JimMadge commented 1 month ago

:white_check_mark: Checklist

[x] You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
[x] You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
[x] Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).

:vertical_traffic_light: Depends on

2246

:arrow_heading_up: Summary

Allows data providers (as well as research users) IP addresses to be defined as the Azure service tag 'Internet'.

:closed_umbrella: Related issues

:microscope: Tests

Tested on a new deployment. Ingress and Egress blobs anonymous access and with SAS token. Checked download from egress is possible with appropriate SAS token. Checked upload to ingress is possible with appropriate SAS token.

With the storage account set to allow all network connections and blob public access disabled (which is default, but also explicitly set here),

With the storage account URL, you cannot anonymously access the containers

With a valid SAS token you can access the containers and manipulate the data according to the permissions the SAS allows

github-actions[bot] commented 1 month ago

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
data_safe_haven/config
config_sections.py
data_safe_haven/infrastructure/components/wrapped
nfsv3_storage_account.py					36-41
data_safe_haven/infrastructure/programs/sre
data.py					67, 109-120
data_safe_haven/validators
validators.py
Project Total