Open Davsarper opened 1 year ago
October: less prioritised, as focus is on the new code and funding applications
Reactive, but wiht DSGs going things will arise (and are arising)
@craddm @JimMadge today during Monthly we were asked this in relation to factoring out parts of the configuration:
What is the definition of done for the piece of work of 'factoring out configuration elements' (part of Codebase Maintenance)? What's the value we're aiming for and how do we know when we've achieved it?
Could you add what you consider the answers to be either here or in a (linked) item (issue, milestone...) in the corresponding repo?
We have a milestone with a number of issues that need work. This is well scoped and resource allocated
February focus: release final version before next DSG https://github.com/alan-turing-institute/data-safe-haven/milestone/21
March (and end of Februrary) Focus: Close remaining v4.2.0 issues Ready for release and pen test
After March release it should not be a priority in april
Goal Title
What will this work achieve? Ensure that codebase is kept up-to-date with bug fixes, security updates, external API changes etc.
Description
Definition of Done
When will this be considered as succesfully completed? Ongoing
Details
Resourcing
August
Checklist
Reporting
5 February to 8 April 24
Have worked on updating software used within SREs to ensure the security and functionality of the environment:
Added and tested a script to handle SAS access tokens renewal, currently expiring yearly. These are required manage access to data storage (and therefore ingress and egress). The relevant PR is here https://github.com/alan-turing-institute/data-safe-haven/pull/1739. In the process we realised SAS tokens are bound to Store Access Policies which could be modified to have no end date, we are currently considering the covenience of this approach versus potential security issues in https://github.com/alan-turing-institute/data-safe-haven/issues/1751
Improved use of hardcoded domain names and IPs. The hardcoded lists are difficult to maintain and are prone to going out of date, despite not fully fixing the use of these improvements have been made for the 4.2.0 release by relaxing rules where security allows. For this the team checked individuals cases and applied where possible, no security issues where found and we added this as a specific thing to pent test. Related PR is https://github.com/alan-turing-institute/data-safe-haven/pull/1745 and explanatory issue is https://github.com/alan-turing-institute/data-safe-haven/issues/1549
An issue with Jupyter notebooks not being able to use Python when launched from the menu was found, despite extensive work a fix was not found and decided to let it be by documenting the right workaround: launching Jupyter Notebooks from the terminal. The issue is https://github.com/alan-turing-institute/data-safe-haven/issues/1584
Worked on updating documentation to reflect Azure Active Directory name change to Microsoft Entra
8 January to 5 February
5 December to 8 January 2024
1 November to 4 December
There has been work to address and improve issues and bugs related to last release while preparing for release 4.2.0.
Factoring storage creation and account deployments out of main deployment script now allows for a more resilient process (not having to re-run everything when one fails)
Also MS changing Azure Directory to Microsoft Entra ID has made necessary to spend time updating documentation and code, with the increased challenge that MS themsleves have not yet ocnsitently made the change.
10 October to 30 October
14 August to 18 September
10 July to 14 August
Development/features
Fixes/maintenance