From 860209479bf6cddd7e000500dfdd3fbc4d55bada Mon Sep 17 00:00:00 2001
From: James Robinson <james.em.robinson@gmail.com>
Date: Wed, 23 Aug 2023 11:53:40 +0100
Subject: [PATCH 1/2] :bug: Use public IP addresses from config instead of
 defaulting to Internet

---
 data_safe_haven/pulumi/components/sre_networking.py | 5 +++--
 data_safe_haven/pulumi/declarative_sre.py           | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/data_safe_haven/pulumi/components/sre_networking.py b/data_safe_haven/pulumi/components/sre_networking.py
index 3af44b0bd8..b0bda708c2 100644
--- a/data_safe_haven/pulumi/components/sre_networking.py
+++ b/data_safe_haven/pulumi/components/sre_networking.py
@@ -23,6 +23,7 @@ def __init__(
         shm_zone_name: Input[str],
         sre_index: Input[int],
         sre_name: Input[str],
+        user_public_ip_ranges: Input[list[str]],
     ) -> None:
         # Virtual network and subnet IP ranges
         subnet_ranges = Output.from_input(sre_index).apply(
@@ -58,7 +59,7 @@ def __init__(
         # Other variables
         self.firewall_ip_address = firewall_ip_address
         self.location = location
-        self.public_ip_range_users = "Internet"
+        self.user_public_ip_ranges = user_public_ip_ranges
         self.shm_fqdn = shm_fqdn
         self.shm_networking_resource_group_name = shm_networking_resource_group_name
         self.shm_subnet_identity_servers_prefix = shm_subnet_identity_servers_prefix
@@ -183,7 +184,7 @@ def __init__(
                     name="AllowUsersInternetInbound",
                     priority=NetworkingPriorities.AUTHORISED_EXTERNAL_USER_IPS,
                     protocol=network.SecurityRuleProtocol.TCP,
-                    source_address_prefix=props.public_ip_range_users,
+                    source_address_prefixes=props.user_public_ip_ranges,
                     source_port_range="*",
                 ),
                 network.SecurityRuleArgs(
diff --git a/data_safe_haven/pulumi/declarative_sre.py b/data_safe_haven/pulumi/declarative_sre.py
index a3e7c87efb..947e2153e7 100644
--- a/data_safe_haven/pulumi/declarative_sre.py
+++ b/data_safe_haven/pulumi/declarative_sre.py
@@ -83,6 +83,7 @@ def run(self) -> None:
                 shm_zone_name=self.cfg.shm.fqdn,
                 sre_index=self.cfg.sres[self.sre_name].index,
                 sre_name=self.sre_name,
+                user_public_ip_ranges=self.cfg.sres[self.sre_name].research_user_ip_addresses,
             ),
         )
 

From 7d1e977e69987ed1f11ea6565cdc46541a125246 Mon Sep 17 00:00:00 2001
From: James Robinson <james.em.robinson@gmail.com>
Date: Thu, 24 Aug 2023 19:38:29 +0100
Subject: [PATCH 2/2] :rotating_light: Fix linting issues

---
 data_safe_haven/pulumi/declarative_sre.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data_safe_haven/pulumi/declarative_sre.py b/data_safe_haven/pulumi/declarative_sre.py
index 947e2153e7..1253462f7f 100644
--- a/data_safe_haven/pulumi/declarative_sre.py
+++ b/data_safe_haven/pulumi/declarative_sre.py
@@ -83,7 +83,9 @@ def run(self) -> None:
                 shm_zone_name=self.cfg.shm.fqdn,
                 sre_index=self.cfg.sres[self.sre_name].index,
                 sre_name=self.sre_name,
-                user_public_ip_ranges=self.cfg.sres[self.sre_name].research_user_ip_addresses,
+                user_public_ip_ranges=self.cfg.sres[
+                    self.sre_name
+                ].research_user_ip_addresses,
             ),
         )