alan-turing-institute / data-safe-haven

https://data-safe-haven.readthedocs.io
BSD 3-Clause "New" or "Revised" License
60 stars 15 forks source link

Listing users not always working #2097

Closed craddm closed 2 months ago

craddm commented 3 months ago

:white_check_mark: Checklist

:computer: System information

:package: Packages

List of packages ```none acme==2.10.0 annotated-types==0.7.0 appdirs==1.4.4 Arpeggio==2.0.2 attrs==23.2.0 azure-common==1.1.28 azure-core==1.30.2 azure-identity==1.17.1 azure-keyvault-certificates==4.8.0 azure-keyvault-keys==4.9.0 azure-keyvault-secrets==4.8.0 azure-mgmt-automation==1.0.0 azure-mgmt-compute==32.0.0 azure-mgmt-containerinstance==10.1.0 azure-mgmt-core==1.4.0 azure-mgmt-dns==8.1.0 azure-mgmt-keyvault==10.3.1 azure-mgmt-msi==7.0.0 azure-mgmt-network==26.0.0 azure-mgmt-rdbms==10.1.0 azure-mgmt-resource==23.1.1 azure-mgmt-storage==21.2.1 azure-storage-blob==12.21.0 azure-storage-file-datalake==12.16.0 azure-storage-file-share==12.17.0 certifi==2024.7.4 cffi==1.16.0 charset-normalizer==3.3.2 chevron==0.14.0 click==8.1.7 cryptography==43.0.0 -e git+https://github.com/craddm/data-safe-haven.git@85610b0e5f7f287b66eec93ff2b2d5afdb64809f#egg=data_safe_haven dill==0.3.8 dnspython==2.6.1 fqdn==1.5.1 grpcio==1.60.1 idna==3.7 isodate==0.6.1 josepy==1.14.0 markdown-it-py==3.0.0 mdurl==0.1.2 msal==1.30.0 msal-extensions==1.2.0 msrest==0.7.1 oauthlib==3.2.2 parver==0.5 portalocker==2.10.1 protobuf==4.25.4 psycopg==3.2.1 pulumi==3.127.0 pulumi_azure_native==2.51.0 pulumi_random==4.16.3 pulumi_tls==5.0.4 pycparser==2.22 pydantic==2.8.2 pydantic_core==2.20.1 Pygments==2.18.0 PyJWT==2.8.0 pyOpenSSL==24.2.1 pyRFC3339==1.1 pytz==2024.1 PyYAML==6.0.1 requests==2.32.3 requests-oauthlib==2.0.0 rich==13.7.1 semver==2.13.0 setuptools==72.1.0 shellingham==1.5.4 simple_acme_dns==3.1.0 six==1.16.0 typer==0.12.3 typing_extensions==4.12.2 urllib3==2.2.2 validators==0.28.3 websocket-client==1.8.0 ```

:no_entry_sign: Describe the problem

Running dsh users list <sre> works for some SREs associated with an SHM but not others, and it's not clear why.

(data-safe-haven) deploydsh@0b11d89ae8c5:/workspaces/data-safe-haven$ dsh users list baron
You are logged into the Azure CLI as:                                                                                                                                                                 
        user: Matthew Craddock (1b2a59f2-f3ea-42e7-b8b8-aeea30572764)                                                                                                                                 
        tenant: turing.ac.uk (4395f4a7-e455-4f95-8a9f-1fbaef6384f9)                                                                                                                                   
Are these details correct? [y/n] (y): y
You are logged into the Microsoft Graph API as:                                                                                                                                                       
        user: aad.admin.matt.craddock@green.develop.turingsafehaven.ac.uk (3b3f1d49-9980-4a09-99e4-784038a740fa)                                                                                      
        tenant: green.develop.turingsafehaven.ac.uk (cb94a6f6-ef7a-42ab-bcad-4f0b887cfd3e)                                                                                                            
Are these details correct? [y/n] (y): y
No SRE named baron is defined.                                                                                                                                                                        
Could not load users for SRE 'baron'. 

It looks like it can't load the relevant stack - the problem seems to happen here:

https://github.com/alan-turing-institute/data-safe-haven/blob/91e3b2987fe3f863c17e64937f3d112e8539691e/data_safe_haven/administration/users/guacamole_users.py#L27-L29

:steam_locomotive: Workarounds or solutions

craddm commented 2 months ago

No longer able to replicate this.