convert to service connector and kv secrets

Author: cephalin

.deployment

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.10
+FROM mcr.microsoft.com/vscode/devcontainers/python:3.12
 
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y install --no-install-recommends postgresql-client \

.devcontainer/Dockerfile

@@ -2,9 +2,10 @@
 
 This `.devcontainer` directory contains the configuration for a [dev container](https://docs.github.com/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers) and isn't used by the sample application.
 
-The dev container configuration lets you open the repository in a [GitHub codespace](https://docs.github.com/codespaces/overview) or a dev container in Visual Studio Code. For your convenience, the dev container is configured with the following:
+The dev container configuration lets you open therepository in a [GitHub codespace](https://docs.github.com/codespaces/overview) or a dev container in Visual Studio Code. For your convenience, the dev container is configured with the following: 
 
 - Python
+- Running `pip install -r requirements.txt` from the project at container start.
 - PostgreSQL
 - Redis
 - [Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/overview) (so you can run `azd` commands directly).

.devcontainer/README.md

@@ -2,7 +2,7 @@
 	"name": "python-app-service-postgresql-redis-infra",
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "app",
-	"workspaceFolder": "/workspace",
+	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 	"features": {
 		"ghcr.io/azure/azure-dev/azd:latest": {}
 	},
@@ -14,7 +14,8 @@
 				"ms-python.python",
 				"ms-python.vscode-pylance",
 				"mtxr.sqltools",
-				"mtxr.sqltools-driver-pg"
+				"mtxr.sqltools-driver-pg",
+				"GitHub.copilot"
 			],
 			"settings": {
 				"sqltools.connections": [
@@ -29,7 +30,6 @@
 						"password": "app_password"
 					}
 				],
-				"python.pythonPath": "/usr/local/bin/python",
 				"python.languageServer": "Pylance",
 				"python.linting.enabled": true,
 				"python.linting.mypyEnabled": true,
@@ -51,12 +51,10 @@
 			}
 		}
 	},
-	// Use 'forwardPorts' to make a list of ports inside the container available locally. 5000 is for Flask, 8000 is for Django, and 5432 is for PostgreSQL.
-	"forwardPorts": [
-		8000, 5000, 5432
-	],
+	// Use 'forwardPorts' to make a list of ports inside the container available locally. 
+	// "forwardPorts": [],
 	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "",
+	"postCreateCommand": "pip install -r requirements.txt",
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "vscode"
 }

.devcontainer/devcontainer.json

@@ -45,10 +45,6 @@ This project has a [dev container configuration](.devcontainer/), which makes it
 1. In the codespace terminal, run the following commands:
 
     ```shell
-    # Install requirements
-    python3 -m pip install -r requirements.txt
-    # Create .env with environment variables
-    cp .env.sample.devcontainer .env
     # Run database migrations
     python3 manage.py migrate
     # Start the development server

.env.sample

@@ -13,18 +13,18 @@ hooks:
   postprovision:
     posix: 
       shell: sh
-      run: echo $'\n\nApp Service app has the following settings:\n' && echo "$WEB_APP_SETTINGS" | jq -r '.[]' | sed 's/\(.*\)/\t- \1/' && echo -e $"\nSee the settings in the portal:\033[1;36m $WEB_APP_CONFIG" 
+      run: printf '\nApp Service app has the following connection settings:\n' && printf "$CONNECTION_SETTINGS" | jq -r '.[]' | sed 's/\(.*\)/\t- \1/' && printf "\nSee the settings in the portal:\033[1;36m $WEB_APP_CONFIG\n" 
       interactive: true
       continueOnError: true
     windows:
       shell: pwsh
-      run: Write-Host "`n`nApp Service app has the following settings:`n" $WEB_APP_SETTINGS | ConvertFrom-Json | ForEach-Object { Write-Host "\t- $_" }
+      run: Write-Host "`n`nApp Service app has the following connection settings:`n" $CONNECTION_SETTINGS | ConvertFrom-Json | ForEach-Object { Write-Host "\t- $_" }
       interactive: true
       continueOnError: true
   postdeploy:
     posix: 
       shell: sh
-      run: echo -e $"\n\nOpen SSH session to App Service container at:\033[1;36m $WEB_APP_SSH\033[0m" && echo -e $"Stream App Service logs at:\033[1;36m $WEB_APP_LOG_STREAM"
+      run: printf "Open SSH session to App Service container at:\033[1;36m $WEB_APP_SSH\033[0m\nStream App Service logs at:\033[1;36m $WEB_APP_LOG_STREAM\n"
       interactive: true
       continueOnError: true
     windows:

.env.sample.devcontainer

@@ -26,24 +26,20 @@
 STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
 STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
 
-# Configure Postgres database based on connection string of the libpq Keyword/Value form
-# https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
-conn_str = os.environ['AZURE_POSTGRESQL_CONNECTIONSTRING']
-conn_str_params = {pair.split('=')[0]: pair.split('=')[1] for pair in conn_str.split(' ')}
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql',
-        'NAME': conn_str_params['dbname'],
-        'HOST': conn_str_params['host'],
-        'USER': conn_str_params['user'],
-        'PASSWORD': conn_str_params['password'],
+        'NAME': os.environ['AZURE_POSTGRESQL_NAME'],
+        'HOST': os.environ['AZURE_POSTGRESQL_HOST'],
+        'USER': os.environ['AZURE_POSTGRESQL_USER'],
+        'PASSWORD': os.environ['AZURE_POSTGRESQL_PASSWORD'],
     }
 }
 
 CACHES = {
         "default": {  
             "BACKEND": "django_redis.cache.RedisCache",
-            "LOCATION": os.environ.get('AZURE_REDIS_CONNECTIONSTRING'),
+            "LOCATION": os.environ['AZURE_REDIS_CONNECTIONSTRING'],
             "OPTIONS": {
                 "CLIENT_CLASS": "django_redis.client.DefaultClient",
                 "COMPRESSOR": "django_redis.compressors.zlib.ZlibCompressor",

README.md

@@ -17,6 +17,8 @@ param databasePassword string
 @description('Django SECRET_KEY for securing signed data')
 param secretKey string
 
+param principalId string = ''
+
 var resourceToken = toLower(uniqueString(subscription().id, name, location))
 var tags = { 'azd-env-name': name }
 
@@ -35,14 +37,15 @@ module resources 'resources.bicep' = {
     resourceToken: resourceToken
     tags: tags
     databasePassword: databasePassword
+    principalId: principalId
     secretKey: secretKey
   }
 }
 
 output AZURE_LOCATION string = location
 output APPLICATIONINSIGHTS_CONNECTION_STRING string = resources.outputs.APPLICATIONINSIGHTS_CONNECTION_STRING
 output WEB_URI string = resources.outputs.WEB_URI
-output WEB_APP_SETTINGS array = resources.outputs.WEB_APP_SETTINGS
+output CONNECTION_SETTINGS array = resources.outputs.CONNECTION_SETTINGS
 output WEB_APP_LOG_STREAM string = resources.outputs.WEB_APP_LOG_STREAM
 output WEB_APP_SSH string = resources.outputs.WEB_APP_SSH
-output WEB_APP_CONFIG string = resources.outputs.WEB_APP_CONFIG
+output WEB_APP_CONFIG string = resources.outputs.WEB_APP_CONFIG

azure.yaml

@@ -1,18 +1,21 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-      "name": {
-        "value": "${AZURE_ENV_NAME}"
-      },
-      "location": {
-        "value": "${AZURE_LOCATION}"
-      },
-      "databasePassword": {
-        "value": "$(secretOrRandomPassword)"
-      },
-      "secretKey": {
-        "value": "$(secretOrRandomPassword)"
-      }
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "${AZURE_ENV_NAME}"
+    },
+    "location": {
+      "value": "${AZURE_LOCATION}"
+    },
+    "databasePassword": {
+      "value": "$(secretOrRandomPassword)"
+    },
+    "principalId": {
+      "value": "${AZURE_PRINCIPAL_ID}"
+    },
+    "secretKey": {
+      "value": "$(secretOrRandomPassword)"
     }
   }
+}