get_id_from_rg)
self.resource_group_name = Output.from_input(resource_group).apply(
get_name_from_rg
Expand Down Expand Up @@ -64,6 +66,7 @@ def __init__(
# Define public IP address
public_ip = network.PublicIPAddress(
f"{self._name}_public_ip",
location=props.location,
public_ip_address_name=f"{stack_name}-public-ip",
public_ip_allocation_method=network.IpAllocationMethod.STATIC,
resource_group_name=props.resource_group_name,
Expand Down Expand Up @@ -189,6 +192,7 @@ def __init__(
type=network.ResourceIdentityType.USER_ASSIGNED,
user_assigned_identities=props.user_assigned_identities,
),
location=props.location,
redirect_configurations=[
# Guacamole HTTP redirect
network.ApplicationGatewayRedirectConfigurationArgs(
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/sre/apt_proxy_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=resource_group.name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
3 changes: 3 additions & 0 deletions data_safe_haven/infrastructure/programs/sre/dns_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ def __init__(
# Define network security group
nsg = network.NetworkSecurityGroup(
f"{self._name}_nsg_dns",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-dns",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -165,6 +166,7 @@ def __init__(
address_space=network.AddressSpaceArgs(
address_prefixes=[SREDnsIpRanges.vnet.prefix],
),
location=props.location,
resource_group_name=resource_group.name,
subnets=[ # Note that we define subnets inline to avoid creation order issues
# DNS subnet
Expand Down Expand Up @@ -260,6 +262,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=resource_group.name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
2 changes: 2 additions & 0 deletions data_safe_haven/infrastructure/programs/sre/firewall.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ def __init__(
# Deploy IP address
public_ip = network.PublicIPAddress(
f"{self._name}_pip_firewall",
location=props.location,
public_ip_address_name=f"{stack_name}-pip-firewall",
public_ip_allocation_method=network.IPAllocationMethod.STATIC,
resource_group_name=props.resource_group_name,
Expand All @@ -92,6 +93,7 @@ def __init__(
# from Microsoft.
public_ip_management = network.PublicIPAddress(
f"{self._name}_pip_firewall_management",
location=props.location,
public_ip_address_name=f"{stack_name}-pip-firewall-management",
public_ip_allocation_method=network.IPAllocationMethod.STATIC,
resource_group_name=props.resource_group_name,
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/sre/gitea_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=props.user_services_resource_group_name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/sre/hedgedoc_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=props.user_services_resource_group_name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/sre/identity.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=resource_group.name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
14 changes: 14 additions & 0 deletions data_safe_haven/infrastructure/programs/sre/networking.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ def __init__(
# Define NSGs
nsg_application_gateway = network.NetworkSecurityGroup(
f"{self._name}_nsg_application_gateway",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-application-gateway",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -208,6 +209,7 @@ def __init__(
)
nsg_apt_proxy_server = network.NetworkSecurityGroup(
f"{self._name}_nsg_apt_proxy_server",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-apt-proxy-server",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -303,6 +305,7 @@ def __init__(
)
nsg_data_configuration = network.NetworkSecurityGroup(
f"{self._name}_nsg_data_configuration",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-data-configuration",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -398,6 +401,7 @@ def __init__(
)
nsg_data_private = network.NetworkSecurityGroup(
f"{self._name}_nsg_data_private",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-data-private",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -457,6 +461,7 @@ def __init__(
)
nsg_guacamole_containers = network.NetworkSecurityGroup(
f"{self._name}_nsg_guacamole_containers",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-guacamole-containers",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -588,6 +593,7 @@ def __init__(
)
nsg_guacamole_containers_support = network.NetworkSecurityGroup(
f"{self._name}_nsg_guacamole_containers_support",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-guacamole-containers-support",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -647,6 +653,7 @@ def __init__(
)
nsg_identity_containers = network.NetworkSecurityGroup(
f"{self._name}_nsg_identity_containers",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-identity-containers",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -766,6 +773,7 @@ def __init__(
)
nsg_monitoring = network.NetworkSecurityGroup(
f"{self._name}_nsg_monitoring",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-monitoring",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -849,6 +857,7 @@ def __init__(
)
nsg_user_services_containers = network.NetworkSecurityGroup(
f"{self._name}_nsg_user_services_containers",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-user-services-containers",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -956,6 +965,7 @@ def __init__(
)
nsg_user_services_containers_support = network.NetworkSecurityGroup(
f"{self._name}_nsg_user_services_containers_support",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-user-services-containers-support",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -1015,6 +1025,7 @@ def __init__(
)
nsg_user_services_databases = network.NetworkSecurityGroup(
f"{self._name}_nsg_user_services_databases",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-user-services-databases",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -1098,6 +1109,7 @@ def __init__(
)
nsg_user_services_software_repositories = network.NetworkSecurityGroup(
f"{self._name}_nsg_user_services_software_repositories",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-user-services-software-repositories",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -1193,6 +1205,7 @@ def __init__(
)
nsg_workspaces = network.NetworkSecurityGroup(
f"{self._name}_nsg_workspaces",
location=props.location,
network_security_group_name=f"{stack_name}-nsg-workspaces",
resource_group_name=resource_group.name,
security_rules=[
Expand Down Expand Up @@ -1398,6 +1411,7 @@ def __init__(
address_prefixes=[SREIpRanges.vnet.prefix],
),
dhcp_options=network.DhcpOptionsArgs(dns_servers=[props.dns_server_ip]),
location=props.location,
resource_group_name=resource_group.name,
# Note that we define subnets inline to avoid creation order issues
subnets=[
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/sre/remote_desktop.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=resource_group.name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
1 change: 1 addition & 0 deletions data_safe_haven/infrastructure/programs/sre/software_repositories.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,7 @@ def __init__(
],
type=containerinstance.ContainerGroupIpAddressType.PRIVATE,
),
location=props.location,
os_type=containerinstance.OperatingSystemTypes.LINUX,
resource_group_name=props.user_services_resource_group_name,
restart_policy=containerinstance.ContainerGroupRestartPolicy.ALWAYS,
Expand Down
8 changes: 6 additions & 2 deletions tests/infrastructure/programs/sre/test_application_gateway.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
@pytest.fixture
def application_gateway_props(
identity_key_vault_reader,
location,
resource_group,
sre_fqdn,
subnet_application_gateway,
Expand All @@ -23,6 +24,7 @@ def application_gateway_props(
return SREApplicationGatewayProps(
key_vault_certificate_id="key_vault_certificate_id",
key_vault_identity=identity_key_vault_reader,
location=location,
resource_group=resource_group,
sre_fqdn=sre_fqdn,
subnet_application_gateway=subnet_application_gateway,
Expand Down Expand Up @@ -406,10 +408,12 @@ def test_application_gateway_load_distribution_policies(

@pulumi.runtime.test
def test_application_gateway_location(
self, application_gateway_component: SREApplicationGatewayComponent
self,
application_gateway_component: SREApplicationGatewayComponent,
location: str,
):
application_gateway_component.application_gateway.location.apply(
partial(assert_equal, None),
partial(assert_equal, location),
run_with_unknowns=True,
)

Expand Down
Loading