pulumi-django-azure 1.0.17__py3-none-any.whl → 1.0.18__py3-none-any.whl

pulumi_django_azure/django_deployment.py

@@ -71,6 +71,8 @@ class DjangoDeployment(pulumi.ComponentResource):
         storage_allowed_origins: Optional[Sequence[str]] = None,
         pgadmin_access_ip: Optional[Sequence[str]] = None,
         pgadmin_dns_zone: Optional[azure.network.Zone] = None,
+        cache_ip_prefix: Optional[str] = None,
+        cache_sku: Optional[azure.cache.SkuArgs] = None,
         cdn_host: Optional[HostDefinition] = None,
         opts=None,
     ):
@@ -89,6 +91,8 @@ class DjangoDeployment(pulumi.ComponentResource):
         :param storage_allowed_origins: The origins (hosts) to allow access through CORS policy. You can specify '*' to allow all.
         :param pgadmin_access_ip: The IP addresses to allow access to pgAdmin. If empty, all IP addresses are allowed.
         :param pgadmin_dns_zone: The Azure DNS zone to a pgadmin DNS record in. (optional)
+        :param cache_ip_prefix: The IP prefix for the cache subnet. (optional)
+        :param cache_sku: The SKU for the cache. (optional)
         :param cdn_host: A custom CDN host name. (optional)
         :param opts: The resource options
         """
@@ -110,6 +114,12 @@ class DjangoDeployment(pulumi.ComponentResource):
         # PostgreSQL resources
         self._create_database(sku=pgsql_sku, ip_prefix=pgsql_ip_prefix)
 
+        # Cache resources
+        if cache_ip_prefix and cache_sku:
+            self._create_cache(sku=cache_sku, ip_prefix=cache_ip_prefix)
+        else:
+            self._cache = None
+
         # Subnet for the apps
         self._app_subnet = self._create_subnet(
             name="app-service",
@@ -299,6 +309,85 @@ class DjangoDeployment(pulumi.ComponentResource):
 
         pulumi.export("pgsql_host", self._pgsql.fully_qualified_domain_name)
 
+    def _create_cache(self, sku: azure.cache.SkuArgs, ip_prefix: str):
+        # Create a Redis cache
+        self._cache = azure.cache.Redis(
+            f"cache-{self._name}",
+            resource_group_name=self._rg,
+            sku=sku,
+            enable_non_ssl_port=False,
+            public_network_access=azure.cache.PublicNetworkAccess.DISABLED,
+        )
+
+        # Create an access policy that gives us access to the cache
+        self._cache_access_policy = azure.cache.AccessPolicy(
+            f"cache-access-policy-{self._name}",
+            resource_group_name=self._rg,
+            cache_name=self._cache.name,
+            # Same as the built in Data Contributor policy
+            permissions="+@all -@dangerous +cluster|info +cluster|nodes +cluster|slots allkeys",
+        )
+
+        # Allocate a subnet for the cache
+        subnet = self._create_subnet(
+            name="cache",
+            prefix=ip_prefix,
+        )
+
+        # Create a private DNS zone for the cache
+        dns = azure.network.PrivateZone(
+            f"dns-cache-{self._name}",
+            resource_group_name=self._rg,
+            location="global",
+            private_zone_name="privatelink.redis.cache.windows.net",
+        )
+
+        # Link the private DNS zone to the VNet in order to make resolving work
+        azure.network.VirtualNetworkLink(
+            f"vnet-link-cache-{self._name}",
+            resource_group_name=self._rg,
+            location="global",
+            private_zone_name=dns.name,
+            virtual_network=azure.network.SubResourceArgs(id=self._vnet.id),
+            registration_enabled=True,
+        )
+
+        # Create a private endpoint for the cache
+        endpoint = azure.network.PrivateEndpoint(
+            f"private-endpoint-cache-{self._name}",
+            resource_group_name=self._rg,
+            subnet=azure.network.SubnetArgs(id=subnet.id),
+            custom_network_interface_name=f"nic-cache-{self._name}",
+            private_link_service_connections=[
+                azure.network.PrivateLinkServiceConnectionArgs(
+                    name=f"pls-cache-{self._name}",
+                    private_link_service_id=self._cache.id,
+                    group_ids=["redisCache"],
+                )
+            ],
+        )
+
+        # Get the private IP address of the endpoint NIC
+        ip = endpoint.network_interfaces.apply(
+            lambda nics: azure.network.get_network_interface(
+                network_interface_name=nics[0].id.split("/")[-1],
+                resource_group_name=self._rg,
+            )
+            .ip_configurations[0]
+            .private_ip_address
+        )
+
+        # Create a DNS record for the cache
+        azure.network.PrivateRecordSet(
+            f"dns-a-cache-{self._name}",
+            resource_group_name=self._rg,
+            private_zone_name=dns.name,
+            relative_record_set_name=self._cache.name,
+            record_type="A",
+            ttl=300,
+            a_records=[azure.network.ARecordArgs(ipv4_address=ip)],
+        )
+
     def _create_subnet(
         self,
         name,
@@ -329,7 +418,8 @@ class DjangoDeployment(pulumi.ComponentResource):
             resource_group_name=self._rg,
             virtual_network_name=self._vnet.name,
             address_prefix=prefix,
-            delegations=[delegation_service],
+            # We cannot pass an empty list to the delegations parameter, so either list or None
+            delegations=[delegation_service] if delegation_service else None,
             service_endpoints=service_endpoints,
         )
 
@@ -562,7 +652,7 @@ class DjangoDeployment(pulumi.ComponentResource):
 
         # DKIM records (two CNAME records)
         for record in ("d_kim", "d_kim2"):
-            if host.host == "@":
+            if host.host == "@":  # noqa: SIM108
                 relative_record_set_name = records[record]["name"]
             else:
                 relative_record_set_name = f"{records[record]['name']}.{host.host}"
@@ -753,6 +843,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         comms_domains: Optional[list[HostDefinition]] = None,
         dedicated_app_service_sku: Optional[azure.web.SkuDescriptionArgs] = None,
         vault_administrators: Optional[list[str]] = None,
+        cache_db: Optional[int] = None,
     ) -> azure.web.WebApp:
         """
         Create a Django website with it's own database and storage containers.
@@ -770,7 +861,8 @@ class DjangoDeployment(pulumi.ComponentResource):
         :param comms_data_location: The data location for the Communication Services (optional if you don't need it).
         :param comms_domains: The list of custom domains for the E-mail Communication Services (optional).
         :param dedicated_app_service_sku: The SKU for the dedicated App Service Plan (optional).
-        :param vault_administrator: The principal ID of the vault administrator (optional).
+        :param vault_administrators: The principal IDs of the vault administrators (optional).
+        :param cache_db: The index of the cache database to use (optional).
         """
 
         # Create a database
@@ -819,6 +911,12 @@ class DjangoDeployment(pulumi.ComponentResource):
             s = self._add_webapp_secret(vault, env_name, config_name, f"{name}-{self._name}")
             environment_variables[f"{env_name}_SECRET_NAME"] = s.name
 
+        # Cache
+        if self._cache and cache_db:
+            environment_variables["REDIS_CACHE_HOST"] = self._cache.host_name
+            environment_variables["REDIS_CACHE_PORT"] = self._cache.ssl_port.apply(lambda port: str(port))
+            environment_variables["REDIS_CACHE_DB"] = str(cache_db)
+
         # Create a Django Secret Key (random)
         secret_key = pulumi_random.RandomString(f"django-secret-{name}-{self._name}", length=50)
 
@@ -832,7 +930,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         ]
 
         allowed_hosts = pulumi.Output.concat(*[pulumi.Output.concat(host.full_host, ",") for host in website_hosts])
-        
+
         # Create a dedicated App Service Plan if requested
         if dedicated_app_service_sku:
             app_service_plan = azure.web.AppServicePlan(
@@ -877,14 +975,8 @@ class DjangoDeployment(pulumi.ComponentResource):
                     # Vault settings
                     azure.web.NameValuePairArgs(name="AZURE_KEY_VAULT", value=vault.name),
                     # Storage settings
-                    azure.web.NameValuePairArgs(
-                        name="AZURE_STORAGE_ACCOUNT_NAME",
-                        value=self._storage_account.name,
-                    ),
-                    azure.web.NameValuePairArgs(
-                        name="AZURE_STORAGE_CONTAINER_STATICFILES",
-                        value=static_container.name,
-                    ),
+                    azure.web.NameValuePairArgs(name="AZURE_STORAGE_ACCOUNT_NAME", value=self._storage_account.name),
+                    azure.web.NameValuePairArgs(name="AZURE_STORAGE_CONTAINER_STATICFILES", value=static_container.name),
                     azure.web.NameValuePairArgs(name="AZURE_STORAGE_CONTAINER_MEDIA", value=media_container.name),
                     # CDN
                     azure.web.NameValuePairArgs(name="CDN_HOST", value=self._cdn_host),
@@ -1024,6 +1116,17 @@ class DjangoDeployment(pulumi.ComponentResource):
             scope=self._storage_account.id,
         )
 
+        # Grant the app access to the cache if needed
+        if self._cache and cache_db:
+            azure.cache.AccessPolicyAssignment(
+                f"ra-{name}-cache",
+                resource_group_name=self._rg,
+                cache_name=self._cache.name,
+                object_id=principal_id,
+                object_id_alias=f"app-{name}-managed-identity",
+                access_policy_name=self._cache_access_policy.name,
+            )
+
         # Grant the app to send e-mails
         if comms:
             comms_role = comms.id.apply(

{pulumi_django_azure-1.0.17.dist-info → pulumi_django_azure-1.0.18.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pulumi-django-azure
-Version: 1.0.17
+Version: 1.0.18
 Summary: Simply deployment of Django on Azure with Pulumi
 Author-email: Maarten Ureel <maarten@youreal.eu>
 License: MIT License

pulumi_django_azure-1.0.18.dist-info/RECORD

@@ -0,0 +1,7 @@
+pulumi_django_azure/__init__.py,sha256=5RY9reSVNw-HULrOXfhcq3cyPne-94ojFmeV1m6kIVg,79
+pulumi_django_azure/django_deployment.py,sha256=dL_IiQEjY6M-xI-ZEZarirtaQTe5DRYjYTQARJ79onA,49053
+pulumi_django_azure-1.0.18.dist-info/LICENSE,sha256=NX2LN3U319Zaac8b7ZgfNOco_nTBbN531X_M_13niSg,1087
+pulumi_django_azure-1.0.18.dist-info/METADATA,sha256=oe7FrZIcRWMRKL2JljxqvqebA9LiCBz4LumwmA_SlYQ,13955
+pulumi_django_azure-1.0.18.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
+pulumi_django_azure-1.0.18.dist-info/top_level.txt,sha256=MNPRJhq-_G8EMCHRkjdcb_xrqzOkmKogXUGV7Ysz3g0,20
+pulumi_django_azure-1.0.18.dist-info/RECORD,,

{pulumi_django_azure-1.0.17.dist-info → pulumi_django_azure-1.0.18.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.8.0)
+Generator: setuptools (75.8.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

pulumi_django_azure-1.0.17.dist-info/RECORD

@@ -1,7 +0,0 @@
-pulumi_django_azure/__init__.py,sha256=5RY9reSVNw-HULrOXfhcq3cyPne-94ojFmeV1m6kIVg,79
-pulumi_django_azure/django_deployment.py,sha256=y5Jk4W9tIYihlc46z8Nt-Jrn_fmKLDJfc3nbo66M9oY,44619
-pulumi_django_azure-1.0.17.dist-info/LICENSE,sha256=NX2LN3U319Zaac8b7ZgfNOco_nTBbN531X_M_13niSg,1087
-pulumi_django_azure-1.0.17.dist-info/METADATA,sha256=p-UAXhOPFUb5d5kX9wpMmh0bauaYA7p8xDfORsJ8nYQ,13955
-pulumi_django_azure-1.0.17.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-pulumi_django_azure-1.0.17.dist-info/top_level.txt,sha256=MNPRJhq-_G8EMCHRkjdcb_xrqzOkmKogXUGV7Ysz3g0,20
-pulumi_django_azure-1.0.17.dist-info/RECORD,,