Pulumi: Move command line arguments to configuration

[JimMadge]

:white_check_mark: Checklist

• [x] I have searched open and closed issues for duplicates.
• [x] This is a request for a new feature in the Data Safe Haven or an upgrade to an existing feature.
• [x] The feature is still missing in the latest version.
• [x] I have read through the documentation.
• [x] This isn't an open-ended question (open a discussion if it is).

:strawberry: Suggested change

A number of the dsh commands take command line arguments which change what is deployed. For example, dsh deploy sre can specify allowed IPs, workspaces, allowed packages. There is a risk here that changes could be made to a deployed environment by accident, and to avoid making changes admins will need to find a way to share the correct arguments.

This contrasts with the shared configuration in the backend storage account. I think we should simplify/unify this and perhaps add some functionality. The aim should be for an admin to only have to declare the "name" of the shm/sre.

:steam_locomotive: How could this be done?

• Move command line arguments to configuration
• Commands to set configuration
  • interactive?
  • upload/download file?
  • get/set individual options (like git config)
• Ask confirmation for changes or use --force to override

[jemrobinson]

I suggest that, like git config, this is stored somewhere where a user can edit it, but is expected to use the dsh config commands to interact with it most of the time. We can repurpose our current backend_settings config file and location for this.