Skip to content

Errors when running dsh allowlist #2431

New issue
New issue
Open
Open
Errors when running dsh allowlist#2431
Labels
bugProblem when deploying a Data Safe Haven.
@cptanalatriste

Description

@cptanalatriste
cptanalatriste
opened on Apr 7, 2025

✅ Checklist

  • I have searched open and closed issues for duplicates.
  • This is a problem observed when managing a Data Safe Haven.
  • I can reproduce this with the latest version.
  • I have read through the documentation.
  • This isn't an open-ended question (open a discussion if it is).

💻 System information

  • Operating System: macOS
  • Data Safe Haven version: 5.4.0

📦 Packages

List of packages 
Paste list of packages here

🚫 Describe the problem

Executing dsh allowlist show stagingcvdnet pypi fails with a No keys were retrieved for storage account 'shmprodsrestagconfigdata' in resource group 'shm-prod5-sre-stagingcvdnet-rg', but the storage account definitely exists at that resource group.

When attempting to upload a new allowlist using dsh allowlist upload stagingcvdnet ... we obtain instead an Storage account 'shmprodsrestagconfigdata' could not be found. error message.

For an extended discussion of this issue, please refer to: https://alan-turing-institute.slack.com/archives/C0428BBM94M/p1743778586555369

🚂 Workarounds or solutions

We did a deep dive into this issue with @craddm , and discovered that the alllowlist.py script was using an incorrect subscription_id value, corresponding to the management environment instead of the SRE. While the current version of the code works when both management environment and SRE are in the same subscription, when they're different the reported error occurs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugProblem when deploying a Data Safe Haven.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions