Release Release 5.2.0 (2024-12-05) · alan-turing-institute/data-safe-haven

Release Highlights

More logs collected in the log analytics workspace
- Storage
  - Ingress and egress stores
  - Desired state files
  - Users' home directories
  - Container configuration and persistent state
- Container services
- Firewall
Better CLI feedback and error messages
Documentation improvements

Known issues

Backup is not functional. Following the notice in the documentation will not enable backup.

Upgrading from 5.1.0

In order to upgrade, you will need to carry out the following steps.

⚠️ Some manual interventions are needed. Please ensure that your data is appropriately backed-up before starting. ⚠️

Step-by-step upgrade instructions

N.B. throughout the instructions below, replace YOURSRENAME with the lower-case name of your SRE

Create an upgrade JSON file with the following contents

{
  "nameTable": {
    "sre_data_component": "urn:pulumi:shm-blue-sre-YOURSRENAME::data-safe-haven::dsh:sre:DataComponent::sre_data",
    "sre_desired_state_component": "urn:pulumi:shm-blue-sre-YOURSRENAME::data-safe-haven::dsh:sre:DesiredStateComponent::sre_desired_state"
  },
  "resources": [
    {
      "type": "dsh:sre:NFSV3StorageAccountComponent",
      "name": "sre_data_storage_account_data_private_sensitive",
      "component": true,
      "parent": "sre_data_component"
    },
    {
      "type": "dsh:sre:NFSV3StorageAccountComponent",
      "name": "sre_desired_state_storage_account",
      "component": true,
      "parent": "sre_desired_state_component"
    }
  ]
}

Apply the upgrade JSON as follows

dsh pulumi run YOURSRENAME 'import --file /full/path/to/your/upgrade.json --yes'
dsh pulumi run YOURSRENAME 'state unprotect --all'

Note that the first command might fail - the import should still have succeeded though.

Download the Pulumi state file

dsh pulumi run YOURSRENAME 'stack export --file /full/path/to/a/local/file.json'

Open the Pulumi state file in an editor and find-and-replace the following strings

From	To
`dsh:sre:DataComponent$azure-native:storage:StorageAccount::sre_data_storage_account_data_private_sensitive`	`dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount::sre_data_storage_account_data_private_sensitive`
`dsh:sre:DataComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateEndpoint::sre_data_storage_account_data_private_sensitive`	`dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateEndpoint::sre_data_storage_account_data_private_sensitive`
`dsh:sre:DataComponent$azure-native:storage:StorageAccount$azure-native:storage:BlobContainer`	`dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$azure-native:storage:BlobContainer`
`dsh:sre:DataComponent$azure-native:storage:StorageAccount$pulumi-python:dynamic:Resource`	`dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$pulumi-python:dynamic:Resource`
`dsh:sre:DataComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateDnsZoneGroup::sre_data_storage_account_data_private_sensitive`	`dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateDnsZoneGroup::sre_data_storage_account_data_private_sensitive`
`dsh:sre:DesiredStateComponent$azure-native:storage:StorageAccount`	`dsh:sre:DesiredStateComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount`

Upload the edited Pulumi state file

dsh pulumi run YOURSRENAME 'stack import --file /full/path/to/a/local/file.json'

Deploy using v5.2.0 which will complete the rest of the upgrade

dsh sre deploy YOURSRENAME

What's Changed

Cleaner exit when user credentials are incorrect by @craddm in #2296
Print SRE FQDN when deployment finishes by @craddm in #2297
Add logging for container instances by @JimMadge in #2295
Merge latest (v5.1.0) into develop by @craddm in #2304
Bump the production-dependencies group with 8 updates by @dependabot in #2306
Add firewall logs by @JimMadge in #2308
Update release checklist by @JimMadge in #2305
Add workspace log docs by @craddm in #2312
Ingest logs for blob containers by @JimMadge in #2310
Add logging for file shares by @JimMadge in #2319
Bump karancode/yamllint-github-action from 2.1.1 to 3.0.0 by @dependabot in #2324
Bump the production-dependencies group with 9 updates by @dependabot in #2323
Correct T2/3 PyPI/CRAN proxy information by @JimMadge in #2317
Check that a user belongs to the correct SHM domain when registering with an SRE by @craddm in #2292
[WIP] Add downloadable template security checklist by @craddm in #2328
Release v5.2.0 by @JimMadge in #2326

Full Changelog: v5.1.0...v5.2.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Release 5.2.0 (2024-12-05)

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Release Highlights

Known issues

Upgrading from 5.1.0

Create an upgrade JSON file with the following contents

Apply the upgrade JSON as follows

Download the Pulumi state file

Open the Pulumi state file in an editor and find-and-replace the following strings

Upload the edited Pulumi state file

Deploy using v5.2.0 which will complete the rest of the upgrade

What's Changed

Contributors

Uh oh!