pulumi-django-azure 1.0.10__py3-none-any.whl → 1.0.12__py3-none-any.whl

pulumi_django_azure/django_deployment.py

@@ -95,7 +95,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         """
 
         # Put CDN in front
-        cdn = azure.cdn.Profile(
+        self._cdn_profile = azure.cdn.Profile(
             f"cdn-{self._name}",
             resource_group_name=self._rg,
             location="global",
@@ -125,7 +125,7 @@ class DjangoDeployment(pulumi.ComponentResource):
             ],
             is_http_allowed=False,
             is_https_allowed=True,
-            profile_name=cdn.name,
+            profile_name=self._cdn_profile.name,
             origin_host_header=endpoint_origin,
             origins=[azure.cdn.DeepCreatedOriginArgs(name="origin-storage", host_name=endpoint_origin)],
             query_string_caching_behavior=azure.cdn.QueryStringCachingBehavior.IGNORE_QUERY_STRING,
@@ -138,7 +138,7 @@ class DjangoDeployment(pulumi.ComponentResource):
             azure.cdn.CustomDomain(
                 f"cdn-custom-domain-{self._name}",
                 resource_group_name=self._rg,
-                profile_name=cdn.name,
+                profile_name=self._cdn_profile.name,
                 endpoint_name=self._cdn_endpoint.name,
                 host_name=custom_host,
             )
@@ -392,11 +392,19 @@ class DjangoDeployment(pulumi.ComponentResource):
         return comm_service
 
     def _add_webapp_vault(self, administrators: list[str], suffix: str) -> azure.keyvault.Vault:
-        # Create a keyvault
+        # Create a keyvault with a random suffix to make the name unique
+        random_suffix = pulumi_random.RandomString(
+            f"vault-suffix-{suffix}",
+            # Total length is 24, so deduct the length of the suffix
+            length=(24 - 7 - len(suffix)),
+            special=False,
+            upper=False,
+        )
+
         vault = azure.keyvault.Vault(
             f"vault-{suffix}",
             resource_group_name=self._rg,
-            vault_name=f"vault-{suffix}",
+            vault_name=random_suffix.result.apply(lambda r: f"vault-{suffix}-{r}"),
             properties=azure.keyvault.VaultPropertiesArgs(
                 tenant_id=self._tenant_id,
                 sku=azure.keyvault.SkuArgs(
@@ -604,6 +612,8 @@ class DjangoDeployment(pulumi.ComponentResource):
                     azure.web.NameValuePairArgs(name="AZURE_STORAGE_CONTAINER_MEDIA", value=media_container.name),
                     # CDN
                     azure.web.NameValuePairArgs(name="CDN_HOST", value=self._cdn_host),
+                    azure.web.NameValuePairArgs(name="CDN_PROFILE", value=self._cdn_profile.name),
+                    azure.web.NameValuePairArgs(name="CDN_ENDPOINT", value=self._cdn_endpoint.name),
                     # Database settings
                     azure.web.NameValuePairArgs(name="DB_HOST", value=self._pgsql.fully_qualified_domain_name),
                     azure.web.NameValuePairArgs(name="DB_NAME", value=db.name),
@@ -695,6 +705,22 @@ class DjangoDeployment(pulumi.ComponentResource):
                 scope=comms.id,
             )
 
+        # Grant the app to purge the CDN endpoint
+        cdn_role = self._cdn_endpoint.id.apply(
+            lambda scope: azure.authorization.get_role_definition(
+                role_definition_id="/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
+                scope=scope,
+            )
+        )
+
+        azure.authorization.RoleAssignment(
+            f"ra-{name}-cdn",
+            principal_id=principal_id,
+            principal_type=azure.authorization.PrincipalType.SERVICE_PRINCIPAL,
+            role_definition_id=cdn_role.id,
+            scope=self._cdn_endpoint.id,
+        )
+
         # Create a CORS rules for this website
         if website_hosts:
             origins = [f"https://{host}" for host in website_hosts]

{pulumi_django_azure-1.0.10.dist-info → pulumi_django_azure-1.0.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pulumi-django-azure
-Version: 1.0.10
+Version: 1.0.12
 Summary: Simply deployment of Django on Azure with Pulumi
 Author-email: Maarten Ureel <maarten@youreal.eu>
 License: MIT License
@@ -59,9 +59,10 @@ Your Django project should contain a folder `cicd` with these files:
   ```bash
   python manage.py migrate
   python manage.py collectstatic --noinput
+  python manage.py purge_cdn
   gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
-  Be sure to change `yourapplication` in the above.
+  Be sure to change `yourapplication` in the above. To see the `purge_cdn` management command we use here, see below.
 ## Installation
 This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
 
@@ -256,6 +257,82 @@ Be sure to configure the SSH key that Azure will use on GitLab side. You can obt
 
 This would then trigger a redeploy everytime you make a commit to your live branch.
 
+## CDN Purging
+We added a management command to Django to purge the CDN cache, and added that to the startup script. Our version is here:
+```python
+import os
+
+from azure.mgmt.cdn import CdnManagementClient
+from azure.mgmt.cdn.models import PurgeParameters
+from django.core.management.base import BaseCommand
+
+from core.azure_helper import AZURE_CREDENTIAL, get_subscription_id
+
+
+class Command(BaseCommand):
+    help = "Purges the CDN endpoint"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--wait",
+            action="store_true",
+            help="Wait for the purge operation to complete",
+        )
+
+    def handle(self, *args, **options):
+        # Read environment variables
+        resource_group = os.getenv("WEBSITE_RESOURCE_GROUP")
+        profile_name = os.getenv("CDN_PROFILE")
+        endpoint_name = os.getenv("CDN_ENDPOINT")
+        content_paths = ["/*"]
+
+        # Ensure all required environment variables are set
+        if not all([resource_group, profile_name, endpoint_name]):
+            self.stderr.write(self.style.ERROR("Missing required environment variables."))
+            return
+
+        # Authenticate with Azure
+        cdn_client = CdnManagementClient(AZURE_CREDENTIAL, get_subscription_id())
+
+        try:
+            # Purge the CDN endpoint
+            purge_operation = cdn_client.endpoints.begin_purge_content(
+                resource_group_name=resource_group,
+                profile_name=profile_name,
+                endpoint_name=endpoint_name,
+                content_file_paths=PurgeParameters(content_paths=content_paths),
+            )
+
+            # Check if the --wait argument was provided
+            if options["wait"]:
+                purge_operation.result()  # Wait for the operation to complete
+                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation completed successfully."))
+            else:
+                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation started successfully."))
+
+        except Exception as e:
+            self.stderr.write(self.style.ERROR(f"Error executing CDN endpoint purge command: {e}"))
+```
+
+And our azure_helper:
+```python
+from azure.identity import DefaultAzureCredential
+from azure.mgmt.resource import SubscriptionClient
+
+# Azure credentials
+AZURE_CREDENTIAL = DefaultAzureCredential()
+
+
+def get_db_password() -> str:
+    return AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default").token
+
+
+def get_subscription_id() -> str:
+    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
+    subscriptions = list(subscription_client.subscriptions.list())
+    return subscriptions[0].subscription_id
+```
+
 ## Change requests
 I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.
 Therefore this project is not super generic, but tailored to my needs. I am however open to pull or change requests to improve this project or to make it more usable for others.

pulumi_django_azure-1.0.12.dist-info/RECORD

@@ -0,0 +1,7 @@
+pulumi_django_azure/__init__.py,sha256=tXTvPfr8-Nll5cjMyY9yj_0z_PQ0XAcxihzHRCES-hU,63
+pulumi_django_azure/django_deployment.py,sha256=MBdNH2iEOoNyWY5mxiLy8iUkW514LsG-wNjo4MVZlqY,31479
+pulumi_django_azure-1.0.12.dist-info/LICENSE,sha256=NX2LN3U319Zaac8b7ZgfNOco_nTBbN531X_M_13niSg,1087
+pulumi_django_azure-1.0.12.dist-info/METADATA,sha256=hPKNy_NeqAhvQGJFn-4Zw8AUiWU6pM0jpS9ypjzX2as,13957
+pulumi_django_azure-1.0.12.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+pulumi_django_azure-1.0.12.dist-info/top_level.txt,sha256=MNPRJhq-_G8EMCHRkjdcb_xrqzOkmKogXUGV7Ysz3g0,20
+pulumi_django_azure-1.0.12.dist-info/RECORD,,

pulumi_django_azure-1.0.10.dist-info/RECORD

@@ -1,7 +0,0 @@
-pulumi_django_azure/__init__.py,sha256=tXTvPfr8-Nll5cjMyY9yj_0z_PQ0XAcxihzHRCES-hU,63
-pulumi_django_azure/django_deployment.py,sha256=SgMLoQ2Jwm8anADzrEjVhtfJVAJrYJYFoaOL9bDZngE,30275
-pulumi_django_azure-1.0.10.dist-info/LICENSE,sha256=NX2LN3U319Zaac8b7ZgfNOco_nTBbN531X_M_13niSg,1087
-pulumi_django_azure-1.0.10.dist-info/METADATA,sha256=rAAqdkW9F0I0OWn7XQA2fHKIpqxmJDQWx39TmH0FEnc,11083
-pulumi_django_azure-1.0.10.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-pulumi_django_azure-1.0.10.dist-info/top_level.txt,sha256=MNPRJhq-_G8EMCHRkjdcb_xrqzOkmKogXUGV7Ysz3g0,20
-pulumi_django_azure-1.0.10.dist-info/RECORD,,