data-safe-haven - Release 5.5.1 (2025-09-04)

Release Highlights

• Fixes the clamav-clamonacc unit file configuration, so it doesn't interrupt Ansible from configuring SRE workspaces properly.

What's Changed

• Hotfix: Using the correct socket on the unit file for clamav-clamonacc by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2476

Upgrading from 5.5.0

Run the following command to upgrade an existing SRE:

dsh deploy sre YOURSRENAME

You might need to re-run cloud-init manually in your workspaces for the new configuration to take place.

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.5.0...v5.5.1

- Python
Published by cptanalatriste 6 months ago

data-safe-haven - Release 5.5.0 (2025-07-18)

Release Highlights

• SRE users have now write privileges on /mnt/scratch, when using SRDs that support temporary storage.
• It is now possible to set up the size of Nexus persistent directory in the configuration file. And the default value has been increased from 2Gb to 10Gb.
• User services, like Gitea and HedgeDoc, sometimes change their IP address on restart, which makes them unavailable due to DNS issues. We have now a Container App Job that monitors this problem and fix it when happens.
• Documentation updates on clipboard control limitations and data egress instructions.

Upgrading from 5.4.1

Run the following command to upgrade an existing SRE:

dsh deploy sre YOURSRENAME

Changing the size of Nexus' persistent directory and running a Job for fixing container DNS will likely have an impact on the cost of running an SRE. Please use the configuration file to ensure your costs are within your budget.

What's Changed

• Merge latest (v5.4.1) into develop by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2430
• Documentation: Deploying SREs requires Owner role by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2433
• Enabling SRE users to write into /mnt/scratch by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2432
• Enabling configuring the size of Nexus' persistent directory by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2435
• ⬆️ Bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 by @dependabot[bot] in https://github.com/alan-turing-institute/data-safe-haven/pull/2436
• :arrow_up: Update Pulumi Docker images by @github-actions[bot] in https://github.com/alan-turing-institute/data-safe-haven/pull/2437
• :arrow_up: Update Pulumi Docker images by @github-actions[bot] in https://github.com/alan-turing-institute/data-safe-haven/pull/2443
• Bump lycheeverse/lychee-action from 2.4.0 to 2.4.1 by @dependabot[bot] in https://github.com/alan-turing-institute/data-safe-haven/pull/2444
• Pin Click to version 8.1.8 by @llewelld in https://github.com/alan-turing-institute/data-safe-haven/pull/2440
• Adding a sidecar to ACI instances to fix broken DNS entries by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2442
• Update Azure menu location to reflect changes to the egress process by @llewelld in https://github.com/alan-turing-institute/data-safe-haven/pull/2455
• Update egress instructions related to IP addresses by @llewelld in https://github.com/alan-turing-institute/data-safe-haven/pull/2456
• Informing DSH users about the limitations of clipboard control by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2459

New Contributors

• @llewelld made their first contribution in https://github.com/alan-turing-institute/data-safe-haven/pull/2440

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.4.1...v5.5.0

- Python
Published by cptanalatriste 8 months ago

data-safe-haven - Release 5.4.1 (2025-04-01)

Release Highlights

• Fixed a josepy related issue preventing DSH installation.
• Fixed missing persistent storage for Gitea to prevent failure after container restart.

Upgrading from 5.4.1

Please back up your Gitea codebase before updating the SRE. Our testing shows that repositories created before this update won't be repaired, so you will need to re-create them once the update is completed.

Once the backup is finished, run the following command to upgrade an existing SRE.

dsh deploy sre YOURSRENAME

What's Changed

• Reduce update workflow frequency by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2421
• Mounting a volume to fix Gitea after container restart. by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2423

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.4.0...v5.4.1

- Python
Published by cptanalatriste 11 months ago

data-safe-haven - Release v5.4.0 (2025-03-03)

Release Highlights

• Adds the dsh allowlist family of commands to allow easy manipulation of the package allowlists that limit access to packages on SREs where only pre-approved packages can be downloaded from CRAN/PyPi.
• Updates nexus-allowlist to handle changes to the Nexus Sonatype Repository initialization process

Upgrading from 5.3.1

Run the following command to upgrade an existing SRE

bash dsh deploy sre YOURSRENAME

Note that due to changes in the way the package allowlists are managed, new SREs will have no allowlist, and upgrading may remove existing allowlists. Administrators will need to manually update the allowlist as required.

What's Changed

• Bump the production-dependencies group with 5 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2366
• Fix docker image CI script by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2367
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2369
• Latest by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2371
• Create GitHub Action to upload to PyPI on release by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2374
• Bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2377
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2376
• Bump the production-dependencies group with 11 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2378
• Correct file parents by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2381
• Adding commands to manipulate allowlists by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2346
• Merge v5.3.1 into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2390
• Exclude non-package files from hatch build by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2388
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2391
• Don't upload *.pyc files to desired state by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2385
• ⬆️ Bump the production-dependencies group with 6 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2392
• Better teardown logging by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2394
• Ensure only files ending with pyc are excluded from desired state uploads by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2396
• ⬆️ Bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2399
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2397
• ⬆️ Bump the production-dependencies group with 7 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2398
• ⬆️ Bump cryptography from 44.0.0 to 44.0.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2402
• Revert "⬆️ Bump cryptography from 44.0.0 to 44.0.1" by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2403

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.3.1...v5.4.0

- Python
Published by craddm 12 months ago

data-safe-haven - Release 5.3.1 (2025-01-28)

Release Highlights

• Fixes issue with expiring SSL certificate
• Updates Nexus image to fix an initialisation problem

Upgrading from 5.3.0

Run the following command to upgrade an existing SRE

bash dsh deploy sre YOURSRENAME

What's Changed

• Hotfix: Renew SSL certificate in Pulumi https://github.com/alan-turing-institute/data-safe-haven/pull/2380
• Hotfix: update Nexus image by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2387

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.3.0...v5.3.1

- Python
Published by jemrobinson about 1 year ago

data-safe-haven - Release 5.3.0 (2025-01-20)

Release Highlights

• Adds/fixes support for Tier 0 and Tier 1 SREs
• Adds a reference section for the command line interface to the documentation

Upgrading from 5.2.1

Run the following command to upgrade an existing SRE

bash dsh deploy sre YOURSRENAME

What's Changed

• Bump ansible-core from 2.18.0 to 2.18.1 in /.hatch by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2329
• Add command reference to documentation by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2238
• Bump the production-dependencies group with 6 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2332
• Remove support for Internet Service Tag for Data Provider IP addresses by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2331
• Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2342
• Bump the production-dependencies group across 1 directory with 14 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2344
• Bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2339
• Retrieve SRE sub name and use that when connecting to guac database by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2351
• Merge latest (v5.2.0) into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2353
• Bump stefanzweifel/git-auto-commit-action from 5.0.1 to 5.1.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2358
• Bump the production-dependencies group with 4 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2357
• Merge 5.2.1 changes into develop by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2359
• Bump supported version to latest release by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2360
• Modifying Firewall rules to provide Internet Access to T0/T1 by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2327
• Release v5.3.0 by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2364

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.2.1...v5.3.0

- Python
Published by JimMadge about 1 year ago

data-safe-haven - Release 5.2.1 (2025-01-13)

Release Highlights

• Fixes guacamole-user-sync crash which was limiting SREs to a maximum of 10 users
• Fixes problem with listing users when SRE and SHM are deployed to different subscriptions

Upgrading from 5.2.0

Run the following command to upgrade an existing SRE

bash dsh deploy sre YOURSRENAME

What's Changed

• Guacamole user synchronisation problems by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2352
• Retrieve SRE sub name and use that when connecting to guac database by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2354

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.2.0...v5.2.1

- Python
Published by jemrobinson about 1 year ago

data-safe-haven - v5.2.0

Release Highlights

• More logs collected in the log analytics workspace
  • Storage
  • Ingress and egress stores
  • Desired state files
  • Users' home directories
  • Container configuration and persistent state
  • Container services
  • Firewall
• Better CLI feedback and error messages
• Documentation improvements

Known issues

Backup is not functional. Following the notice in the documentation will not enable backup.

⚠️ Update may require manual intervention ⚠️

SRE name changes

The method of sanitising SRE names when creating remote configuration files changed in v5.1.0. Previously, hyphens or underscores in the SRE name were removed from the name used for the remote configuration file.

If you have an SRE with a hyphen or underscore, you should download the configuration file before upgrading to v>=5.1.0. Upload the configuration again once you have upgraded to v>=5.1.0.

Entra groups and applications

If you are upgrading from v5.0.0 you will need to delete the Microsoft Entra groups and applications previously created by dsh. These are now managed by Pulumi, which will not be able to run correctly if resources with identical names already exist

You will also need to rerun the dsh shm deploy command, as some resources have been added to the SHM.

What's Changed

• Cleaner exit when user credentials are incorrect by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2296
• Print SRE FQDN when deployment finishes by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2297
• Add logging for container instances by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2295
• Merge latest (v5.1.0) into develop by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2304
• Bump the production-dependencies group with 8 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2306
• Add firewall logs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2308
• Update release checklist by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2305
• Add workspace log docs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2312
• Ingest logs for blob containers by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2310
• Add logging for file shares by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2319
• Bump karancode/yamllint-github-action from 2.1.1 to 3.0.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2324
• Bump the production-dependencies group with 9 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2323
• Correct T2/3 PyPI/CRAN proxy information by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2317
• Check that a user belongs to the correct SHM domain when registering with an SRE by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2292
• [WIP] Add downloadable template security checklist by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2328
• Release v5.2.0 by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2326

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.1.0...v5.2.0

- Python
Published by JimMadge about 1 year ago

data-safe-haven - v5.1.0

Release Highlights

• Logs from workspaces are now collected in a centralised log analytics workspace
• Research user IP address fields in the SRE configuration can now be set to Internet, rather than a specific IP address
• Bug fixes and documentation improvements

⚠️ Update may require manual intervention ⚠️

The method of sanitising SRE names when creating remote configuration files has changed. Previously, hyphens or underscores in the SRE name were removed from the name used for the remote configuration file. If you have an SRE with a hyphen or underscore, you should download the configuration file before upgrading to v5.1.0. Upload the configuration again once you have upgraded to v5.1.0.

What's Changed

• Bump the production-dependencies group with 13 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2244
• Update all contributors by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2257
• Merge release v5.0.1 into develop by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2258
• Bump the production-dependencies group with 5 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2259
• Update contributors names by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2260
• Bump ruff from 0.7.0 to 0.7.1 in the production-dependencies group by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2264
• Use Pulumi to create Entra applications by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2248
• Add confirmation checks and check for deployed SREs before teardown operations by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2266
• Add additional documentation about the configuration of copy and paste by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2265
• Enable monitoring agent to transmit to log analytics workspace by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2279
• Bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2286
• Bump the production-dependencies group across 1 directory with 9 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2287
• Allow 'Internet' for data providers IP by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2247
• Change method of sanitising SRE names by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2284
• [Documentation] Changing suggested SKU to StandardD8sv5 by @cptanalatriste in https://github.com/alan-turing-institute/data-safe-haven/pull/2290
• docs: update @cptanalatriste as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2293
• Add documentation on updating SRE configurations by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2291
• Bump the production-dependencies group with 8 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2298

New Contributors

• @cptanalatriste made their first contribution in https://github.com/alan-turing-institute/data-safe-haven/pull/2290

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.0.1...v5.1.0

- Python
Published by craddm over 1 year ago

data-safe-haven - v5.0.1

Release Highlights

• Bug fixes
• Support for deployment of SREs to different subscriptions from their SHM
• Enhanced user experience and documentation

:warning: Update Requires Manual Intervention :warning:

If you are upgrading from v5.0.0 you will need to delete the Microsoft Entra groups and applications previously created by dsh. These are now managed by Pulumi, which will not be able to run correctly if resources with identical names already exist

You will also need to rerun the dsh shm deploy command, as some resources have been added to the SHM.

What's Changed

• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2118
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2139
• Merge v5.0.0 release back into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2151
• Pin pyproject dependencies by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2154
• ⬆️ Bump typer from 0.12.4 to 0.12.5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2161
• ⬆️ Bump types-requests from 2.32.0.20240622 to 2.32.0.20240712 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2162
• ⬆️ Bump black from 24.4.2 to 24.8.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2163
• ⬆️ Bump ansible-dev-tools from 24.7.2 to 24.8.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2165
• Add project metadata to pyproject.toml by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2166
• ⬆️ Bump ruff from 0.5.0 to 0.6.2 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2164
• ⬆️ Bump coverage from 7.5.4 to 7.6.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2168
• ⬆️ Bump mypy from 1.10.1 to 1.11.2 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2169
• ⬆️ Bump rich from 13.7.1 to 13.8.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2167
• ⬆️ Bump types-pyyaml from 6.0.12.20240311 to 6.0.12.20240808 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2170
• ⬆️ Bump ansible from 10.2.0 to 10.3.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2172
• Group dependabot updates into a smaller number of PRs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2171
• ⬆️ Bump the production-dependencies group with 4 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2177
• Update installation instructions by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2155
• Replace emoji codes with characters in README by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2178
• ⬆️ Bump ruff from 0.6.2 to 0.6.3 in the production-dependencies group by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2179
• ⬆️ Bump peter-evans/create-pull-request from 6.1.0 to 7.0.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2182
• ⬆️ Bump cryptography from 43.0.0 to 43.0.1 in /.hatch by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2180
• ⬆️ Bump cryptography from 43.0.0 to 43.0.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2181
• ⬆️ Bump the production-dependencies group across 1 directory with 7 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2186
• ⬆️ Bump the production-dependencies group with 7 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2183
• ⬆️ Bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2190
• ⬆️ Bump the production-dependencies group with 13 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2191
• Update mount points by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2092
• Add ansible vars file by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2115
• ⬆️ Bump peter-evans/create-pull-request from 7.0.2 to 7.0.5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2193
• ⬆️ Bump the production-dependencies group with 11 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2194
• Show invalid config by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2189
• docs: add @mattwestby as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2198
• Tidy ansible by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2192
• Replace install deb script with Ansible tasks by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2205
• Add log messages for SRE deployment by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2204
• Update devcontainer by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2206
• Raise exception when admin group name is not found by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2196
• Bump the production-dependencies group with 7 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2208
• Update to v0.6.0 of guacamole-user-sync by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2214
• Add notes on workspace VM sizes by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2213
• Only print user tables for deployed SREs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2216
• Switch to psycopg[binary] by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2217
• Replace DBeaver with Beekeeper Studio by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2218
• Use appropriate provider for SHM DNS record by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2202
• Bump the production-dependencies group with 6 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2224
• Update smoke tests for new mount locations by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2219
• Modify workspace VM cloud-init to facilitate disk mounting and LDAP login by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2223
• Move security group creation to Pulumi by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2160
• Use correct paths to shared, input, and output drives on desktop by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2227
• Catch config upload validation errors by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2211
• Add list of supported regions by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2230
• Remove desktop files for gitea/hedgedoc by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2226
• Remove ANSI escape sequences from logfile by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2231
• Bump lycheeverse/lychee-action from 1.10.0 to 2.0.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2236
• Bump the production-dependencies group with 10 updates by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2235
• Simplify code for checking config availability and SRE deployment status by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2234
• Add internet by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2233
• Fix Pulumi/dsh Python mismatch by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2240
• Bump lycheeverse/lychee-action from 2.0.1 to 2.0.2 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/2245
• Use SHM name instead of description for Entra app by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2243
• Merge develop changes in 5.0.1rc1 by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2246
• Unchangable Pulumi workspace configuration by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2237
• Improve DNS delegation feedback by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2253
• Standardise subscription logging by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2255
• Management documentation updates by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2254
• Release 5.0.1 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2251

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.0.0...v5.0.1

- Python
Published by JimMadge over 1 year ago

data-safe-haven - v5.0.0

Release v5.0.0

Upgrading

This is a major release and it not compatible with any previous versions. To use this version you must start a new TRE deployment.

Changes

• Complete rewrite of code in Python using IAC and configuration management tools Pulumi and Ansible

What's Changed

• Release v4.0.1 candidate by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1324
• Proof-of-concept migration to Pulumi for deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1316
• Release v4.0.2 candidate by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1353
• Release v4.0.3 candidate by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1365
• Add instructions for installing documentation build dependencies by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1370
• Update docs with how to resize VMs by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1367
• Update Badges by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1371
• Update Powershell module requirements by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1368
• Allow -UseDeviceAuthentication switch in Deploy_SHM.ps1 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1378
• Prevent removal of backup data during dry run by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1383
• Pulumi: Fix user list retrieval by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1386
• Policy for software package requests by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1387
• Add firewall to Pulumi by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1375
• Add arrow CRAN package to Tier 3 allowlist by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1391
• :arrow_up: Update caching in allowlists workflow by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1395
• Update user management guide to explain adding users to security group and changing a phone number by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1389
• Add Python type-hinting throughout Pulumi codebase by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1390
• Add instructions for GPU VM resizing by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1399
• Simplify Pulumi secret handling by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1400
• Add separate docs section GPU VMs and specify NVIDIA required by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1406
• Add Linux update server proxy by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1404
• Remove reference to unused System Administrators Security Group by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1407
• Add automated updates to Pulumi by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1412
• Refactor SRD creation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1416
• Add SHM bastion by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1417
• Fix allowlist generation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1422
• Update SRD image by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1421
• Fix incorrect logic around automated PR creation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1426
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1425
• Add new servicebus endpoints for self-service password reset by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1423
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1428
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1429
• Remove egress steps not carried out by System Manager by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1434
• Update SRE user troubleshooting by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1435
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1433
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1437
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1440
• Add RPostgreSQL to t3 extra cran allowlist by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1441
• Revert "Add RPostgreSQL to t3 extra cran allowlist" by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1442
• Better package name matching for Nexus by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1447
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1454
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1456
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1460
• Update VM resizing note to suggest stopping the VM before increasing the quota by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1408
• Add data preparation guidance (including data integrity) by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1459
• Migrate docs to readthedocs.io by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1453
• Create users with no password expiry on AD by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1461
• Modify location of requirements.txt in Dockerfile by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1464
• Merge documentation changes into release branch by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1468
• cherrypick devcontainer fix to release branch by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1469
• Update servicebus endpoints used for self-service password reset by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1466
• Correct path to Scriberia cartoon in README.md by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1475
• Replace deprecated Set-AzDiagnosticSetting by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1470
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1477
• Correct link on citation badge by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1474
• Add CODEOWNERS for docs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1478
• Update documentation dependencies by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1476
• Enable pdf and html downloads on readthedocs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1462
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1482
• Updating SSL certificate doc + gitignore change + undo duplication of docs building by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1432
• Mount data and user directories in SRD by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1480
• Change servicebus firewall rule by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1485
• Folder typo for SHM deployment by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1488
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1489
• Force az login before reading Pulumi encryption key by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1490
• Clarify PR template by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1491
• Offline linkcheck by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1486
• Pulumi: Add Git and Markdown servers by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1492
• Fixing the build warnings for documentation by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1483
• Add Nexus repositories by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1499
• Pin container images by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1501
• Automate user synchronisation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1500
• Switch CLI interface to Typer by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1502
• Refactor config files by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1510
• Add portal.azure.com to lychee ignore list by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1520
• Bump certifi from 2023.5.7 to 2023.7.22 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1517
• Change allowed FQDN for ADConnect endpoints by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1505
• Fix for Powershell package expansion script by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1521
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1522
• Fix update package versions by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1523
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1524
• Update release 4.0.4 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1519
• Pulumi: Migrate pyproject to PyPA standard and hatch by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1506
• Improve Pulumi Logger behaviour by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1526
• Add type checking by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1527
• Update typer hierarchy by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1530
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1528
• Rename SRD to workspace by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1532
• Fix typing of external APIs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1533
• Use pip-compile for package resolution by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1514
• Disable logging from Pulumi dynamic components by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1534
• Update Pulumi resource ordering by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1536
• Add pip-tools to NONIMPORTABLEPACKAGES by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1537
• Update deprecation warning for MS RDS by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1542
• Release checklist GH issue template by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1543
• Add May 2023 DSG to versioning by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1545
• Add explanation of how to change allowed inbound IP addresses by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1484
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1547
• Pulumi: add backup by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1546
• Release v4.1.0 cloud init changes by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1548
• Pulumi auto-update of Docker images by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1552
• Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1553
• Remove MS Remote Desktop support by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1535
• Update SRE networking by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1555
• Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1559
• Add SRE routing by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1560
• Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1562
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1563
• Drop custom Pulumi whoami by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1564
• Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1565
• Pulumi: Lazy load Guacamole users when performing admin tasks by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1568
• Pulumi: Allow only specified user IP addresses by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1572
• Pulumi: deployment fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1577
• Pulumi: Improve SSL labs score by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1576
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1578
• Improve exception message tracking by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1583
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1579
• Fix deployment issues with MSSQL and PyPi mirrors by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1582
• Pulumi: SRE DNS filtering by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1566
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1588
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1587
• Updates for Release v4.1.0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1590
• Release v4.1.0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1586
• Remove CoCalc by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1554
• Merge 'latest' into 'develop' by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1593
• Add script to automate account deletion by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1508
• Add @craddm to CODEOWNERS by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1594
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1595
• Remove pulumi testing files from develop branch by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1597
• Reorganise Pulumi folder by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1599
• Fix Nexus issues by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1604
• Pulumi: Add update AAD sync script by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1605
• Package fixes for testing database functionality by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1606
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1601
• Allow az credential to get tokens for any tenant by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1610
• Add timeout for guac postgres queries by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1608
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1616
• Pulumi: Add smoke tests by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1614
• Move pulumi stack working directory initialisation by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1618
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1622
• Bump urllib3 from 2.0.2 to 2.0.6 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1625
• Improve Pulumi error messages by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1624
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1627
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1631
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1630
• Improve Python documentation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1635
• Use Pulumi random provider by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1629
• Pulumi: Fix selectors not updating by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1621
• Bump urllib3 from 2.0.6 to 2.0.7 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1647
• Remove hyphens from SHM and SRE names by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1650
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1646
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1652
• Pulumi: Improve login flow by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1617
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1654
• Add all contributors table and instructions for how to update by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1649
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1656
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1668
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1669
• Update devcontainer configuration by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1662
• Update outdated parameters that cause breaking change warnings by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1663
• Change default lun from lun1 to lun0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1667
• Add context command by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1655
• Pulumi: Update dependencies, enable pinning by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1660
• Remove unneeded opening bracket in SRE network configuration script by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1670
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1671
• Use memory for the /tmp directory by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1672
• Factor out storage creation from SHM scripts by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1673
• Add missing import for logging module by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1681
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1682
• Update help text for Powershell command shmId andsreId arguments by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1683
• Update contributors by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1684
• Document removal of persistent SRE storage accounts by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1685
• docs: update @helendduncan as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1686
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1688
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1692
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1693
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1694
• Update DBeaver drivers using Github workflow by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1696
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1698
• Bump jinja2 from 3.1.2 to 3.1.3 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1700
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1701
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1702
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1703
• Handle no selected context by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1691
• Add basic config commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1674
• Fixing DBeaver driver issues on T2+ SREs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1704
• Use Pydantic for validation and serialisation by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1661
• Improve handling of spaces in file paths by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1705
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1706
• Create pulumi container by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1711
• Fix private link scope by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1713
• Improve handling of SRE names by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1699
• Apply changes from updated black version by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1718
• Bump black version by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1719
• Fix some issues with context handling at deployment time by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1716
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1723
• Correct file path for clamonacc service by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1725
• Add additional multiple data provider guidance to docs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1707
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1727
• Fix PostgreSQL permissions and data schema, and relevant docs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1708
• Update to Ruff v0.2 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1731
• Minor DSC fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1729
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1728
• Drop deprecated NetworkProfile option for ContainerGroups by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1734
• Increase apt proxy server disk to 64 Gb by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1726
• Upgrade to PostgreSQL flexible server by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1735
• Use built-in Pulumi bcrypt by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1740
• Remove omsagent from build image by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1732
• Add links to guides for terminal, Xfce, and Guacamole by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1737
• Update software on guacamole server by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1741
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1742
• Update Nexus proxy server for T2/T3 package access by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1744
• Update CodiMD server version by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1743
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1746
• Install dev dependencies in container by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1747
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1748
• Add guidance on resizing NFS shares by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1749
• Update documents to reflect change to Microsoft Entra ID by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1665
• Improve hardcoded domains and IP addresses by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1745
• Add script to renew NFS share Stored Access Policies by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1739
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1750
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1758
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1760
• Add Roadmap by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1757
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1761
• Updates from pen test by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1763
• Restructure processes section of docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1766
• Release v4.2.0 by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1754
• Merge v4.2.0 into develop by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1767
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1769
• Merge develop into python-migration by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1768
• Minor Pulumi deployment fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1765
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1770
• Migrate deployment code to Python/Pulumi by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1773
• Bump cryptography from 41.0.7 to 42.0.4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1774
• Fix Docker versions script by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1775
• Remove pwsh by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1752
• Remove remaining pwsh things by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1779
• Bump idna from 3.4 to 3.7 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1785
• Bump idna from 3.6 to 3.7 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1786
• Add AzureAD/EntraID functionality by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1778
• Add dependabot configuration by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1787
• Update firewall rules to parity with 4.2.0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1781
• Change AllowExternalAzureAutomationOperations to a network rule by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1804
• Bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1798
• Bump peter-evans/create-pull-request from 4.2.4 to 6.0.3 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1796
• Bump actions/cache from 3 to 4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1793
• Bump lycheeverse/lychee-action from 1.7.0 to 1.9.3 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1791
• Update docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1806
• Bump myst-parser from 1.0.0 to 2.0.0 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1800
• Update dependabot config by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1803
• Bump karancode/yamllint-github-action from 2.0.0 to 2.1.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1790
• Bump actions/checkout from 2 to 4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1808
• Correct Python version by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1811
• Add UniqueList annotated type by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1815
• Use Apricot for authentication/identity by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1772
• Fix Docker image updater action by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1822
• Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1825
• Remove SHM DC by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1805
• Add local DNS for SRE identity server by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1821
• Create Enum for ports by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1819
• Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1829
• Fix dependabot by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1827
• Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1831
• Update Dockerfile and devcontainer for pulumi/python by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1834
• Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1842
• ⬆️ Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1843
• ⬆️ Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1844
• Run tests and linting on all PRs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1845
• Separate config classes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1840
• Pulumi storage fixes, including adding encryption key by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1839
• Move pulumi context settings and persistent data by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1820
• File structuring by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1848
• Break circular dependency in Context by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1853
• Move update servers to SRE by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1847
• Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1861
• Add warning messages to automatic PRs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1863
• Simplify SREProvisioningManager by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1858
• Remove unused SHM data component by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1860
• Add test for help function by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1855
• Fix identity server deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1865
• Basic deployment docs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1867
• Lint caddyfiles by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1856
• Use Entra ID throughout by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1869
• Move encrypted_key to DSHPulumiConfig by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1854
• Add option to run tests with code coverage by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1866
• Run coverage on PRs from forks by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1875
• Update coverage workflow trigger by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1876
• Use workflow structure suggested by py-cov-action by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1877
• Restructure commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1870
• Remove unused components by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1874
• Update docs for commands restructure by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1880
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1884
• Fix inconsistent firewall rules by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1883
• Protect against configuration changes by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1881
• Update GitHub templates by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1887
• Move SHM firewall to SRE by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1872
• Regular maintenance updates for Linux VMs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1885
• Arbitrary pulumi commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1888
• Update labels in GitHub templates by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1901
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1906
• Don't generate coverage for tests by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1907
• Add pulumi tests by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1894
• ⬆️ Bump requests from 2.31.0 to 2.32.0 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1910
• ⬆️ Bump requests from 2.31.0 to 2.32.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1912
• Remove Azure Automation from SHM by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1911
• Enable Azure api tests by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1913
• Fix next_occurrence function by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1893
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1918
• Suppress warnings in config template by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1920
• Validate SHM/SRE for user commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1921
• Clarify context add subscription argument by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1919
• Release v4.2.1 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1915
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1925
• Merge v4.2.1 changes into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1924
• Add action to update RTD docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1927
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1929
• Add more informative error messages to context commands by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1916
• Move log analytics to SRE by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1928
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1934
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1933
• Bump azure-identity from 1.16.0 to 1.16.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1935
• Remove SRE index by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1930
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1937
• docs: add @J0shev as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1941
• Logging by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1936
• Remove broken link to git cheat sheet by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1949
• Reduce number of files opened during testing by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1951
• ⬆️ Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1940
• Fix SSL certificate error by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1939
• Separate SHM and SRE configs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1943
• Add console module by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1948
• ⬆️ Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1959
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1958
• Correct test file name by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1960
• Adjust Pulumi message logging by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1957
• Fix for multiline errors when writing to log files by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1953
• Change package version specifiers to be lower limits by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1964
• Change public IP address SKU from basic to standard by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1966
• Updating user guidance on shared drives by @dsj976 in https://github.com/alan-turing-institute/data-safe-haven/pull/1967
• docs: add @dsj976 as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1968
• Add comments/docstrings to exceptions by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1873
• Merge SHM and context resource deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1963
• Remove unused code by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1970
• Update Ubuntu VM images by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1909
• Fix EntraApplication resource issues by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1975
• Add new priority for workspace denied by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1974
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1979
• Fix rogue highlighting by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1985
• Fix certificate teardown failure by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1983
• Add 'force' option to SRE teardown by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1982
• Stop deployment from non-approved IP addresses by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1977
• Add abc decorators to DshResourceProvider by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1981
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1990
• Ensure blob backup storage policy uses OperationalStore by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1988
• Fix tests with IP check by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1992
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1991
• Update link in docs for VPN instructions by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1993
• Ensure that Entra applications get deleted at teardown by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2003
• Update project roadmap by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2005
• Use DockerHub credentials by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2007
• Refactor Azure authentication classes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2002
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2013
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2012
• Docker hotfix by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2004
• Ensure that Pulumi encryption key is created during SHM deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2011
• Clean Pulumi state during cleanup by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2009
• Fix AzureSdk call by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2015
• Release v4.2.2 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1955
• Merge v4.2.2 changes into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2016
• Add location specifiers to network resources by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2023
• SRE deployment fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2026
• Exclude doi.org from lychee link check by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2030
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2029
• Allow unencrypted storage for Azure credential tokens by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2032
• User register docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2031
• Better logging during SRE provisioning by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2033
• Stop unnecessary resource recreation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2034
• Add workspace packages by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1892
• Suppress logging from AzureSdk and GraphApi in Pulumi dynamic components by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2018
• Purge Key Vault during SRE teardown by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2017
• Use a single resource group for all SRE resources by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2014
• Add polkit rule to allow colord by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2048
• Fix Ansible lint warning by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2047
• Add auditd configuration by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2024
• Fix construction of apt package lists by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2052
• Add Entra documentation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2039
• Fix smoke tests by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2050
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2058
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2057
• Fix teardown --force by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2060
• Fix shared Entra directory by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2054
• Postgres database component fixes by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2059
• Improve config error messages by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2020
• Fix context commands by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2065
• Improve credential logging and choice by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2064
• Update resource tags by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2073
• Miscellaneous fixes from TRESA testing by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2068
• Fix IP address in list by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2076
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2081
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2080
• Fix check for storage account names by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2079
• Add required PAM rule after pam_systemd.so by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2074
• Move entra documentation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2083
• Configure Clam AV by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2021
• Fix or remove legacy workflows by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2085
• Catch exception when not logged into az cli during SHM deploy by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2091
• Silence apt-news and esm-cache services by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2090
• Customise xrdp by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2088
• Add RStudio by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2093
• Use ubuntu-drivers to install Nvidia drivers by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2089
• Set xfce4 defaults by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2098
• Add validator for IP overlap by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2087
• Merge v4.2.2 from 'latest' into 'release-v5.0.0' by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2109
• Fix clamonacc service timeout by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2108
• Add application icons by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2103
• Improve VM SKU documentation and errors by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2111
• Fix pulumi colours by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2113
• :arrow_up: Update Python dependencies by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2119
• Remove notify to non-existent handler by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2122
• Ansible: create icons directory by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2121
• Fix Python and R repository smoke tests by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2114
• Add document section for fixing backups after SRE deployment by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2127
• Disable light locker by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2126
• Fix database password escaping by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2125
• Update user guide by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2130
• Disable xfce4 screensaver rather than light-locker (add user docs) by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2128
• Fixes for AzureSdk blob handling by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2132
• Mandate minimum TLS version of 1.2 for all storage accounts by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2133
• Improve application gateway security by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2138
• Update Nexus Allowlist container images by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2116
• Reduce application gateway costs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2140
• Reduce storage costs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2136
• List of SRE configs available in the current context by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2129
• Catch Graph API timeout exception by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2142
• Add --tier option to provide default settings by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2143
• Fix Guacamole copy/paste configuration by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2149
• Add security checklist by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2141
• Update allowed authentication methods by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2147

New Contributors

• @dependabot made their first contribution in https://github.com/alan-turing-institute/data-safe-haven/pull/1517
• @dsj976 made their first contribution in https://github.com/alan-turing-institute/data-safe-haven/pull/1967

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v4.2.2...v5.0.0

- Python
Published by JimMadge over 1 year ago

data-safe-haven - Release v5.0.0rc2

Release v5.0.0rc2

This release is not ready for production usage.

Known Issues

• ClamAV not configured
• Unstable container service IP addresses
• Lacking Nvidia utils

What's Changed

• Use pip-compile for package resolution by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1514
• Add pip-tools to NONIMPORTABLEPACKAGES by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1537
• Add May 2023 DSG to versioning by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1545
• Release v4.1.0 cloud init changes by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1548
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1578
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1579
• Fix deployment issues with MSSQL and PyPi mirrors by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1582
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1588
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1587
• Updates for Release v4.1.0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1590
• Release v4.1.0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1586
• Remove CoCalc by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1554
• Merge 'latest' into 'develop' by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1593
• Add script to automate account deletion by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1508
• Add @craddm to CODEOWNERS by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1594
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1595
• Remove pulumi testing files from develop branch by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1597
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1601
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1616
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1622
• Bump urllib3 from 2.0.2 to 2.0.6 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1625
• Improve Pulumi error messages by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1624
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1627
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1631
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1630
• Improve Python documentation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1635
• Use Pulumi random provider by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1629
• Pulumi: Fix selectors not updating by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1621
• Bump urllib3 from 2.0.6 to 2.0.7 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1647
• Remove hyphens from SHM and SRE names by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1650
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1646
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1652
• Pulumi: Improve login flow by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1617
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1654
• Add all contributors table and instructions for how to update by @edwardchalstrey1 in https://github.com/alan-turing-institute/data-safe-haven/pull/1649
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1656
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1668
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1669
• Update devcontainer configuration by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1662
• Update outdated parameters that cause breaking change warnings by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1663
• Change default lun from lun1 to lun0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1667
• Add context command by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1655
• Pulumi: Update dependencies, enable pinning by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1660
• Remove unneeded opening bracket in SRE network configuration script by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1670
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1671
• Use memory for the /tmp directory by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1672
• Factor out storage creation from SHM scripts by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1673
• Add missing import for logging module by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1681
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1682
• Update help text for Powershell command shmId andsreId arguments by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1683
• Update contributors by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1684
• Document removal of persistent SRE storage accounts by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1685
• docs: update @helendduncan as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1686
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1688
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1692
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1693
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1694
• Update DBeaver drivers using Github workflow by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1696
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1698
• Bump jinja2 from 3.1.2 to 3.1.3 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1700
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1701
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1702
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1703
• Handle no selected context by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1691
• Add basic config commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1674
• Fixing DBeaver driver issues on T2+ SREs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1704
• Use Pydantic for validation and serialisation by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1661
• Improve handling of spaces in file paths by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1705
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1706
• Create pulumi container by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1711
• Fix private link scope by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1713
• Improve handling of SRE names by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1699
• Apply changes from updated black version by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1718
• Bump black version by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1719
• Fix some issues with context handling at deployment time by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1716
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1723
• Correct file path for clamonacc service by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1725
• Add additional multiple data provider guidance to docs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1707
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1727
• Fix PostgreSQL permissions and data schema, and relevant docs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1708
• Update to Ruff v0.2 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1731
• Minor DSC fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1729
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1728
• Drop deprecated NetworkProfile option for ContainerGroups by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1734
• Increase apt proxy server disk to 64 Gb by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1726
• Upgrade to PostgreSQL flexible server by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1735
• Use built-in Pulumi bcrypt by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1740
• Remove omsagent from build image by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1732
• Add links to guides for terminal, Xfce, and Guacamole by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1737
• Update software on guacamole server by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1741
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1742
• Update Nexus proxy server for T2/T3 package access by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1744
• Update CodiMD server version by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1743
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1746
• Install dev dependencies in container by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1747
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1748
• Add guidance on resizing NFS shares by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1749
• Update documents to reflect change to Microsoft Entra ID by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1665
• Improve hardcoded domains and IP addresses by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1745
• Add script to renew NFS share Stored Access Policies by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1739
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1750
• Update SRD package versions by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1758
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1760
• Add Roadmap by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1757
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1761
• Updates from pen test by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1763
• Restructure processes section of docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1766
• Release v4.2.0 by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1754
• Merge v4.2.0 into develop by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1767
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1769
• Merge develop into python-migration by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1768
• Minor Pulumi deployment fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1765
• Update PyPI and CRAN allow lists by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1770
• Migrate deployment code to Python/Pulumi by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1773
• Bump cryptography from 41.0.7 to 42.0.4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1774
• Fix Docker versions script by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1775
• Remove pwsh by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1752
• Remove remaining pwsh things by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1779
• Bump idna from 3.4 to 3.7 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1785
• Bump idna from 3.6 to 3.7 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1786
• Add AzureAD/EntraID functionality by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1778
• Add dependabot configuration by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1787
• Update firewall rules to parity with 4.2.0 by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1781
• Change AllowExternalAzureAutomationOperations to a network rule by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1804
• Bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1798
• Bump peter-evans/create-pull-request from 4.2.4 to 6.0.3 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1796
• Bump actions/cache from 3 to 4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1793
• Bump lycheeverse/lychee-action from 1.7.0 to 1.9.3 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1791
• Update docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1806
• Bump myst-parser from 1.0.0 to 2.0.0 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1800
• Update dependabot config by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1803
• Bump karancode/yamllint-github-action from 2.0.0 to 2.1.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1790
• Bump actions/checkout from 2 to 4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1808
• Correct Python version by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1811
• Add UniqueList annotated type by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1815
• Use Apricot for authentication/identity by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1772
• Fix Docker image updater action by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1822
• Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1825
• Remove SHM DC by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1805
• Add local DNS for SRE identity server by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1821
• Create Enum for ports by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1819
• Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1829
• Fix dependabot by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1827
• Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1831
• Update Dockerfile and devcontainer for pulumi/python by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1834
• Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1842
• ⬆️ Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1843
• ⬆️ Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1844
• Run tests and linting on all PRs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1845
• Separate config classes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1840
• Pulumi storage fixes, including adding encryption key by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1839
• Move pulumi context settings and persistent data by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1820
• File structuring by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1848
• Break circular dependency in Context by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1853
• Move update servers to SRE by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1847
• Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1861
• Add warning messages to automatic PRs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1863
• Simplify SREProvisioningManager by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1858
• Remove unused SHM data component by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1860
• Add test for help function by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1855
• Fix identity server deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1865
• Basic deployment docs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1867
• Lint caddyfiles by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1856
• Use Entra ID throughout by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1869
• Move encrypted_key to DSHPulumiConfig by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1854
• Add option to run tests with code coverage by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1866
• Run coverage on PRs from forks by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1875
• Update coverage workflow trigger by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1876
• Use workflow structure suggested by py-cov-action by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1877
• Restructure commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1870
• Remove unused components by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1874
• Update docs for commands restructure by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1880
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1884
• Fix inconsistent firewall rules by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1883
• Protect against configuration changes by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1881
• Update GitHub templates by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1887
• Move SHM firewall to SRE by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1872
• Regular maintenance updates for Linux VMs by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1885
• Arbitrary pulumi commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1888
• Update labels in GitHub templates by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1901
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1906
• Don't generate coverage for tests by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1907
• Add pulumi tests by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1894
• ⬆️ Bump requests from 2.31.0 to 2.32.0 in /docs by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1910
• ⬆️ Bump requests from 2.31.0 to 2.32.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1912
• Remove Azure Automation from SHM by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1911
• Enable Azure api tests by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1913
• Fix next_occurrence function by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1893
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1918
• Suppress warnings in config template by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1920
• Validate SHM/SRE for user commands by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1921
• Clarify context add subscription argument by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1919
• Release v4.2.1 by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1915
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1925
• Merge v4.2.1 changes into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1924
• Add action to update RTD docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1927
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1929
• Add more informative error messages to context commands by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1916
• Move log analytics to SRE by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1928
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1934
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1933
• Bump azure-identity from 1.16.0 to 1.16.1 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1935
• Remove SRE index by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1930
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1937
• docs: add @J0shev as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1941
• Logging by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1936
• Remove broken link to git cheat sheet by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1949
• Reduce number of files opened during testing by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1951
• ⬆️ Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1940
• Separate SHM and SRE configs by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1943
• Add console module by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1948
• ⬆️ Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 by @dependabot in https://github.com/alan-turing-institute/data-safe-haven/pull/1959
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1958
• Correct test file name by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1960
• Adjust Pulumi message logging by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1957
• Fix for multiline errors when writing to log files by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1953
• Change package version specifiers to be lower limits by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1964
• docs: add @dsj976 as a contributor by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1968
• Add comments/docstrings to exceptions by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1873
• Merge SHM and context resource deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1963
• Remove unused code by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1970
• Update Ubuntu VM images by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/1909
• Fix EntraApplication resource issues by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1975
• Add new priority for workspace denied by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1974
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1979
• Fix rogue highlighting by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1985
• Fix certificate teardown failure by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1983
• Add 'force' option to SRE teardown by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1982
• Stop deployment from non-approved IP addresses by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1977
• Add abc decorators to DshResourceProvider by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/1981
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1990
• Fix tests with IP check by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1992
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/1991
• Ensure that Entra applications get deleted at teardown by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2003
• Update project roadmap by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2005
• Use DockerHub credentials by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2007
• Refactor Azure authentication classes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2002
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2013
• :arrow_up: Update Pulumi Docker images by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2012
• Ensure that Pulumi encryption key is created during SHM deployment by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2011
• Clean Pulumi state during cleanup by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2009
• Fix AzureSdk call by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2015
• Merge v4.2.2 changes into develop by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2016
• Add location specifiers to network resources by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2023
• SRE deployment fixes by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2026
• Exclude doi.org from lychee link check by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2030
• :arrow_up: Update Python dependencies by @github-actions in https://github.com/alan-turing-institute/data-safe-haven/pull/2029
• Allow unencrypted storage for Azure credential tokens by @craddm in https://github.com/alan-turing-institute/data-safe-haven/pull/2032
• User register docs by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2031
• Better logging during SRE provisioning by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2033
• Stop unnecessary resource recreation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2034
• Add workspace packages by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/1892
• Suppress logging from AzureSdk and GraphApi in Pulumi dynamic components by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2018
• Purge Key Vault during SRE teardown by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2017
• Use a single resource group for all SRE resources by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2014
• Add polkit rule to allow colord by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2048
• Fix Ansible lint warning by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2047
• Add auditd configuration by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2024
• Fix construction of apt package lists by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2052
• Add Entra documentation by @jemrobinson in https://github.com/alan-turing-institute/data-safe-haven/pull/2039
• Fix smoke tests by @JimMadge in https://github.com/alan-turing-institute/data-safe-haven/pull/2050

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v5.0.0-rc.1...v5.0.0-rc2

- Python
Published by JimMadge over 1 year ago

data-safe-haven - Release 4.2.2 (2024-07-15)

:warning: Update Requires Manual Intervention :warning:

If you are using a 4.2.x SHM and want to upgrade to 4.2.2, please follow the steps below:

For the SHM: 1. Add a docker section to your SHM config with a username and personal access token (following the SHM deployment instructions) 1. Re-run Setup_SHM_Networking.ps1 -shmId {shm} from deployment/safe_haven_management/setup

For any SRE that you deployed using an earlier 4.2.x version: 1. Delete the GUACAMOLE-SRE-{sreId} VM and associated resources from the RG_SHM_{shmId}_SRE_{sreId}_REMOTE_DESKTOP resource group 1. Re-run the deployment script Deploy_SRE.ps1 -shmId {shm} -sreId {sre} -VmSizes {as before} from deployment/secure_research_environment/setup

Known issues

• As for 4.2.0, 4.2.1

Bug Fixes

• Workaround for an issue where Let's Encrypt refused to provide certificates for uppercase FQDNs #1938
• Fix for change in Azure supported public IP address SKU for VPNs, which prevented deployment of the virtual network gateway for accessing domain controllers #1947
• Require supply of Docker Hub credentials to work round change in Docker download rate limits #1994
• Update approved IP address list for Ubuntu apt repositories
• Update to backup policy rules for Blob storage #1988

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v4.2.1...v4.2.2

- Python
Published by JimMadge over 1 year ago

data-safe-haven - Release v4.2.1 (2024-05-31)

:warning: Update Requires Manual Intervention :warning:

If you are using a 4.2.0 SHM and want to upgrade to 4.2.1, please follow the steps below:

1. Delete the GUACAMOLE-SRE-{sreId} VM and associated resources from the RG_SHM_{shmId}_SRE_{sreId}_REMOTE_DESKTOP resource group
2. Re-run the deployment script Deploy_SRE.ps1 -shmId {shm} -sreId {sre} -VmSizes {as before} from deployment/secure_research_environment/setup

Known issues

• As for 4.2.0

Bug Fixes

• Update Guacamole to 1.5.5 to avoid this known bug

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v4.2.0...v4.2.1

- Python
Published by JimMadge almost 2 years ago

data-safe-haven - Release 4.2.0 (2024-03-28)

Known issues

• Jupyter notebook launched from GUI menu could not launch Python kernel, so it has been removed from the menu 065764734952ea776f26d331867301a7ddda7444

New Features

• Remove Microsoft Remote Desktop support: https://github.com/alan-turing-institute/data-safe-haven/pull/1535
• Remove CoCalc: https://github.com/alan-turing-institute/data-safe-haven/pull/1554
• Install dev dependencies in container: https://github.com/alan-turing-institute/data-safe-haven/pull/1747
• Add script to renew NFS share Stored Access Policies: https://github.com/alan-turing-institute/data-safe-haven/pull/1739
• Add script to automate account deletion: https://github.com/alan-turing-institute/data-safe-haven/pull/1508
• Factored out storage creation from SHM scripts https://github.com/alan-turing-institute/data-safe-haven/pull/1673
• SRD image updated, with latest Python versions available f3e890a4bc1010de60447c2f80db858c1e1a6197

Bug Fixes

• Update DBeaver drivers using Github workflow: https://github.com/alan-turing-institute/data-safe-haven/pull/1696
• Fixing DBeaver driver issues on T2+ SREs: https://github.com/alan-turing-institute/data-safe-haven/pull/1704
• Improve handling of spaces in file paths: https://github.com/alan-turing-institute/data-safe-haven/pull/1705
• Correct file path for Clam OnAccess scanning service: https://github.com/alan-turing-institute/data-safe-haven/pull/1725
• Fix PostgreSQL permissions and data schema, and relevant docs: https://github.com/alan-turing-institute/data-safe-haven/pull/1708
• Update outdated parameters that cause breaking change warnings: https://github.com/alan-turing-institute/data-safe-haven/pull/1663
• Change default lun from lun1 to lun0: https://github.com/alan-turing-institute/data-safe-haven/pull/1667
• Increase apt proxy server disk to 64 Gb: https://github.com/alan-turing-institute/data-safe-haven/pull/1726
• Remove omsagent from VM build image: https://github.com/alan-turing-institute/data-safe-haven/pull/1732
• Remove hyphens from SHM and SRE names in https://github.com/alan-turing-institute/data-safe-haven/pull/1650
• Update devcontainer configuration in https://github.com/alan-turing-institute/data-safe-haven/pull/1662
• Use memory for the /tmp directory in https://github.com/alan-turing-institute/data-safe-haven/pull/1672
• Remove unneeded opening bracket in SRE network configuration script https://github.com/alan-turing-institute/data-safe-haven/pull/1670
• Add missing import for logging module https://github.com/alan-turing-institute/data-safe-haven/pull/1681
• Fix cloud-init log parser using old name for event 58a85bc18368238cb2366fc5f77bb39944d5c1c8
• Detect and remove omsagent installed on SRD image before generalization e168b05b796e4123b9d7a8e98b0063c7abca7065

Security Fixes

• Update software on Guacamole and Nginx to latest versions: https://github.com/alan-turing-institute/data-safe-haven/pull/1741
• Update Nexus proxy server for T2/T3 package access: in https://github.com/alan-turing-institute/data-safe-haven/pull/1744
• Update CodiMD server version: https://github.com/alan-turing-institute/data-safe-haven/pull/1743
• Improve hardcoded domains and IP addresses: https://github.com/alan-turing-institute/data-safe-haven/pull/1745
• Prevent Nginx version information from appearing in http headers

Documentation updates

• Add guidance on resizing NFS shares: https://github.com/alan-turing-institute/data-safe-haven/pull/1749
• Update documents to reflect change to Microsoft Entra ID: https://github.com/alan-turing-institute/data-safe-haven/pull/1665
• Update deprecation warning for MS RDS: https://github.com/alan-turing-institute/data-safe-haven/pull/1542
• Add explanation of how to change allowed inbound IP addresses: https://github.com/alan-turing-institute/data-safe-haven/pull/1484
• Add all contributors table and instructions for how to update: https://github.com/alan-turing-institute/data-safe-haven/pull/1649
• Update contributors: https://github.com/alan-turing-institute/data-safe-haven/pull/1684
• Document removal of persistent SRE storage accounts: https://github.com/alan-turing-institute/data-safe-haven/pull/1685
• docs: update contributors: https://github.com/alan-turing-institute/data-safe-haven/pull/1686
• Add additional multiple data provider guidance to docs: https://github.com/alan-turing-institute/data-safe-haven/pull/1707
• Add links to guides for terminal, Xfce, and Guacamole: https://github.com/alan-turing-institute/data-safe-haven/pull/1737
• Update help text for Powershell command shmId andsreId arguments https://github.com/alan-turing-institute/data-safe-haven/pull/1683

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v4.1.0...v4.2.0

- Python
Published by craddm almost 2 years ago

data-safe-haven - v5.0.0-rc.1

First version of migration to Python using Pulumi. Penetration tested in September 2023.

Known Issues

This release is not ready for production usage.

- Python
Published by jemrobinson over 2 years ago

data-safe-haven - v4.1.0

Update Requires Manual Intervention

:warning: If you are using an existing v4.X.Y SHM, and wish to deploy a v4.1.0 SRE onto it, please do the following to update your SHM for compatibility. :warning: - Run ./deployment/safe_haven_management/setup/Setup_SHM_Networking.ps1 -shmId <your SHM ID> - Restart the virtual machine at RG_SHM_<SHM name>_MONITORING/LINUX-UPDATES-SHM-<SHM name> in the Azure portal

Known Issues

Only phone call authentication works for MS RDS. This provides no on-screen MFA Prompt.

New Features

• Allow device authentication in SHM deployment https://github.com/alan-turing-institute/data-safe-haven/pull/1378
• Add arrow CRAN package to Tier 3 core list https://github.com/alan-turing-institute/data-safe-haven/pull/1391
• Update Python in SRD images https://github.com/alan-turing-institute/data-safe-haven/pull/1421

Bug Fixes

• Update Powershell module requirements: #1368
• Update supported Powershell version to 7.3.6
• Prevent removal of backup data during dry run: #1383
• Better package name matching for Nexus: #1447
• Update SRD image: #1421
• Add new servicebus endpoints for self-service password reset: #1423 and #1466
• Modify location of requirements.txt in Dockerfile: #1469
• Fixes of the SRD build related to python packages: #1514 and #1537
• Fix allowlist generation: #1422
• Update badges: #1371
• Update caching in allowlists workflow: #1395
• Fix incorrect logic around automated PR creation: #1426
• Update Ubuntu apt server addresses #1548
• Add docker.io to allowed-FQDNs #1548
• Change cloud-init files to automatically select appropriate disk partition #1548
• Fix MS-SQL database deployment #1580
• Fix PyPi Tier 3 mirror failures #1581

Security Fixes

• Fix non-allowed CRAN packages beginning with allowed name being installable: #1447
• Update to firewall rules: #1519

Documentation Updates

• Add instructions for installing documentation build dependencies: #1370
• Add instructions to resize VMs: #1367
• Update user management guide to explain adding users to security group and changing a phone number: #1389
• Add instructions for GPU VM resizing: #1399
• Add note on NVIDIA GPU support: #1406
• Remove reference to unused System Administrators Security Group: #1407
• Remove egress steps not carried out by System Manager: #1434
• Update SRE user troubleshooting: #1435
• Move from GitHub pages to ReadTheDocs #1468
• Add Policy for software package requests: #1387
• Add deprecation warning for MSRDS #1542
• Add warning that MSRDS does not work with the Microsoft Authentication app. #1589
• Add step for adding SSL certificate in step-by-step instructions for Guacamole #1590

Full Changelog: https://github.com/alan-turing-institute/data-safe-haven/compare/v4.0.3...release-v4.1.0

- Python
Published by JimMadge over 2 years ago

data-safe-haven - Release 4.0.3 (2023-01-27)

Bug fixes

• Update maximum allowed Powershell version
• Fix disk mounting issue when upgrading SRDs

Documentation updates

• Minor fixes

- Python
Published by jemrobinson about 3 years ago

data-safe-haven - Release 4.0.2 (2023-01-05)

Bug fixes

• Add missing Powershell module imports
• Fix -Upgrade option when adding new SRD
• Fix tensorflow installation in SRD base image
• Register Microsoft.DataProtection on subscriptions that an SRE will be deployed into
• Support cross-subscription role assignments for backup
• Switch to correct subscription before deploying update automation
• Update Powershell version requirements to avoid upstream bug
• Update SRD package versions
• Use process-scope when retrieving Graph authorization tokens with Connect-MgGraph

Security fixes

• Remove unnecessary information from deployment logging

Documentation updates

• Add link to teardown docs to deployment page
• Add a VSCode .devcontainer for use in deployment
• Clarify that IP addresses are required in SRE config file
• Consolidate MFA setup description
• Update documentation build triggers to also run on latest

- Python
Published by jemrobinson about 3 years ago

data-safe-haven - Release 4.0.1 (2022-10-24)

Bug fixes

• Add additional modules to requirements checker
• Add check for non-existing AzureAD security group
• Switch CI tests from Travis to GitHub Actions

Documentation updates

• Updated issue templates
• Fix documentation building

- Python
Published by jemrobinson over 3 years ago

data-safe-haven - Release 4.0.0 (2022-10-06)

New features

• Add apt update server
• Add backup for blob storage
• Add backup for VM disks
• Add DNS server capabilities to DC2
• Enable automated VM updates
• Relicence to BSD 3-Clause
• Simplify deployment configuration
• Simplify NPS setup
• Simplify Powershell modules
• Switch to using DSC when configuring domain controllers
• Unify deployment of repository mirrors/proxies

Bug fixes

• Fix AAD domain verification
• Fix database logic so that either 0,1 or 2 databases can be deployed in an SRE
• Fix DNS recursion on domain controllers
• Fix htmlproofer issues by version pinning
• Fix network/firewall rules that were stopping the installation of gitlab-ce
• Fix NSG rules that were blocking LDAP connections from webapps
• Fix SHM teardown failure
• Fix Tier-3 allowlist scripts
• Fix updating of Guacamole dashboard when reading users from LDAP
• Improve tear down scripts
• Make RDS cipher suite setting more robust
• Make template deployments more robust
• Modify SHM requirements script to optionally install missing modules
• Restrict repository updates to this SRE
• Set Az.Storage minimum version
• Update NVIDIA repository key
• Update QGIS repository key
• Update SRD package versions
• Update to SSIS 16.0 in lockdown script

Security fixes

• Add ClamAV to all Linux VMs
• Drop support for Atom text editor
• Drop support for sbt
• Switch storage to GRS

Documentation updates

• Add administrator documentation for backups
• Add backup test to security checklist
• Add citation file
• Add disclaimer text to main repository README
• Add instructions to remove Conditional Access policies when reusing an AzureAD
• Add user backup instructions
• Fix various typographical errors in the documentation
• Make deployment instructions more visible
• Make documentation less prescriptive
• Update GitHub issue templates
• Update password writeback instructions
• Update SHM deployment instructions
• Update user guide

- Python
Published by jemrobinson over 3 years ago

data-safe-haven - Release 3.4.0 (2022-02-26)

New features

• Whitelisted SSL Labs for analysing remote desktop entrypage.
• Updated SRD image with new packages and increased automation.
• Re-organised and standardised NSG rules
• Added tier 3 support for Nexus repositories

Bug fixes

• Fixed CoCalc NSG rules.
• Updated PyPI and CRAN allow lists.
• Switched to Mustache for all templating.
• Ensured that allow list generation does not time out.
• Replaced SHM networking ARM template.
• Switched from AzureAD.Standard preview to mainline version.
• Switched from AzureAD.Standard to Microsoft.Graph.
• Deprecated use of Write-Host.
• Ensured that pyenv virtual environment work correctly.
• Standarised NSG rule naming.
• Fixed overlapping IP ranges in example configs.
• Tidied up cloud-init files, moving scripts into dedicated files where appropriate.
• Switched Guacamole Docker deployment to use a non-root user.
• Simplified domain joining logic.
• Fixed check for tensorflow so that it is only applied if on the required package list.
• Fixed check for CoCalc deployment termination
• Set correct Graph permissions for changing user passwords

Documentation updates

• Fixed broken data classification flowchart.
• Added HTML checker to CI.
• Renamed DSVM to SRD throughout.
• Updated GitHub issue templates.
• Switched to GitHub discussions where relevant.
• Fixed GitHub Actions PR generation.
• Warned against using special characters in usernames.
• Added a Jupyter notebook for interactive testing, together with updates to the documentation.
• Fixed GitHub Actions cron jobs.

- Python
Published by jemrobinson about 4 years ago

data-safe-haven - Release 3.3.1 (2021-12-10)

Bug fixes

• Allow Tier 0/1 SREs to access the internet as expected
• Correct NSG rule to allow connection to webapps from dashboard
• Ensure that CoCalc VM can connect to the package repositories

Documentation

• Fixed a broken link in the code of conduct

View and clone the repository at this version

- Python
Published by jemrobinson about 4 years ago

data-safe-haven - Release 3.3.0 (2021-06-16)

New features

• Added support for Guacamole remote desktop
• Added single-script SRE deployment (for Guacamole only)
• Added CoCalc webapp
• Added support for more Mustache features when expanding templates
• Added syslog collection for Linux hosts
• Added instructions for migrating users from one SHM to another

Bug fixes

• Allow VMs that were stopped due to lack of credit to be restarted
• Ensure that parameters are passed to remote scripts in a consistent way
• Work-around when using "allow" in the AzurePlatformDNS NSG rule
• Better method of identifying resource groups when tearing down SHM/SRE

Documentation

• Improved style and clarity of deployment documentation
• Improved documentation around image building
• First draft of DSPT documentation
• Better documentation for ingress/egress
• Changed some names to be more inclusive
• Updated security checklist
• Switched to GitFlow and added some explanatory text
• Added automated documentation building

View and clone the repository at this version

- Python
Published by jemrobinson over 4 years ago

data-safe-haven - Release 3.2.0 (2021-03-24)

New features

• Added diagnostic script for DSVM drive mounts
• Added new packages to DSVM
• Added Nexus option for tier-2 mirrors
• Added Powershell code style tests to CI
• Added scripts for deploying a standalone tier1 with CUDA support
• Added support for NFS blob storage for local data
• Added support for SMB blob storage for data ingress
• Dropped support for Python 2.7
• Ensured consistent NTP server across VMs
• Stopped serialising full config files to disk
• Switched to pyenv for installing python

Security

• Blocked DNS tunnelling for DSVMs
• Disabled legacy TLS on RDS Gateway
• Stopped using FQDN tags in firewall rules

Bug fixes

• Added missing tags to resource group names
• Added missing logging resource group creation
• Allowed VM deployment after network lockdown
• Ensured firewall is started when updated and when SHM VMs are started
• Fixed SHM certificate generation
• Fixed SHM networking deployment
• Fixed SRE naming convention
• Pinned version of bandersnatch as newer versions are not working
• Refactored networking functions
• Refactored VM startup, shutdown and resize scripts
• Removed hard-coded rule on which IP addresses can connect to the SHM
• Removed multiple references to RDS
• Simplified AzureAD disconnect
• Simplified webapp deployment
• Updated Disconnect_AD to work with firewall

Documentation

• Added design decision documents
• Added documentation of database option
• Added initial draft of DSPT certification answers
• Added issue templates and improve GitHub labels
• Improved the Safe Haven deployment documentation
• Updated release and versioning table

View and clone the repository at this version

- Python
Published by jemrobinson almost 5 years ago

data-safe-haven - Release 3.1.0 (2020-07-13)

New features

• Added Azure Firewall with rules to support Windows updates and Azure logging.
• Gather initial set of logs from VMs to centralised Azure Log Analytics workspace.

View and clone the repository at this version

- Python
Published by martintoreilly over 5 years ago

data-safe-haven - Release 3.0.1-beta (2020-06-30)

New features

• Added postgis support to Postgres DB.
• Added clamav.
• Fixed localadsync permissions.
• Removed unused files.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 3.0.0-beta (2020-06-09)

New features

• Removed SRE DC.
• Support for tier-3 package mirrors.
• Improvements to DSVM build workflow.
• Added support for PostgreSQL and MS-SQL database servers in SRE.
• Additional Powershell migration.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 2.0.0-beta (2020-03-22)

New features

• Improved SHM and system administration scripts.
• Refactored common functions.
• Migrated many shell scripts to Powershell.
• Standardised Azure naming.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 1.1.0-beta (2019-12-09)

New features

• Improved SHM domain controller configuration.
• Documentation improvements.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 1.0.1-beta (2019-09-09)

New features

• Documentation and system administration improvements.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 1.0.0-beta (2019-08-13)

New features

• Initial version of scripted SHM deployment.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 0.3.0-beta (2019-06-24)

New features

• Initial user guide.
• Improved SRE deployment.
• Added tier-2 package mirrors.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 0.2.0-beta (2019-05-08)

New features

Scripted SRE deployment with documentation.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago

data-safe-haven - Release 0.1.0-beta (2019-02-22)

New features

• Initial version of scripted SRE deployment.

View and clone the repository at this version

- Python
Published by jemrobinson over 5 years ago