pulumi-django-azure 1.0.21__tar.gz → 1.0.23__tar.gz

{pulumi_django_azure-1.0.21/src/pulumi_django_azure.egg-info → pulumi_django_azure-1.0.23}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: pulumi-django-azure
-Version: 1.0.21
+Version: 1.0.23
 Summary: Simply deployment of Django on Azure with Pulumi
 Author-email: Maarten Ureel <maarten@youreal.eu>
 License: MIT License
@@ -30,12 +30,23 @@ Keywords: django,pulumi,azure
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Requires-Python: >=3.9
+Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: pulumi>=3.146.0
-Requires-Dist: pulumi-azure-native>=2.82.0
-Requires-Dist: pulumi-random>=4.17.0
+Requires-Dist: azure-identity<2.0.0,>=1.21.0
+Requires-Dist: azure-keyvault-secrets<5.0.0,>=4.9.0
+Requires-Dist: azure-mgmt-cdn<14.0.0,>=13.1.1
+Requires-Dist: azure-mgmt-resource<24.0.0,>=23.3.0
+Requires-Dist: django<6.0.0,>=5.1.7
+Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.0
+Requires-Dist: django-environ<0.13.0,>=0.12.0
+Requires-Dist: django-redis<6.0.0,>=5.4.0
+Requires-Dist: django-storages[azure]<2.0.0,>=1.14.5
+Requires-Dist: pulumi>=3.156.0
+Requires-Dist: pulumi-azure-native>=2.89.1
+Requires-Dist: pulumi-random>=4.18.0
+Requires-Dist: redis[hiredis]<6.0.0,>=5.2.1
+Dynamic: license-file
 
 # Pulumi Django Deployment
 
@@ -57,12 +68,36 @@ Your Django project should contain a folder `cicd` with these files:
   Note that this runs in the identity of the build container, so you should not run database or storage manipulations here.
 * startup.sh: commands to run the actual application. I recommend to put at least:
   ```bash
+  # Compile translations
+  apt-get -y install gettext
+  python manage.py compilemessages
+
+  # Run collectstatic in the background
+  sh cicd/collectstatic.sh &
+
   python manage.py migrate
-  python manage.py collectstatic --noinput
-  python manage.py purge_cdn
   gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
-  Be sure to change `yourapplication` in the above. To see the `purge_cdn` management command we use here, see below.
+
+  Be sure to change `yourapplication` in the above.
+
+* collecstatic.sh
+  ```bash
+  #!/bin/bash
+
+  LOGFILE="/var/log/django_collectstatic.log"
+
+  # Collectstatic
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting collectstatic" >> $LOGFILE
+  python manage.py collectstatic --noinput -v 2 >> $LOGFILE
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Finished collectstatic" >> $LOGFILE
+
+  # Purge the CDN
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting purge_cdn" >> $LOGFILE
+  python manage.py purge_cdn >> $LOGFILE
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Finished purge_cdn" >> $LOGFILE
+  ```
+
 ## Installation
 This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
 
@@ -127,8 +162,23 @@ django.add_database_administrator(
 )
 ```
 
-## Deployment steps
+## Changes to your Django project
+1. Add `pulumi_django_azure` to your `INSTALLED_APPS`
+2. Add to your settings file:
+   ```python
+   from pulumi_django_azure.settings import *  # noqa: F403
+
+   # This will provide the management command to purge the CDN
+   INSTALLED_APPS += ["pulumi_django_azure"]
+
+   # This will provide the health check middleware that will also take care of credential rotation.
+   MIDDLEWARE += ["pulumi_django_azure.middleware.HealthCheckMiddleware"]
+   ```
+   This will pre-configure most settings to make your app work on Azure. You can check the source for details,
+   and ofcourse override any value after importing them.
+
 
+## Deployment steps
 1. Deploy without custom hosts (for CDN and websites)
 2. Configure the PostgreSQL server (create and grant permissions to role for your websites)
 3. Retrieve the deployment SSH key and configure your remote GIT repository with it
@@ -211,19 +261,8 @@ The environment variable will be suffixed with `_SECRET_NAME`.
 
 Then, in your application, retrieve this data from the vault, e.g.:
 ```python
-from azure.keyvault.secrets import SecretClient
-from azure.identity import DefaultAzureCredential
-
-# Azure credentials
-azure_credential = DefaultAzureCredential()
-
-# Azure Key Vault
-AZURE_KEY_VAULT = env("AZURE_KEY_VAULT")
-AZURE_KEY_VAULT_URI = f"https://{AZURE_KEY_VAULT}.vault.azure.net"
-azure_key_vault_client = SecretClient(vault_url=AZURE_KEY_VAULT_URI, credential=azure_credential)
-
 # Social Auth settings
-oauth_secret = azure_key_vault_client.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
+oauth_secret = AZURE_KEY_VAULT_CLIENT.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
 oauth_secret = json.loads(oauth_secret.value)
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = oauth_secret["client_id"]
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = oauth_secret["secret"]
@@ -257,81 +296,6 @@ Be sure to configure the SSH key that Azure will use on GitLab side. You can obt
 
 This would then trigger a redeploy everytime you make a commit to your live branch.
 
-## CDN Purging
-We added a management command to Django to purge the CDN cache, and added that to the startup script. Our version is here:
-```python
-import os
-
-from azure.mgmt.cdn import CdnManagementClient
-from azure.mgmt.cdn.models import PurgeParameters
-from django.core.management.base import BaseCommand
-
-from core.azure_helper import AZURE_CREDENTIAL, get_subscription_id
-
-
-class Command(BaseCommand):
-    help = "Purges the CDN endpoint"
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            "--wait",
-            action="store_true",
-            help="Wait for the purge operation to complete",
-        )
-
-    def handle(self, *args, **options):
-        # Read environment variables
-        resource_group = os.getenv("WEBSITE_RESOURCE_GROUP")
-        profile_name = os.getenv("CDN_PROFILE")
-        endpoint_name = os.getenv("CDN_ENDPOINT")
-        content_paths = ["/*"]
-
-        # Ensure all required environment variables are set
-        if not all([resource_group, profile_name, endpoint_name]):
-            self.stderr.write(self.style.ERROR("Missing required environment variables."))
-            return
-
-        # Authenticate with Azure
-        cdn_client = CdnManagementClient(AZURE_CREDENTIAL, get_subscription_id())
-
-        try:
-            # Purge the CDN endpoint
-            purge_operation = cdn_client.endpoints.begin_purge_content(
-                resource_group_name=resource_group,
-                profile_name=profile_name,
-                endpoint_name=endpoint_name,
-                content_file_paths=PurgeParameters(content_paths=content_paths),
-            )
-
-            # Check if the --wait argument was provided
-            if options["wait"]:
-                purge_operation.result()  # Wait for the operation to complete
-                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation completed successfully."))
-            else:
-                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation started successfully."))
-
-        except Exception as e:
-            self.stderr.write(self.style.ERROR(f"Error executing CDN endpoint purge command: {e}"))
-```
-
-And our azure_helper:
-```python
-from azure.identity import DefaultAzureCredential
-from azure.mgmt.resource import SubscriptionClient
-
-# Azure credentials
-AZURE_CREDENTIAL = DefaultAzureCredential()
-
-
-def get_db_password() -> str:
-    return AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default").token
-
-
-def get_subscription_id() -> str:
-    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
-    subscriptions = list(subscription_client.subscriptions.list())
-    return subscriptions[0].subscription_id
-```
 
 ## Change requests
 I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.

{pulumi_django_azure-1.0.21 → pulumi_django_azure-1.0.23}/README.md

@@ -18,12 +18,36 @@ Your Django project should contain a folder `cicd` with these files:
   Note that this runs in the identity of the build container, so you should not run database or storage manipulations here.
 * startup.sh: commands to run the actual application. I recommend to put at least:
   ```bash
+  # Compile translations
+  apt-get -y install gettext
+  python manage.py compilemessages
+
+  # Run collectstatic in the background
+  sh cicd/collectstatic.sh &
+
   python manage.py migrate
-  python manage.py collectstatic --noinput
-  python manage.py purge_cdn
   gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
-  Be sure to change `yourapplication` in the above. To see the `purge_cdn` management command we use here, see below.
+
+  Be sure to change `yourapplication` in the above.
+
+* collecstatic.sh
+  ```bash
+  #!/bin/bash
+
+  LOGFILE="/var/log/django_collectstatic.log"
+
+  # Collectstatic
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting collectstatic" >> $LOGFILE
+  python manage.py collectstatic --noinput -v 2 >> $LOGFILE
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Finished collectstatic" >> $LOGFILE
+
+  # Purge the CDN
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting purge_cdn" >> $LOGFILE
+  python manage.py purge_cdn >> $LOGFILE
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Finished purge_cdn" >> $LOGFILE
+  ```
+
 ## Installation
 This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
 
@@ -88,8 +112,23 @@ django.add_database_administrator(
 )
 ```
 
-## Deployment steps
+## Changes to your Django project
+1. Add `pulumi_django_azure` to your `INSTALLED_APPS`
+2. Add to your settings file:
+   ```python
+   from pulumi_django_azure.settings import *  # noqa: F403
+
+   # This will provide the management command to purge the CDN
+   INSTALLED_APPS += ["pulumi_django_azure"]
+
+   # This will provide the health check middleware that will also take care of credential rotation.
+   MIDDLEWARE += ["pulumi_django_azure.middleware.HealthCheckMiddleware"]
+   ```
+   This will pre-configure most settings to make your app work on Azure. You can check the source for details,
+   and ofcourse override any value after importing them.
+
 
+## Deployment steps
 1. Deploy without custom hosts (for CDN and websites)
 2. Configure the PostgreSQL server (create and grant permissions to role for your websites)
 3. Retrieve the deployment SSH key and configure your remote GIT repository with it
@@ -172,19 +211,8 @@ The environment variable will be suffixed with `_SECRET_NAME`.
 
 Then, in your application, retrieve this data from the vault, e.g.:
 ```python
-from azure.keyvault.secrets import SecretClient
-from azure.identity import DefaultAzureCredential
-
-# Azure credentials
-azure_credential = DefaultAzureCredential()
-
-# Azure Key Vault
-AZURE_KEY_VAULT = env("AZURE_KEY_VAULT")
-AZURE_KEY_VAULT_URI = f"https://{AZURE_KEY_VAULT}.vault.azure.net"
-azure_key_vault_client = SecretClient(vault_url=AZURE_KEY_VAULT_URI, credential=azure_credential)
-
 # Social Auth settings
-oauth_secret = azure_key_vault_client.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
+oauth_secret = AZURE_KEY_VAULT_CLIENT.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
 oauth_secret = json.loads(oauth_secret.value)
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = oauth_secret["client_id"]
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = oauth_secret["secret"]
@@ -218,81 +246,6 @@ Be sure to configure the SSH key that Azure will use on GitLab side. You can obt
 
 This would then trigger a redeploy everytime you make a commit to your live branch.
 
-## CDN Purging
-We added a management command to Django to purge the CDN cache, and added that to the startup script. Our version is here:
-```python
-import os
-
-from azure.mgmt.cdn import CdnManagementClient
-from azure.mgmt.cdn.models import PurgeParameters
-from django.core.management.base import BaseCommand
-
-from core.azure_helper import AZURE_CREDENTIAL, get_subscription_id
-
-
-class Command(BaseCommand):
-    help = "Purges the CDN endpoint"
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            "--wait",
-            action="store_true",
-            help="Wait for the purge operation to complete",
-        )
-
-    def handle(self, *args, **options):
-        # Read environment variables
-        resource_group = os.getenv("WEBSITE_RESOURCE_GROUP")
-        profile_name = os.getenv("CDN_PROFILE")
-        endpoint_name = os.getenv("CDN_ENDPOINT")
-        content_paths = ["/*"]
-
-        # Ensure all required environment variables are set
-        if not all([resource_group, profile_name, endpoint_name]):
-            self.stderr.write(self.style.ERROR("Missing required environment variables."))
-            return
-
-        # Authenticate with Azure
-        cdn_client = CdnManagementClient(AZURE_CREDENTIAL, get_subscription_id())
-
-        try:
-            # Purge the CDN endpoint
-            purge_operation = cdn_client.endpoints.begin_purge_content(
-                resource_group_name=resource_group,
-                profile_name=profile_name,
-                endpoint_name=endpoint_name,
-                content_file_paths=PurgeParameters(content_paths=content_paths),
-            )
-
-            # Check if the --wait argument was provided
-            if options["wait"]:
-                purge_operation.result()  # Wait for the operation to complete
-                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation completed successfully."))
-            else:
-                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation started successfully."))
-
-        except Exception as e:
-            self.stderr.write(self.style.ERROR(f"Error executing CDN endpoint purge command: {e}"))
-```
-
-And our azure_helper:
-```python
-from azure.identity import DefaultAzureCredential
-from azure.mgmt.resource import SubscriptionClient
-
-# Azure credentials
-AZURE_CREDENTIAL = DefaultAzureCredential()
-
-
-def get_db_password() -> str:
-    return AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default").token
-
-
-def get_subscription_id() -> str:
-    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
-    subscriptions = list(subscription_client.subscriptions.list())
-    return subscriptions[0].subscription_id
-```
 
 ## Change requests
 I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.

pulumi_django_azure-1.0.23/pyproject.toml

@@ -0,0 +1,82 @@
+[build-system]
+requires = ["setuptools>=61.0.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "pulumi-django-azure"
+version = "1.0.23"
+description = "Simply deployment of Django on Azure with Pulumi"
+readme = "README.md"
+authors = [{ name = "Maarten Ureel", email = "maarten@youreal.eu" }]
+license = { file = "LICENSE" }
+classifiers = [
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python",
+    "Programming Language :: Python :: 3",
+]
+keywords = ["django", "pulumi", "azure"]
+dependencies = [
+    "azure-identity (>=1.21.0,<2.0.0)",
+    "azure-keyvault-secrets (>=4.9.0,<5.0.0)",
+    "azure-mgmt-cdn (>=13.1.1,<14.0.0)",
+    "azure-mgmt-resource (>=23.3.0,<24.0.0)",
+    "django (>=5.1.7,<6.0.0)",
+    "django-azure-communication-email (>=1.3.0,<2.0.0)",
+    "django-environ (>=0.12.0,<0.13.0)",
+    "django-redis (>=5.4.0,<6.0.0)",
+    "django-storages[azure] (>=1.14.5,<2.0.0)",
+    "pulumi (>=3.156.0)",
+    "pulumi-azure-native (>=2.89.1)",
+    "pulumi-random (>=4.18.0)",
+    "redis[hiredis] (>=5.2.1,<6.0.0)",
+]
+requires-python = ">=3.11,<3.14"
+
+[project.urls]
+Homepage = "https://gitlab.com/MaartenUreel/pulumi-django-azure"
+
+[tool.poetry]
+name = "pulumi-django-azure"
+version = "1.0.23"
+description = "Simply deployment of Django on Azure with Pulumi"
+authors = ["Maarten Ureel <maarten@youreal.eu>"]
+
+[tool.poetry.dependencies]
+python = "^3.11,<3.14"
+pulumi-azure-native = ">=2.89.1"
+pulumi = ">=3.156.0"
+pulumi-random = ">=4.18.0"
+django-storages = {extras = ["azure"], version = "^1.14.5"}
+azure-identity = "^1.21.0"
+azure-keyvault-secrets = "^4.9.0"
+azure-mgmt-cdn = "^13.1.1"
+azure-mgmt-resource = "^23.3.0"
+django = "^5.1.7"
+django-azure-communication-email = "^1.3.0"
+django-environ = "^0.12.0"
+django-redis = "^5.4.0"
+redis = {extras = ["hiredis"], version = "^5.2.1"}
+
+[tool.poetry.group.dev.dependencies]
+twine = "^6.1.0"
+build = "^1.2.2.post1"
+ruff = "^0.11.0"
+
+[tool.ruff]
+line-length = 140
+
+[tool.ruff.lint]
+select = [
+    # pycodestyle
+    "E",
+    # Pyflakes
+    "F",
+    # pyupgrade
+    "UP",
+    # flake8-bugbear
+    "B",
+    # flake8-simplify
+    "SIM",
+    # isort
+    "I",
+]

{pulumi_django_azure-1.0.21 → pulumi_django_azure-1.0.23}/src/pulumi_django_azure/__init__.py

@@ -1 +1,2 @@
+from . import settings  # noqa: F401
 from .django_deployment import DjangoDeployment, HostDefinition  # noqa: F401

pulumi_django_azure-1.0.23/src/pulumi_django_azure/azure_helper.py

@@ -0,0 +1,67 @@
+import base64
+import json
+import os
+from dataclasses import dataclass
+from subprocess import check_output
+
+from azure.identity import DefaultAzureCredential
+from azure.mgmt.resource import SubscriptionClient
+from azure.mgmt.resource.subscriptions.models import Subscription
+
+# Azure credentials
+AZURE_CREDENTIAL = DefaultAzureCredential()
+
+# Get the local IP addresses of the machine (only when runnig on Azure)
+if os.environ.get("ORYX_ENV_NAME"):
+    LOCAL_IP_ADDRESSES = check_output(["hostname", "--all-ip-addresses"]).decode("utf-8").strip().split(" ")
+else:
+    LOCAL_IP_ADDRESSES = []
+
+
+def get_db_password() -> str:
+    """
+    Get a valid password for the database.
+    """
+    return AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default").token
+
+
+@dataclass
+class RedisCredentials:
+    username: str
+    password: str
+
+
+def get_redis_credentials() -> RedisCredentials:
+    """
+    Get valid credentials for the Redis cache.
+    """
+    token = AZURE_CREDENTIAL.get_token("https://redis.azure.com/.default").token
+    return RedisCredentials(_extract_username_from_token(token), token)
+
+
+def get_subscription() -> Subscription:
+    """
+    Get the subscription for the current user.
+    """
+    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
+    subscriptions = list(subscription_client.subscriptions.list())
+    return subscriptions[0]
+
+
+def _extract_username_from_token(token: str) -> str:
+    """
+    Extract the username from the JSON Web Token (JWT) token.
+    """
+    parts = token.split(".")
+    base64_str = parts[1]
+
+    if len(base64_str) % 4 == 2:
+        base64_str += "=="
+    elif len(base64_str) % 4 == 3:
+        base64_str += "="
+
+    json_bytes = base64.b64decode(base64_str)
+    json_str = json_bytes.decode("utf-8")
+    jwt = json.loads(json_str)
+
+    return jwt["oid"]

{pulumi_django_azure-1.0.21 → pulumi_django_azure-1.0.23}/src/pulumi_django_azure/django_deployment.py

@@ -1,5 +1,4 @@
 from collections.abc import Sequence
-from typing import Optional, Union
 
 import pulumi
 import pulumi_azure_native as azure
@@ -15,7 +14,7 @@ class HostDefinition:
     :param identifier: An identifier for this host definition (optional).
     """
 
-    def __init__(self, host: str, zone: Optional[azure.network.Zone] = None, identifier: Optional[str] = None):
+    def __init__(self, host: str, zone: azure.network.Zone | None = None, identifier: str | None = None):
         self.host = host
         self.zone = zone
         self._identifier = identifier
@@ -68,12 +67,12 @@ class DjangoDeployment(pulumi.ComponentResource):
         app_service_ip_prefix: str,
         app_service_sku: azure.web.SkuDescriptionArgs,
         storage_account_name: str,
-        storage_allowed_origins: Optional[Sequence[str]] = None,
-        pgadmin_access_ip: Optional[Sequence[str]] = None,
-        pgadmin_dns_zone: Optional[azure.network.Zone] = None,
-        cache_ip_prefix: Optional[str] = None,
-        cache_sku: Optional[azure.cache.SkuArgs] = None,
-        cdn_host: Optional[HostDefinition] = None,
+        storage_allowed_origins: Sequence[str] | None = None,
+        pgadmin_access_ip: Sequence[str] | None = None,
+        pgadmin_dns_zone: azure.network.Zone | None = None,
+        cache_ip_prefix: str | None = None,
+        cache_sku: azure.cache.SkuArgs | None = None,
+        cdn_host: HostDefinition | None = None,
         opts=None,
     ):
         """
@@ -134,7 +133,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         # Create a pgAdmin app
         self._create_pgadmin_app(access_ip=pgadmin_access_ip, dns_zone=pgadmin_dns_zone)
 
-    def _create_storage(self, account_name: str, allowed_origins: Optional[Sequence[str]] = None):
+    def _create_storage(self, account_name: str, allowed_origins: Sequence[str] | None = None):
         # Create blob storage
         self._storage_account = azure.storage.StorageAccount(
             f"sa-{self._name}",
@@ -169,7 +168,7 @@ class DjangoDeployment(pulumi.ComponentResource):
                 ),
             )
 
-    def _create_cdn(self, custom_host: Optional[HostDefinition]) -> pulumi.Output[str]:
+    def _create_cdn(self, custom_host: HostDefinition | None) -> pulumi.Output[str]:
         """
         Create a CDN endpoint. If a host name is given, it will be used as the custom domain.
         Otherwise, the default CDN host name will be returned.
@@ -392,7 +391,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         self,
         name,
         prefix,
-        delegation_service: Optional[str] = None,
+        delegation_service: str | None = None,
         service_endpoints: Sequence[str] = [],
     ) -> azure.network.Subnet:
         """
@@ -433,7 +432,7 @@ class DjangoDeployment(pulumi.ComponentResource):
             sku=sku,
         )
 
-    def _create_pgadmin_app(self, access_ip: Optional[Sequence[str]] = None, dns_zone: Optional[azure.network.Zone] = None):
+    def _create_pgadmin_app(self, access_ip: Sequence[str] | None = None, dns_zone: azure.network.Zone | None = None):
         # Determine the IP restrictions
         ip_restrictions = []
         default_restriction = azure.web.DefaultAction.ALLOW
@@ -562,10 +561,10 @@ class DjangoDeployment(pulumi.ComponentResource):
     def _add_webapp_host(
         self,
         app: azure.web.WebApp,
-        host: Union[str, pulumi.Input[str]],
+        host: str | pulumi.Input[str],
         suffix: str,
         identifier: str,
-        depends_on: Optional[Sequence[pulumi.Resource]] = None,
+        depends_on: Sequence[pulumi.Resource] | None = None,
     ):
         """
         Because of a circular dependency, we need to create the certificate and the binding in two steps.
@@ -838,13 +837,13 @@ class DjangoDeployment(pulumi.ComponentResource):
         website_hosts: list[HostDefinition],
         django_settings_module: str,
         python_version: str = "3.13",
-        environment_variables: Optional[dict[str, str]] = None,
-        secrets: Optional[dict[str, str]] = None,
-        comms_data_location: Optional[str] = None,
-        comms_domains: Optional[list[HostDefinition]] = None,
-        dedicated_app_service_sku: Optional[azure.web.SkuDescriptionArgs] = None,
-        vault_administrators: Optional[list[str]] = None,
-        cache_db: Optional[int] = None,
+        environment_variables: dict[str, str] | None = None,
+        secrets: dict[str, str] | None = None,
+        comms_data_location: str | None = None,
+        comms_domains: list[HostDefinition] | None = None,
+        dedicated_app_service_sku: azure.web.SkuDescriptionArgs | None = None,
+        vault_administrators: list[str] | None = None,
+        cache_db: int | None = None,
     ) -> azure.web.WebApp:
         """
         Create a Django website with it's own database and storage containers.

pulumi_django_azure-1.0.23/src/pulumi_django_azure/management/commands/purge_cdn.py

@@ -0,0 +1,52 @@
+import os
+
+from azure.mgmt.cdn import CdnManagementClient
+from azure.mgmt.cdn.models import PurgeParameters
+from django.conf import settings
+from django.core.management.base import BaseCommand
+from pulumi_django_azure.azure_helper import AZURE_CREDENTIAL
+
+
+class Command(BaseCommand):
+    help = "Purges the CDN endpoint"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--wait",
+            action="store_true",
+            help="Wait for the purge operation to complete",
+        )
+
+    def handle(self, *args, **options):
+        # Read environment variables
+        resource_group = os.getenv("WEBSITE_RESOURCE_GROUP")
+        profile_name = os.getenv("CDN_PROFILE")
+        endpoint_name = os.getenv("CDN_ENDPOINT")
+        content_paths = ["/*"]
+
+        # Ensure all required environment variables are set
+        if not all([resource_group, profile_name, endpoint_name]):
+            self.stderr.write(self.style.ERROR("Missing required environment variables."))
+            return
+
+        # Authenticate with Azure
+        cdn_client = CdnManagementClient(AZURE_CREDENTIAL, settings.AZURE_SUBSCRIPTION_ID)
+
+        try:
+            # Purge the CDN endpoint
+            purge_operation = cdn_client.endpoints.begin_purge_content(
+                resource_group_name=resource_group,
+                profile_name=profile_name,
+                endpoint_name=endpoint_name,
+                content_file_paths=PurgeParameters(content_paths=content_paths),
+            )
+
+            # Check if the --wait argument was provided
+            if options["wait"]:
+                purge_operation.result()  # Wait for the operation to complete
+                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation completed successfully."))
+            else:
+                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation started successfully."))
+
+        except Exception as e:
+            self.stderr.write(self.style.ERROR(f"Error executing CDN endpoint purge command: {e}"))

pulumi_django_azure-1.0.23/src/pulumi_django_azure/middleware.py

@@ -0,0 +1,43 @@
+from django.conf import settings
+from django.core.cache import cache
+from django.db import connection
+from django.db.utils import OperationalError
+from django.http import HttpResponse
+from django_redis import get_redis_connection
+
+from .azure_helper import get_db_password, get_redis_credentials
+
+
+class HealthCheckMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        if request.path == settings.HEALTH_CHECK_PATH:
+            # Update the database credentials if needed
+            if settings.AZURE_DB_PASSWORD:
+                settings.DATABASES["default"]["PASSWORD"] = get_db_password()
+
+            # Update the Redis credentials if needed
+            if settings.AZURE_REDIS_CREDENTIALS:
+                redis_credentials = get_redis_credentials()
+
+                # Re-authenticate the Redis connection
+                redis_connection = get_redis_connection("default")
+                redis_connection.execute_command("AUTH", redis_credentials.username, redis_credentials.password)
+
+                settings.CACHES["default"]["OPTIONS"]["PASSWORD"] = redis_credentials.password
+
+            try:
+                # Test the database connection
+                connection.ensure_connection()
+
+                # Test the Redis connection
+                cache.set("health_check", "test")
+
+                return HttpResponse("OK")
+
+            except OperationalError:
+                return HttpResponse(status=503)
+
+        return self.get_response(request)

pulumi_django_azure-1.0.23/src/pulumi_django_azure/settings.py

@@ -0,0 +1,154 @@
+import environ
+from azure.keyvault.secrets import SecretClient
+
+from .azure_helper import AZURE_CREDENTIAL, LOCAL_IP_ADDRESSES, get_db_password, get_redis_credentials, get_subscription
+
+env = environ.Env()
+
+SECRET_KEY = env("DJANGO_SECRET_KEY")
+
+IS_AZURE_ENVIRONMENT = env("ORYX_ENV_NAME", default=None) is not None
+
+# Some generic stuff we only need if we're running in Azure.
+# Most of the other stuff will check for the explicit variable we need.
+if IS_AZURE_ENVIRONMENT:
+    # Detect HTTPS behind AppService
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
+    # Azure context
+    AZURE_SUBSCRIPTION = get_subscription()
+    AZURE_TENANT_ID = AZURE_SUBSCRIPTION.tenant_id
+    AZURE_SUBSCRIPTION_ID = AZURE_SUBSCRIPTION.subscription_id
+
+# Health check path
+HEALTH_CHECK_PATH = env("HEALTH_CHECK_PATH", default="/health")
+
+ALLOWED_HOSTS: list = env.list("DJANGO_ALLOWED_HOSTS", default=[])
+
+# WEBSITE_HOSTNAME contains the Azure domain name
+if website_hostname := env("WEBSITE_HOSTNAME", default=None):
+    ALLOWED_HOSTS.append(website_hostname)
+
+# Add the local IP addresses of the machine for health checks
+ALLOWED_HOSTS.extend(LOCAL_IP_ADDRESSES)
+
+# Azure Key Vault
+if azure_key_vault := env("AZURE_KEY_VAULT", default=None):
+    AZURE_KEY_VAULT_URI = f"https://{azure_key_vault}.vault.azure.net"
+    AZURE_KEY_VAULT_CLIENT = SecretClient(vault_url=AZURE_KEY_VAULT_URI, credential=AZURE_CREDENTIAL)
+
+# Allow CSRF cookies to be sent from our domains
+# CSRF_TRUSTED_ORIGINS = ["https://" + host for host in ALLOWED_HOSTS]
+if azure_storage_account_name := env("AZURE_STORAGE_ACCOUNT_NAME", default=None):
+    AZURE_ACCOUNT_NAME = azure_storage_account_name
+    AZURE_TOKEN_CREDENTIAL = AZURE_CREDENTIAL
+
+
+# CDN domain - shared for all storages
+if cdn_host := env("CDN_HOST", default=None):
+    AZURE_CUSTOM_DOMAIN = cdn_host
+
+    STATIC_URL = f"https://{AZURE_CUSTOM_DOMAIN}/static/"
+    MEDIA_URL = f"https://{AZURE_CUSTOM_DOMAIN}/media/"
+
+# Storage configuration
+STORAGES = {}
+if container_media := env("AZURE_STORAGE_CONTAINER_MEDIA", default=None):
+    STORAGES["default"] = {
+        "BACKEND": "storages.backends.azure_storage.AzureStorage",
+        "OPTIONS": {
+            "azure_container": container_media,
+            "overwrite_files": False,
+        },
+    }
+
+if container_staticfiles := env("AZURE_STORAGE_CONTAINER_STATICFILES", default=None):
+    STORAGES["staticfiles"] = {
+        "BACKEND": "storages.backends.azure_storage.AzureStorage",
+        "OPTIONS": {
+            "azure_container": container_staticfiles,
+        },
+    }
+
+# This setting enables password rotation in the health check middleware
+if IS_AZURE_ENVIRONMENT:
+    AZURE_DB_PASSWORD = True
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.postgresql",
+            "NAME": env("DB_NAME"),
+            "USER": env("DB_USER"),
+            "HOST": env("DB_HOST"),
+            "PASSWORD": get_db_password(),
+            "PORT": "5432",
+            "OPTIONS": {
+                "sslmode": "require",
+            },
+            # Make connections persistent
+            "CONN_MAX_AGE": None,
+            # To enable health checks, add the following:
+            # "CONN_HEALTH_CHECKS": True,
+        }
+    }
+
+# Email
+EMAIL_BACKEND = "django_azure_communication_email.EmailBackend"
+AZURE_COMMUNICATION_ENDPOINT = env("AZURE_COMMUNICATION_SERVICE_ENDPOINT", default=None)
+DEFAULT_FROM_EMAIL = env("DJANGO_DEFAULT_FROM_EMAIL", default=None)
+
+
+# Logging
+if IS_AZURE_ENVIRONMENT:
+    LOGGING = {
+        "version": 1,
+        "disable_existing_loggers": False,
+        "handlers": {
+            "file": {
+                "level": "INFO",
+                "class": "logging.handlers.TimedRotatingFileHandler",
+                "filename": "/home/LogFiles/django.log",
+                "when": "h",
+                "interval": 1,
+                "backupCount": 24,
+            },
+        },
+        "loggers": {
+            "django": {
+                "handlers": ["file"],
+                "level": "INFO",
+                "propagate": True,
+            },
+        },
+    }
+
+# Redis, if enabled
+redis_cache_host = env("REDIS_CACHE_HOST", default=None)
+redis_cache_port = env("REDIS_CACHE_PORT", default=None)
+redis_cache_db = env("REDIS_CACHE_DB", default=None)
+
+if redis_cache_host and redis_cache_port and redis_cache_db:
+    # This will enable the health check to update the Redis credentials
+    AZURE_REDIS_CREDENTIALS = True
+
+    # This will prevent the website from failing if Redis is not available
+    DJANGO_REDIS_IGNORE_EXCEPTIONS = True
+    DJANGO_REDIS_LOG_IGNORED_EXCEPTIONS = True
+
+    REDIS_CACHE_HOST = redis_cache_host
+    REDIS_CACHE_PORT = redis_cache_port
+    REDIS_CACHE_DB = redis_cache_db
+    redis_credentials = get_redis_credentials()
+    REDIS_USERNAME = redis_credentials.username
+    REDIS_PASSWORD = redis_credentials.password
+
+    CACHES = {
+        "default": {
+            "BACKEND": "django_redis.cache.RedisCache",
+            "LOCATION": f"rediss://{REDIS_USERNAME}@{REDIS_CACHE_HOST}:{REDIS_CACHE_PORT}/{REDIS_CACHE_DB}",
+            "OPTIONS": {
+                "CLIENT_CLASS": "django_redis.client.DefaultClient",
+                "PARSER_CLASS": "redis.connection._HiredisParser",
+                "PASSWORD": REDIS_PASSWORD,
+            },
+        },
+    }

{pulumi_django_azure-1.0.21 → pulumi_django_azure-1.0.23/src/pulumi_django_azure.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: pulumi-django-azure
-Version: 1.0.21
+Version: 1.0.23
 Summary: Simply deployment of Django on Azure with Pulumi
 Author-email: Maarten Ureel <maarten@youreal.eu>
 License: MIT License
@@ -30,12 +30,23 @@ Keywords: django,pulumi,azure
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Requires-Python: >=3.9
+Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: pulumi>=3.146.0
-Requires-Dist: pulumi-azure-native>=2.82.0
-Requires-Dist: pulumi-random>=4.17.0
+Requires-Dist: azure-identity<2.0.0,>=1.21.0
+Requires-Dist: azure-keyvault-secrets<5.0.0,>=4.9.0
+Requires-Dist: azure-mgmt-cdn<14.0.0,>=13.1.1
+Requires-Dist: azure-mgmt-resource<24.0.0,>=23.3.0
+Requires-Dist: django<6.0.0,>=5.1.7
+Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.0
+Requires-Dist: django-environ<0.13.0,>=0.12.0
+Requires-Dist: django-redis<6.0.0,>=5.4.0
+Requires-Dist: django-storages[azure]<2.0.0,>=1.14.5
+Requires-Dist: pulumi>=3.156.0
+Requires-Dist: pulumi-azure-native>=2.89.1
+Requires-Dist: pulumi-random>=4.18.0
+Requires-Dist: redis[hiredis]<6.0.0,>=5.2.1
+Dynamic: license-file
 
 # Pulumi Django Deployment
 
@@ -57,12 +68,36 @@ Your Django project should contain a folder `cicd` with these files:
   Note that this runs in the identity of the build container, so you should not run database or storage manipulations here.
 * startup.sh: commands to run the actual application. I recommend to put at least:
   ```bash
+  # Compile translations
+  apt-get -y install gettext
+  python manage.py compilemessages
+
+  # Run collectstatic in the background
+  sh cicd/collectstatic.sh &
+
   python manage.py migrate
-  python manage.py collectstatic --noinput
-  python manage.py purge_cdn
   gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
-  Be sure to change `yourapplication` in the above. To see the `purge_cdn` management command we use here, see below.
+
+  Be sure to change `yourapplication` in the above.
+
+* collecstatic.sh
+  ```bash
+  #!/bin/bash
+
+  LOGFILE="/var/log/django_collectstatic.log"
+
+  # Collectstatic
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting collectstatic" >> $LOGFILE
+  python manage.py collectstatic --noinput -v 2 >> $LOGFILE
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Finished collectstatic" >> $LOGFILE
+
+  # Purge the CDN
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting purge_cdn" >> $LOGFILE
+  python manage.py purge_cdn >> $LOGFILE
+  echo "$(date '+%Y-%m-%d %H:%M:%S') - Finished purge_cdn" >> $LOGFILE
+  ```
+
 ## Installation
 This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
 
@@ -127,8 +162,23 @@ django.add_database_administrator(
 )
 ```
 
-## Deployment steps
+## Changes to your Django project
+1. Add `pulumi_django_azure` to your `INSTALLED_APPS`
+2. Add to your settings file:
+   ```python
+   from pulumi_django_azure.settings import *  # noqa: F403
+
+   # This will provide the management command to purge the CDN
+   INSTALLED_APPS += ["pulumi_django_azure"]
+
+   # This will provide the health check middleware that will also take care of credential rotation.
+   MIDDLEWARE += ["pulumi_django_azure.middleware.HealthCheckMiddleware"]
+   ```
+   This will pre-configure most settings to make your app work on Azure. You can check the source for details,
+   and ofcourse override any value after importing them.
+
 
+## Deployment steps
 1. Deploy without custom hosts (for CDN and websites)
 2. Configure the PostgreSQL server (create and grant permissions to role for your websites)
 3. Retrieve the deployment SSH key and configure your remote GIT repository with it
@@ -211,19 +261,8 @@ The environment variable will be suffixed with `_SECRET_NAME`.
 
 Then, in your application, retrieve this data from the vault, e.g.:
 ```python
-from azure.keyvault.secrets import SecretClient
-from azure.identity import DefaultAzureCredential
-
-# Azure credentials
-azure_credential = DefaultAzureCredential()
-
-# Azure Key Vault
-AZURE_KEY_VAULT = env("AZURE_KEY_VAULT")
-AZURE_KEY_VAULT_URI = f"https://{AZURE_KEY_VAULT}.vault.azure.net"
-azure_key_vault_client = SecretClient(vault_url=AZURE_KEY_VAULT_URI, credential=azure_credential)
-
 # Social Auth settings
-oauth_secret = azure_key_vault_client.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
+oauth_secret = AZURE_KEY_VAULT_CLIENT.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
 oauth_secret = json.loads(oauth_secret.value)
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = oauth_secret["client_id"]
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = oauth_secret["secret"]
@@ -257,81 +296,6 @@ Be sure to configure the SSH key that Azure will use on GitLab side. You can obt
 
 This would then trigger a redeploy everytime you make a commit to your live branch.
 
-## CDN Purging
-We added a management command to Django to purge the CDN cache, and added that to the startup script. Our version is here:
-```python
-import os
-
-from azure.mgmt.cdn import CdnManagementClient
-from azure.mgmt.cdn.models import PurgeParameters
-from django.core.management.base import BaseCommand
-
-from core.azure_helper import AZURE_CREDENTIAL, get_subscription_id
-
-
-class Command(BaseCommand):
-    help = "Purges the CDN endpoint"
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            "--wait",
-            action="store_true",
-            help="Wait for the purge operation to complete",
-        )
-
-    def handle(self, *args, **options):
-        # Read environment variables
-        resource_group = os.getenv("WEBSITE_RESOURCE_GROUP")
-        profile_name = os.getenv("CDN_PROFILE")
-        endpoint_name = os.getenv("CDN_ENDPOINT")
-        content_paths = ["/*"]
-
-        # Ensure all required environment variables are set
-        if not all([resource_group, profile_name, endpoint_name]):
-            self.stderr.write(self.style.ERROR("Missing required environment variables."))
-            return
-
-        # Authenticate with Azure
-        cdn_client = CdnManagementClient(AZURE_CREDENTIAL, get_subscription_id())
-
-        try:
-            # Purge the CDN endpoint
-            purge_operation = cdn_client.endpoints.begin_purge_content(
-                resource_group_name=resource_group,
-                profile_name=profile_name,
-                endpoint_name=endpoint_name,
-                content_file_paths=PurgeParameters(content_paths=content_paths),
-            )
-
-            # Check if the --wait argument was provided
-            if options["wait"]:
-                purge_operation.result()  # Wait for the operation to complete
-                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation completed successfully."))
-            else:
-                self.stdout.write(self.style.SUCCESS("CDN endpoint purge operation started successfully."))
-
-        except Exception as e:
-            self.stderr.write(self.style.ERROR(f"Error executing CDN endpoint purge command: {e}"))
-```
-
-And our azure_helper:
-```python
-from azure.identity import DefaultAzureCredential
-from azure.mgmt.resource import SubscriptionClient
-
-# Azure credentials
-AZURE_CREDENTIAL = DefaultAzureCredential()
-
-
-def get_db_password() -> str:
-    return AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default").token
-
-
-def get_subscription_id() -> str:
-    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
-    subscriptions = list(subscription_client.subscriptions.list())
-    return subscriptions[0].subscription_id
-```
 
 ## Change requests
 I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.

{pulumi_django_azure-1.0.21 → pulumi_django_azure-1.0.23}/src/pulumi_django_azure.egg-info/SOURCES.txt

@@ -3,9 +3,14 @@ README.md
 pyproject.toml
 setup.cfg
 src/pulumi_django_azure/__init__.py
+src/pulumi_django_azure/azure_helper.py
 src/pulumi_django_azure/django_deployment.py
+src/pulumi_django_azure/middleware.py
+src/pulumi_django_azure/settings.py
 src/pulumi_django_azure.egg-info/PKG-INFO
 src/pulumi_django_azure.egg-info/SOURCES.txt
 src/pulumi_django_azure.egg-info/dependency_links.txt
 src/pulumi_django_azure.egg-info/requires.txt
-src/pulumi_django_azure.egg-info/top_level.txt
+src/pulumi_django_azure.egg-info/top_level.txt
+src/pulumi_django_azure/management/commands/__init__.py
+src/pulumi_django_azure/management/commands/purge_cdn.py

pulumi_django_azure-1.0.23/src/pulumi_django_azure.egg-info/requires.txt

@@ -0,0 +1,13 @@
+azure-identity<2.0.0,>=1.21.0
+azure-keyvault-secrets<5.0.0,>=4.9.0
+azure-mgmt-cdn<14.0.0,>=13.1.1
+azure-mgmt-resource<24.0.0,>=23.3.0
+django<6.0.0,>=5.1.7
+django-azure-communication-email<2.0.0,>=1.3.0
+django-environ<0.13.0,>=0.12.0
+django-redis<6.0.0,>=5.4.0
+django-storages[azure]<2.0.0,>=1.14.5
+pulumi>=3.156.0
+pulumi-azure-native>=2.89.1
+pulumi-random>=4.18.0
+redis[hiredis]<6.0.0,>=5.2.1

pulumi_django_azure-1.0.21/pyproject.toml

@@ -1,62 +0,0 @@
-[build-system]
-requires = ["setuptools>=61.0.0", "wheel"]
-build-backend = "setuptools.build_meta"
-
-[project]
-name = "pulumi-django-azure"
-version = "1.0.21"
-description = "Simply deployment of Django on Azure with Pulumi"
-readme = "README.md"
-authors = [{ name = "Maarten Ureel", email = "maarten@youreal.eu" }]
-license = { file = "LICENSE" }
-classifiers = [
-    "License :: OSI Approved :: MIT License",
-    "Programming Language :: Python",
-    "Programming Language :: Python :: 3",
-]
-keywords = ["django", "pulumi", "azure"]
-dependencies = [
-    "pulumi (>=3.146.0)",
-    "pulumi-azure-native (>=2.82.0)",
-    "pulumi-random (>=4.17.0)",
-]
-requires-python = ">=3.9"
-
-[project.urls]
-Homepage = "https://gitlab.com/MaartenUreel/pulumi-django-azure"
-
-[tool.poetry]
-name = "pulumi-django-azure"
-version = "1.0.21"
-description = "Simply deployment of Django on Azure with Pulumi"
-authors = ["Maarten Ureel <maarten@youreal.eu>"]
-
-[tool.poetry.dependencies]
-python = "^3.11"
-pulumi-azure-native = ">=2.82.0"
-pulumi = ">=3.146.0"
-pulumi-random = ">=4.17.0"
-
-[tool.poetry.group.dev.dependencies]
-twine = "^6.0.1"
-build = "^1.2.2.post1"
-ruff = "^0.9.2"
-
-[tool.ruff]
-line-length = 140
-
-[tool.ruff.lint]
-select = [
-    # pycodestyle
-    "E",
-    # Pyflakes
-    "F",
-    # pyupgrade
-    "UP",
-    # flake8-bugbear
-    "B",
-    # flake8-simplify
-    "SIM",
-    # isort
-    "I",
-]

pulumi_django_azure-1.0.21/src/pulumi_django_azure.egg-info/requires.txt

@@ -1,3 +0,0 @@
-pulumi>=3.146.0
-pulumi-azure-native>=2.82.0
-pulumi-random>=4.17.0