convert to service connector and kv secrets

Author: cephalin

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.10
+FROM mcr.microsoft.com/vscode/devcontainers/python:3.12
 
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y install --no-install-recommends postgresql-client \

.devcontainer/README.md

@@ -5,5 +5,6 @@ This `.devcontainer` directory contains the configuration for a [dev container](
 The dev container configuration lets you open the repository in a [GitHub codespace](https://docs.github.com/codespaces/overview) or a dev container in Visual Studio Code. For your convenience, the dev container is configured with the following:
 
 - Python
+- Running `pip install -r requirements.txt` from the project at container start.
 - PostgreSQL
 - [Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/overview) (so you can run `azd` commands directly).

.devcontainer/devcontainer.json

@@ -2,7 +2,7 @@
 	"name": "python-app-service-postgresql-redis-infra",
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "app",
-	"workspaceFolder": "/workspace",
+	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 	"features": {
 		"ghcr.io/azure/azure-dev/azd:latest": {}
 	},
@@ -29,7 +29,6 @@
 						"password": "app_password"
 					}
 				],
-				"python.pythonPath": "/usr/local/bin/python",
 				"python.languageServer": "Pylance",
 				"python.linting.enabled": true,
 				"python.linting.mypyEnabled": true,
@@ -51,12 +50,10 @@
 			}
 		}
 	},
-	// Use 'forwardPorts' to make a list of ports inside the container available locally. 5000 is for Flask, 8000 is for Django, and 5432 is for PostgreSQL.
-	"forwardPorts": [
-		8000, 5000, 5432
-	],
+	// Use 'forwardPorts' to make a list of ports inside the container available locally. 
+	// "forwardPorts": [],
 	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "",
+	"postCreateCommand": "pip install -r requirements.txt",
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "vscode"
 }

.env.sample.devcontainer .env.env.sample.devcontainer renamed to .env

@@ -13,18 +13,18 @@ hooks:
   postprovision:
     posix: 
       shell: sh
-      run: echo $'\n\nApp Service app has the following settings:\n' && echo "$WEB_APP_SETTINGS" | jq -r '.[]' | sed 's/\(.*\)/\t- \1/' && echo -e $"\nSee the settings in the portal:\033[1;36m $WEB_APP_CONFIG" 
+      run: printf '\nApp Service app has the following connection settings:\n' && printf "$CONNECTION_SETTINGS" | jq -r '.[]' | sed 's/\(.*\)/\t- \1/' && printf "\nSee the settings in the portal:\033[1;36m $WEB_APP_CONFIG\n" 
       interactive: true
       continueOnError: true
     windows:
       shell: pwsh
-      run: Write-Host "`n`nApp Service app has the following settings:`n" $WEB_APP_SETTINGS | ConvertFrom-Json | ForEach-Object { Write-Host "\t- $_" }
+      run: Write-Host "`n`nApp Service app has the following connection settings:`n" $CONNECTION_SETTINGS | ConvertFrom-Json | ForEach-Object { Write-Host "\t- $_" }
       interactive: true
       continueOnError: true
   postdeploy:
     posix: 
       shell: sh
-      run: echo -e $"\n\nOpen SSH session to App Service container at:\033[1;36m $WEB_APP_SSH\033[0m" && echo -e $"Stream App Service logs at:\033[1;36m $WEB_APP_LOG_STREAM"
+      run: printf "Open SSH session to App Service container at:\033[1;36m $WEB_APP_SSH\033[0m\nStream App Service logs at:\033[1;36m $WEB_APP_LOG_STREAM\n"
       interactive: true
       continueOnError: true
     windows:

.env.sample

@@ -1,13 +1,8 @@
 import os
 
-# Configure Postgres database based on connection string of the libpq Keyword/Value form
-# https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
-conn_str = os.environ['AZURE_POSTGRESQL_CONNECTIONSTRING']
-conn_str_params = {pair.split('=')[0]: pair.split('=')[1] for pair in conn_str.split(' ')}
-
 DATABASE_URI = 'postgresql+psycopg2://{dbuser}:{dbpass}@{dbhost}/{dbname}'.format(
-    dbuser=conn_str_params['user'],
-    dbpass=conn_str_params['password'],
-    dbhost=conn_str_params['host'],
-    dbname=conn_str_params['dbname']
+    dbuser=os.getenv('AZURE_POSTGRESQL_USER'),
+    dbpass=os.getenv('AZURE_POSTGRESQL_PASSWORD'),
+    dbhost=os.getenv('AZURE_POSTGRESQL_HOST'),
+    dbname=os.getenv('AZURE_POSTGRESQL_NAME')
 )

azure.yaml

@@ -17,6 +17,8 @@ param databasePassword string
 @description('Django SECRET_KEY for securing signed data')
 param secretKey string
 
+param principalId string = ''
+
 var resourceToken = toLower(uniqueString(subscription().id, name, location))
 var tags = { 'azd-env-name': name }
 
@@ -35,14 +37,15 @@ module resources 'resources.bicep' = {
     resourceToken: resourceToken
     tags: tags
     databasePassword: databasePassword
+    principalId: principalId
     secretKey: secretKey
   }
 }
 
 output AZURE_LOCATION string = location
 output APPLICATIONINSIGHTS_CONNECTION_STRING string = resources.outputs.APPLICATIONINSIGHTS_CONNECTION_STRING
 output WEB_URI string = resources.outputs.WEB_URI
-output WEB_APP_SETTINGS array = resources.outputs.WEB_APP_SETTINGS
+output CONNECTION_SETTINGS array = resources.outputs.CONNECTION_SETTINGS
 output WEB_APP_LOG_STREAM string = resources.outputs.WEB_APP_LOG_STREAM
 output WEB_APP_SSH string = resources.outputs.WEB_APP_SSH
-output WEB_APP_CONFIG string = resources.outputs.WEB_APP_CONFIG
+output WEB_APP_CONFIG string = resources.outputs.WEB_APP_CONFIG

azureproject/production.py

@@ -11,6 +11,9 @@
       "databasePassword": {
         "value": "$(secretOrRandomPassword)"
       },
+      "principalId": {
+        "value": "${AZURE_PRINCIPAL_ID}"
+      },
       "secretKey": {
         "value": "$(secretOrRandomPassword)"
       }