alan-turing-institute / data-safe-haven

https://data-safe-haven.readthedocs.io
BSD 3-Clause "New" or "Revised" License
61 stars 15 forks source link

`dsh config available` is not showing deployed SREs #2278

Closed cptanalatriste closed 1 week ago

cptanalatriste commented 2 weeks ago

:white_check_mark: Checklist

:computer: System information

:package: Packages

List of packages ```none Paste list of packages here ```

:no_entry_sign: Describe the problem

The SRE with ID testt2hdl is live and accessible over https://testt2hdl.prod5.turingsafehaven.ac.uk/. However, when listing deployed SREs using dsh config available we see the following:

┏━━━━━━━━━━━━┳━━━━━━━━━━┓
┃ SRE Name   ┃ Deployed ┃
┡━━━━━━━━━━━━╇━━━━━━━━━━┩
│ cgcdemosre │          │
│ edtest2p5  │          │
│ edtestp5   │          │
│ sbox123    │          │
│ testsre    │          │
│ testt2hdl  │          │
└────────────┴──────────┘

Notice no SRE is marked as deployed.

:deciduous_tree: Log messages

Relevant log messages ```none Your log details here ```

:recycle: To reproduce

Just run dsh config available from any account with production access. @dsj976 and @helendduncan were able to reproduce.

JimMadge commented 2 weeks ago

Quite likely due to underscores in the SRE name being handling inconsistently. Retained in some places, changed to hyphens, stripped completely.

craddm commented 1 week ago

The name of the SRE from the config is passed through a function (json_safe) that strips out anything other than alphanumeric characters. So, on upload, a config where the SRE name is leon_ardo gets saved as a config file called sre-leonardo.yaml; but the SRE name in the config itself stays as leon_ardo, and that name is what is used in other places internally (e.g. in the list of Pulumi projects in Pulumi.yaml).

This is what leads to dsh config available not picking up that SREs are deployed - the left column is derived from the filename, but is checked against a list from Pulumi.yaml, which is derived from the names inside the config files.

Inputs to dsh config show <name> are also sanitised in the same way. So you could write dsh config show le~on_ar#do! and it would still show you the file sre-leonardo.yaml.

Probably best to switch to allowing underscores and hyphens as well as alphanumeric characters, which is what is allowed to be in the name field of the config.