pulumi-django-azure 1.0.26__tar.gz → 1.0.28__tar.gz

{pulumi_django_azure-1.0.26/src/pulumi_django_azure.egg-info → pulumi_django_azure-1.0.28}/PKG-INFO

@@ -1,52 +1,28 @@
 Metadata-Version: 2.4
 Name: pulumi-django-azure
-Version: 1.0.26
+Version: 1.0.28
 Summary: Simply deployment of Django on Azure with Pulumi
 Author-email: Maarten Ureel <maarten@youreal.eu>
-License: MIT License
-        
-        Copyright (c) 2023 YouReal BV
-        
-        Permission is hereby granted, free of charge, to any person obtaining a copy
-        of this software and associated documentation files (the "Software"), to deal
-        in the Software without restriction, including without limitation the rights
-        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-        copies of the Software, and to permit persons to whom the Software is
-        furnished to do so, subject to the following conditions:
-        
-        The above copyright notice and this permission notice shall be included in all
-        copies or substantial portions of the Software.
-        
-        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-        SOFTWARE.
-        
+License-Expression: MIT
 Project-URL: Homepage, https://gitlab.com/MaartenUreel/pulumi-django-azure
 Keywords: django,pulumi,azure
-Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
 Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
-License-File: LICENSE
 Requires-Dist: azure-identity<2.0.0,>=1.21.0
 Requires-Dist: azure-keyvault-secrets<5.0.0,>=4.9.0
 Requires-Dist: azure-mgmt-cdn<14.0.0,>=13.1.1
 Requires-Dist: azure-mgmt-resource<24.0.0,>=23.3.0
-Requires-Dist: django<6.0.0,>=5.1.7
-Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.0
+Requires-Dist: django<6.0,>=5.2
+Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.2
 Requires-Dist: django-environ<0.13.0,>=0.12.0
 Requires-Dist: django-redis<6.0.0,>=5.4.0
-Requires-Dist: django-storages[azure]<2.0.0,>=1.14.5
-Requires-Dist: pulumi>=3.156.0
-Requires-Dist: pulumi-azure-native>=2.89.1
-Requires-Dist: pulumi-random>=4.18.0
+Requires-Dist: django-storages[azure]<2.0.0,>=1.14.6
+Requires-Dist: pulumi>=3.165.0
+Requires-Dist: pulumi-azure-native>=3.2.0
+Requires-Dist: pulumi-random>=4.18.1
 Requires-Dist: redis[hiredis]<6.0.0,>=5.2.1
-Dynamic: license-file
 
 # Pulumi Django Deployment
 
@@ -76,7 +52,7 @@ Your Django project should contain a folder `cicd` with these files:
   sh cicd/collectstatic.sh &
 
   python manage.py migrate
-  gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
+  gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --preload --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
 
   Be sure to change `yourapplication` in the above.
@@ -168,7 +144,7 @@ django.add_database_administrator(
    ```python
    from pulumi_django_azure.settings import *  # noqa: F403
 
-   # This will provide the management command to purge the CDN
+   # This will provide the management command to purge the CDN and cache
    INSTALLED_APPS += ["pulumi_django_azure"]
 
    # This will provide the health check middleware that will also take care of credential rotation.

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/README.md

@@ -26,7 +26,7 @@ Your Django project should contain a folder `cicd` with these files:
   sh cicd/collectstatic.sh &
 
   python manage.py migrate
-  gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
+  gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --preload --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
 
   Be sure to change `yourapplication` in the above.
@@ -118,7 +118,7 @@ django.add_database_administrator(
    ```python
    from pulumi_django_azure.settings import *  # noqa: F403
 
-   # This will provide the management command to purge the CDN
+   # This will provide the management command to purge the CDN and cache
    INSTALLED_APPS += ["pulumi_django_azure"]
 
    # This will provide the health check middleware that will also take care of credential rotation.

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/pyproject.toml

@@ -4,13 +4,12 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "pulumi-django-azure"
-version = "1.0.26"
+version = "1.0.28"
 description = "Simply deployment of Django on Azure with Pulumi"
 readme = "README.md"
 authors = [{ name = "Maarten Ureel", email = "maarten@youreal.eu" }]
-license = { file = "LICENSE" }
+license = "MIT"
 classifiers = [
-    "License :: OSI Approved :: MIT License",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
 ]
@@ -20,15 +19,15 @@ dependencies = [
     "azure-keyvault-secrets (>=4.9.0,<5.0.0)",
     "azure-mgmt-cdn (>=13.1.1,<14.0.0)",
     "azure-mgmt-resource (>=23.3.0,<24.0.0)",
-    "django (>=5.1.7,<6.0.0)",
-    "django-azure-communication-email (>=1.3.0,<2.0.0)",
+    "django (>=5.2,<6.0)",
+    "django-azure-communication-email (>=1.3.2,<2.0.0)",
     "django-environ (>=0.12.0,<0.13.0)",
     "django-redis (>=5.4.0,<6.0.0)",
-    "django-storages[azure] (>=1.14.5,<2.0.0)",
-    "pulumi (>=3.156.0)",
-    "pulumi-azure-native (>=2.89.1)",
-    "pulumi-random (>=4.18.0)",
-    "redis[hiredis] (>=5.2.1,<6.0.0)",
+    "django-storages[azure] (>=1.14.6,<2.0.0)",
+    "pulumi (>=3.165.0)",
+    "pulumi-azure-native (>=3.2.0)",
+    "pulumi-random (>=4.18.1)",
+    "redis[hiredis] (>=5.2.1,<6.0.0)"
 ]
 requires-python = ">=3.11,<3.14"
 
@@ -37,30 +36,31 @@ Homepage = "https://gitlab.com/MaartenUreel/pulumi-django-azure"
 
 [tool.poetry]
 name = "pulumi-django-azure"
-version = "1.0.26"
-description = "Simply deployment of Django on Azure with Pulumi"
+version = "1.0.28"
+description = "Simplify deployment of Django websites on Azure with Pulumi"
 authors = ["Maarten Ureel <maarten@youreal.eu>"]
 
 [tool.poetry.dependencies]
 python = "^3.11,<3.14"
-pulumi-azure-native = ">=2.89.1"
-pulumi = ">=3.156.0"
-pulumi-random = ">=4.18.0"
-django-storages = {extras = ["azure"], version = "^1.14.5"}
 azure-identity = "^1.21.0"
 azure-keyvault-secrets = "^4.9.0"
 azure-mgmt-cdn = "^13.1.1"
 azure-mgmt-resource = "^23.3.0"
-django = "^5.1.7"
-django-azure-communication-email = "^1.3.0"
+django = "^5.2"
+django-azure-communication-email = "^1.3.2"
 django-environ = "^0.12.0"
 django-redis = "^5.4.0"
+django-storages = {extras = ["azure"], version = "^1.14.6"}
+pulumi = ">=3.165.0"
+pulumi-azure-native = ">=3.2.0"
+pulumi-random = ">=4.18.1"
 redis = {extras = ["hiredis"], version = "^5.2.1"}
 
 [tool.poetry.group.dev.dependencies]
-twine = "^6.1.0"
 build = "^1.2.2.post1"
-ruff = "^0.11.0"
+pre-commit = "^4.2.0"
+ruff = "^0.11.7"
+twine = "^6.1.0"
 
 [tool.ruff]
 line-length = 140

pulumi_django_azure-1.0.28/src/pulumi_django_azure/azure_helper.py

@@ -0,0 +1,114 @@
+import base64
+import json
+import logging
+import os
+import time
+from dataclasses import dataclass
+from subprocess import check_output
+
+from azure.identity import DefaultAzureCredential
+from azure.mgmt.resource import SubscriptionClient
+from azure.mgmt.resource.subscriptions.models import Subscription
+
+_redis_token_cache = None
+_database_token_cache = None
+
+logger = logging.getLogger("pulumi_django_azure.azure_helper")
+
+
+# Azure credentials
+AZURE_CREDENTIAL = DefaultAzureCredential()
+
+# Get the local IP addresses of the machine (only when runnig on Azure)
+if os.environ.get("IS_AZURE_ENVIRONMENT"):
+    LOCAL_IP_ADDRESSES = check_output(["hostname", "--all-ip-addresses"]).decode("utf-8").strip().split(" ")
+else:
+    LOCAL_IP_ADDRESSES = []
+
+
+def get_db_password() -> str:
+    """
+    Get a valid password for the database.
+    """
+    global _database_token_cache
+    _database_token_cache = AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default")
+
+    logger.debug("New database token: %s", _database_token_cache)
+
+    return _database_token_cache.token
+
+
+def db_token_will_expire(treshold=300) -> bool:
+    """
+    Check if the database token will expire in the next treshold seconds.
+    """
+    # If the token is not cached, we consider it expired (so a new one will be fetched)
+    if _database_token_cache is None:
+        return True
+
+    logger.debug("Database token expires on: %s", _database_token_cache.expires_on)
+
+    # If the token is cached, check if it will expire in the next treshold seconds
+    return _database_token_cache.expires_on - time.time() < treshold
+
+
+@dataclass
+class RedisCredentials:
+    username: str
+    password: str
+
+
+def get_redis_credentials() -> RedisCredentials:
+    """
+    Get valid credentials for the Redis cache.
+    """
+    global _redis_token_cache
+    _redis_token_cache = AZURE_CREDENTIAL.get_token("https://redis.azure.com/.default")
+
+    t = _redis_token_cache.token
+
+    logger.debug("New Redis token: %s", _redis_token_cache)
+
+    return RedisCredentials(_extract_username_from_token(t), t)
+
+
+def redis_token_will_expire(treshold=300) -> bool:
+    """
+    Check if the Redis token will expire in the next treshold seconds.
+    """
+    # If the token is not cached, we consider it expired (so a new one will be fetched)
+    if _redis_token_cache is None:
+        return True
+
+    logger.debug("Redis token expires on: %s", _redis_token_cache.expires_on)
+
+    # If the token is cached, check if it will expire in the next treshold seconds
+    return _redis_token_cache.expires_on - time.time() < treshold
+
+
+def get_subscription() -> Subscription:
+    """
+    Get the subscription for the current user.
+    """
+    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
+    subscriptions = list(subscription_client.subscriptions.list())
+    return subscriptions[0]
+
+
+def _extract_username_from_token(token: str) -> str:
+    """
+    Extract the username from the JSON Web Token (JWT) token.
+    """
+    parts = token.split(".")
+    base64_str = parts[1]
+
+    if len(base64_str) % 4 == 2:
+        base64_str += "=="
+    elif len(base64_str) % 4 == 3:
+        base64_str += "="
+
+    json_bytes = base64.b64decode(base64_str)
+    json_str = json_bytes.decode("utf-8")
+    jwt = json.loads(json_str)
+
+    return jwt["oid"]

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/src/pulumi_django_azure/django_deployment.py

@@ -14,7 +14,7 @@ class HostDefinition:
     :param identifier: An identifier for this host definition (optional).
     """
 
-    def __init__(self, host: str, zone: azure.network.Zone | None = None, identifier: str | None = None):
+    def __init__(self, host: str, zone: azure.dns.Zone | None = None, identifier: str | None = None):
         self.host = host
         self.zone = zone
         self._identifier = identifier
@@ -68,10 +68,11 @@ class DjangoDeployment(pulumi.ComponentResource):
         app_service_sku: azure.web.SkuDescriptionArgs,
         storage_account_name: str,
         storage_allowed_origins: Sequence[str] | None = None,
+        pgsql_parameters: dict[str, str] | None = None,
         pgadmin_access_ip: Sequence[str] | None = None,
-        pgadmin_dns_zone: azure.network.Zone | None = None,
+        pgadmin_dns_zone: azure.dns.Zone | None = None,
         cache_ip_prefix: str | None = None,
-        cache_sku: azure.cache.SkuArgs | None = None,
+        cache_sku: azure.redis.SkuArgs | None = None,
         cdn_host: HostDefinition | None = None,
         opts=None,
     ):
@@ -88,6 +89,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         :param app_service_sku: The SKU for the app service plan.
         :param storage_account_name: The name of the storage account. Should be unique across Azure.
         :param storage_allowed_origins: The origins (hosts) to allow access through CORS policy. You can specify '*' to allow all.
+        :param pgsql_parameters: The parameters to set on the PostgreSQL server. (optional)
         :param pgadmin_access_ip: The IP addresses to allow access to pgAdmin. If empty, all IP addresses are allowed.
         :param pgadmin_dns_zone: The Azure DNS zone to a pgadmin DNS record in. (optional)
         :param cache_ip_prefix: The IP prefix for the cache subnet. (optional)
@@ -111,7 +113,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         self._cdn_host = self._create_cdn(custom_host=cdn_host)
 
         # PostgreSQL resources
-        self._create_database(sku=pgsql_sku, ip_prefix=pgsql_ip_prefix)
+        self._create_database(sku=pgsql_sku, ip_prefix=pgsql_ip_prefix, parameters=pgsql_parameters)
 
         # Cache resources
         if cache_ip_prefix and cache_sku:
@@ -220,14 +222,14 @@ class DjangoDeployment(pulumi.ComponentResource):
         if custom_host:
             if custom_host.zone:
                 # Create a DNS record for the custom host in the given zone
-                rs = azure.network.RecordSet(
+                rs = azure.dns.RecordSet(
                     f"cdn-cname-{self._name}",
                     resource_group_name=self._rg,
                     zone_name=custom_host.zone.name,
                     relative_record_set_name=custom_host.host,
                     record_type="CNAME",
                     ttl=3600,
-                    target_resource=azure.network.SubResourceArgs(
+                    target_resource=azure.dns.SubResourceArgs(
                         id=self._cdn_endpoint.id,
                     ),
                 )
@@ -257,7 +259,7 @@ class DjangoDeployment(pulumi.ComponentResource):
             # Return the default CDN host name
             return self._cdn_endpoint.host_name
 
-    def _create_database(self, sku: azure.dbforpostgresql.SkuArgs, ip_prefix: str):
+    def _create_database(self, sku: azure.dbforpostgresql.SkuArgs, ip_prefix: str, parameters: dict[str, str]):
         # Create subnet for PostgreSQL
         subnet = self._create_subnet(
             name="pgsql",
@@ -266,7 +268,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         )
 
         # Create private DNS zone
-        dns = azure.network.PrivateZone(
+        dns = azure.privatedns.PrivateZone(
             f"dns-pgsql-{self._name}",
             resource_group_name=self._rg,
             location="global",
@@ -275,7 +277,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         )
 
         # Link the private DNS zone to the VNet in order to make resolving work
-        azure.network.VirtualNetworkLink(
+        azure.privatedns.VirtualNetworkLink(
             f"vnet-link-pgsql-{self._name}",
             resource_group_name=self._rg,
             location="global",
@@ -306,25 +308,37 @@ class DjangoDeployment(pulumi.ComponentResource):
             ),
         )
 
+        # Add parameters
+        if parameters:
+            for name, value in parameters.items():
+                azure.dbforpostgresql.Configuration(
+                    f"pgsql-config-{self._name}-{name}",
+                    resource_group_name=self._rg,
+                    server_name=self._pgsql.name,
+                    source="user-override",
+                    configuration_name=name,
+                    value=value,
+                )
+
         pulumi.export("pgsql_host", self._pgsql.fully_qualified_domain_name)
 
-    def _create_cache(self, sku: azure.cache.SkuArgs, ip_prefix: str):
+    def _create_cache(self, sku: azure.redis.SkuArgs, ip_prefix: str):
         # Create a Redis cache
-        self._cache = azure.cache.Redis(
+        self._cache = azure.redis.Redis(
             f"cache-{self._name}",
             resource_group_name=self._rg,
             sku=sku,
             enable_non_ssl_port=False,
-            public_network_access=azure.cache.PublicNetworkAccess.DISABLED,
+            public_network_access=azure.redis.PublicNetworkAccess.DISABLED,
         )
 
         # Create an access policy that gives us access to the cache
-        self._cache_access_policy = azure.cache.AccessPolicy(
+        self._cache_access_policy = azure.redis.AccessPolicy(
             f"cache-access-policy-{self._name}",
             resource_group_name=self._rg,
             cache_name=self._cache.name,
-            # Same as the built in Data Contributor policy
-            permissions="+@all -@dangerous +cluster|info +cluster|nodes +cluster|slots allkeys",
+            # Same as the built in Data Contributor policy + flushdb permissions
+            permissions="+@all -@dangerous +flushdb +cluster|info +cluster|nodes +cluster|slots allkeys",
         )
 
         # Allocate a subnet for the cache
@@ -334,7 +348,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         )
 
         # Create a private DNS zone for the cache
-        dns = azure.network.PrivateZone(
+        dns = azure.privatedns.PrivateZone(
             f"dns-cache-{self._name}",
             resource_group_name=self._rg,
             location="global",
@@ -342,7 +356,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         )
 
         # Link the private DNS zone to the VNet in order to make resolving work
-        azure.network.VirtualNetworkLink(
+        azure.privatedns.VirtualNetworkLink(
             f"vnet-link-cache-{self._name}",
             resource_group_name=self._rg,
             location="global",
@@ -377,14 +391,14 @@ class DjangoDeployment(pulumi.ComponentResource):
         )
 
         # Create a DNS record for the cache
-        azure.network.PrivateRecordSet(
+        azure.privatedns.PrivateRecordSet(
             f"dns-a-cache-{self._name}",
             resource_group_name=self._rg,
             private_zone_name=dns.name,
             relative_record_set_name=self._cache.name,
             record_type="A",
             ttl=300,
-            a_records=[azure.network.ARecordArgs(ipv4_address=ip)],
+            a_records=[azure.privatedns.ARecordArgs(ipv4_address=ip)],
         )
 
     def _create_subnet(
@@ -432,7 +446,7 @@ class DjangoDeployment(pulumi.ComponentResource):
             sku=sku,
         )
 
-    def _create_pgadmin_app(self, access_ip: Sequence[str] | None = None, dns_zone: azure.network.Zone | None = None):
+    def _create_pgadmin_app(self, access_ip: Sequence[str] | None = None, dns_zone: azure.dns.Zone | None = None):
         # Determine the IP restrictions
         ip_restrictions = []
         default_restriction = azure.web.DefaultAction.ALLOW
@@ -490,20 +504,20 @@ class DjangoDeployment(pulumi.ComponentResource):
 
         if dns_zone:
             # Create a DNS record for the pgAdmin app
-            cname = azure.network.RecordSet(
+            cname = azure.dns.RecordSet(
                 f"dns-cname-pgadmin-{self._name}",
                 resource_group_name=self._rg,
                 zone_name=dns_zone.name,
                 relative_record_set_name="pgadmin",
                 record_type="CNAME",
                 ttl=3600,
-                cname_record=azure.network.CnameRecordArgs(
+                cname_record=azure.dns.CnameRecordArgs(
                     cname=app.default_host_name,
                 ),
             )
 
             # For the certificate validation to work
-            txt_validation = azure.network.RecordSet(
+            txt_validation = azure.dns.RecordSet(
                 f"dns-txt-pgadmin-{self._name}",
                 resource_group_name=self._rg,
                 zone_name=dns_zone.name,
@@ -511,7 +525,7 @@ class DjangoDeployment(pulumi.ComponentResource):
                 record_type="TXT",
                 ttl=3600,
                 txt_records=[
-                    azure.network.TxtRecordArgs(
+                    azure.dns.TxtRecordArgs(
                         value=[app.custom_domain_verification_id],
                     )
                 ],
@@ -631,11 +645,11 @@ class DjangoDeployment(pulumi.ComponentResource):
 
         existing_binding.apply(_create_binding_with_cert)
 
-    def _create_comms_dns_records(self, suffix, host: HostDefinition, records: dict) -> list[azure.network.RecordSet]:
+    def _create_comms_dns_records(self, suffix, host: HostDefinition, records: dict) -> list[azure.dns.RecordSet]:
         created_records = []
 
         # Domain validation and SPF record (one TXT record with multiple values)
-        r = azure.network.RecordSet(
+        r = azure.dns.RecordSet(
             f"dns-comms-{suffix}-{host.identifier}-domain",
             resource_group_name=self._rg,
             zone_name=host.zone.name,
@@ -643,8 +657,8 @@ class DjangoDeployment(pulumi.ComponentResource):
             record_type="TXT",
             ttl=3600,
             txt_records=[
-                azure.network.TxtRecordArgs(value=[records["domain"]["value"]]),
-                azure.network.TxtRecordArgs(value=[records["s_pf"]["value"]]),
+                azure.dns.TxtRecordArgs(value=[records["domain"]["value"]]),
+                azure.dns.TxtRecordArgs(value=[records["s_pf"]["value"]]),
             ],
         )
         created_records.append(r)
@@ -656,14 +670,14 @@ class DjangoDeployment(pulumi.ComponentResource):
             else:
                 relative_record_set_name = f"{records[record]['name']}.{host.host}"
 
-            r = azure.network.RecordSet(
+            r = azure.dns.RecordSet(
                 f"dns-comms-{suffix}-{host.identifier}-{record}",
                 resource_group_name=self._rg,
                 zone_name=host.zone.name,
                 relative_record_set_name=relative_record_set_name,
                 record_type="CNAME",
                 ttl=records[record]["ttl"],
-                cname_record=azure.network.CnameRecordArgs(cname=records[record]["value"]),
+                cname_record=azure.dns.CnameRecordArgs(cname=records[record]["value"]),
             )
             created_records.append(r)
 
@@ -1026,7 +1040,7 @@ class DjangoDeployment(pulumi.ComponentResource):
             if host.zone:
                 # Create a DNS record in the zone.
                 # We always use an A record instead of CNAME to avoid collisions with TXT records.
-                a = azure.network.RecordSet(
+                a = azure.dns.RecordSet(
                     f"dns-a-{name}-{self._name}-{host.identifier}",
                     resource_group_name=self._rg,
                     zone_name=host.zone.name,
@@ -1034,7 +1048,7 @@ class DjangoDeployment(pulumi.ComponentResource):
                     record_type="A",
                     ttl=3600,
                     a_records=[
-                        azure.network.ARecordArgs(
+                        azure.dns.ARecordArgs(
                             ipv4_address=virtual_ip,
                         )
                     ],
@@ -1045,7 +1059,7 @@ class DjangoDeployment(pulumi.ComponentResource):
                 # For the certificate validation to work
                 relative_record_set_name = "asuid" if host.host == "@" else pulumi.Output.concat("asuid.", host.host)
 
-                txt_validation = azure.network.RecordSet(
+                txt_validation = azure.dns.RecordSet(
                     f"dns-txt-{name}-{self._name}-{host.identifier}",
                     resource_group_name=self._rg,
                     zone_name=host.zone.name,
@@ -1053,7 +1067,7 @@ class DjangoDeployment(pulumi.ComponentResource):
                     record_type="TXT",
                     ttl=3600,
                     txt_records=[
-                        azure.network.TxtRecordArgs(
+                        azure.dns.TxtRecordArgs(
                             value=[app.custom_domain_verification_id],
                         )
                     ],
@@ -1126,7 +1140,7 @@ class DjangoDeployment(pulumi.ComponentResource):
         # Grant the app access to the cache if needed.
         # We need to check explicitly if it is not None because the db could also be 0.
         if self._cache and cache_db is not None:
-            azure.cache.AccessPolicyAssignment(
+            azure.redis.AccessPolicyAssignment(
                 f"ra-{name}-cache",
                 resource_group_name=self._rg,
                 cache_name=self._cache.name,
@@ -1171,7 +1185,7 @@ class DjangoDeployment(pulumi.ComponentResource):
 
         return app
 
-    def _strip_off_dns_zone_name(self, host: str, zone: azure.network.Zone) -> pulumi.Output[str]:
+    def _strip_off_dns_zone_name(self, host: str, zone: azure.dns.Zone) -> pulumi.Output[str]:
         """
         Strip off the DNS zone name from the host name.
 

pulumi_django_azure-1.0.28/src/pulumi_django_azure/management/commands/purge_cache.py

@@ -0,0 +1,15 @@
+from django.core.cache import cache
+from django.core.management.base import BaseCommand
+
+
+class Command(BaseCommand):
+    help = "Purges the entire cache."
+
+    def handle(self, *args, **options):
+        self.stdout.write("Purging cache...")
+
+        try:
+            cache.clear()
+            self.stdout.write(self.style.SUCCESS("Successfully purged cache."))
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"Failed to purge cache: {e}"))

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/src/pulumi_django_azure/management/commands/purge_cdn.py

@@ -4,6 +4,7 @@ from azure.mgmt.cdn import CdnManagementClient
 from azure.mgmt.cdn.models import PurgeParameters
 from django.conf import settings
 from django.core.management.base import BaseCommand
+
 from pulumi_django_azure.azure_helper import AZURE_CREDENTIAL
 
 

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/src/pulumi_django_azure/middleware.py

@@ -1,4 +1,5 @@
 import logging
+import os
 
 from django.conf import settings
 from django.core.cache import cache
@@ -7,35 +8,57 @@ from django.db.utils import OperationalError
 from django.http import HttpResponse
 from django_redis import get_redis_connection
 
-from .azure_helper import get_db_password, get_redis_credentials
+from .azure_helper import db_token_will_expire, get_db_password, get_redis_credentials, redis_token_will_expire
 
-logger = logging.getLogger(__name__)
+logger = logging.getLogger("pulumi_django_azure.health_check")
 
 
 class HealthCheckMiddleware:
     def __init__(self, get_response):
         self.get_response = get_response
 
+    def _self_heal(self):
+        # Send HUP signal to gunicorn main thread,
+        # which will trigger new workers to start.
+        os.kill(os.getppid(), 1)
+
     def __call__(self, request):
         if request.path == settings.HEALTH_CHECK_PATH:
             # Update the database credentials if needed
             if settings.AZURE_DB_PASSWORD:
                 try:
-                    settings.DATABASES["default"]["PASSWORD"] = get_db_password()
+                    if db_token_will_expire():
+                        logger.debug("Database token will expire, fetching new credentials")
+                        settings.DATABASES["default"]["PASSWORD"] = get_db_password()
+                    else:
+                        logger.debug("Database token is still valid, skipping credentials update")
                 except Exception as e:
                     logger.error("Failed to update database credentials: %s", str(e))
+
+                    self._self_heal()
+
                     return HttpResponse(status=503)
 
             # Update the Redis credentials if needed
             if settings.AZURE_REDIS_CREDENTIALS:
                 try:
-                    redis_credentials = get_redis_credentials()
-                    # Re-authenticate the Redis connection
-                    redis_connection = get_redis_connection("default")
-                    redis_connection.execute_command("AUTH", redis_credentials.username, redis_credentials.password)
-                    settings.CACHES["default"]["OPTIONS"]["PASSWORD"] = redis_credentials.password
+                    if redis_token_will_expire():
+                        logger.debug("Redis token will expire, fetching new credentials")
+
+                        redis_credentials = get_redis_credentials()
+
+                        # Re-authenticate the Redis connection
+                        redis_connection = get_redis_connection("default")
+                        redis_connection.execute_command("AUTH", redis_credentials.username, redis_credentials.password)
+
+                        settings.CACHES["default"]["OPTIONS"]["PASSWORD"] = redis_credentials.password
+                    else:
+                        logger.debug("Redis token is still valid, skipping credentials update")
                 except Exception as e:
                     logger.error("Failed to update Redis credentials: %s", str(e))
+
+                    self._self_heal()
+
                     return HttpResponse(status=503)
 
             try:

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/src/pulumi_django_azure/settings.py

@@ -102,14 +102,21 @@ if IS_AZURE_ENVIRONMENT:
     LOGGING = {
         "version": 1,
         "disable_existing_loggers": False,
+        "formatters": {
+            "timestamped": {
+                "format": "{asctime} {levelname} {message}",
+                "style": "{",
+            },
+        },
         "handlers": {
             "file": {
                 "level": "INFO",
-                "class": "logging.handlers.TimedRotatingFileHandler",
+                "class": "logging.handlers.RotatingFileHandler",
                 "filename": "/home/LogFiles/django.log",
-                "when": "h",
-                "interval": 1,
-                "backupCount": 24,
+                # 50 MB
+                "maxBytes": 52428800,
+                "backupCount": 5,
+                "formatter": "timestamped",
             },
         },
         "loggers": {
@@ -118,6 +125,11 @@ if IS_AZURE_ENVIRONMENT:
                 "level": "INFO",
                 "propagate": True,
             },
+            "pulumi_django_azure": {
+                "handlers": ["file"],
+                "level": "INFO",
+                "propagate": True,
+            },
         },
     }
 

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28/src/pulumi_django_azure.egg-info}/PKG-INFO

@@ -1,52 +1,28 @@
 Metadata-Version: 2.4
 Name: pulumi-django-azure
-Version: 1.0.26
+Version: 1.0.28
 Summary: Simply deployment of Django on Azure with Pulumi
 Author-email: Maarten Ureel <maarten@youreal.eu>
-License: MIT License
-        
-        Copyright (c) 2023 YouReal BV
-        
-        Permission is hereby granted, free of charge, to any person obtaining a copy
-        of this software and associated documentation files (the "Software"), to deal
-        in the Software without restriction, including without limitation the rights
-        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-        copies of the Software, and to permit persons to whom the Software is
-        furnished to do so, subject to the following conditions:
-        
-        The above copyright notice and this permission notice shall be included in all
-        copies or substantial portions of the Software.
-        
-        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-        SOFTWARE.
-        
+License-Expression: MIT
 Project-URL: Homepage, https://gitlab.com/MaartenUreel/pulumi-django-azure
 Keywords: django,pulumi,azure
-Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
 Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
-License-File: LICENSE
 Requires-Dist: azure-identity<2.0.0,>=1.21.0
 Requires-Dist: azure-keyvault-secrets<5.0.0,>=4.9.0
 Requires-Dist: azure-mgmt-cdn<14.0.0,>=13.1.1
 Requires-Dist: azure-mgmt-resource<24.0.0,>=23.3.0
-Requires-Dist: django<6.0.0,>=5.1.7
-Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.0
+Requires-Dist: django<6.0,>=5.2
+Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.2
 Requires-Dist: django-environ<0.13.0,>=0.12.0
 Requires-Dist: django-redis<6.0.0,>=5.4.0
-Requires-Dist: django-storages[azure]<2.0.0,>=1.14.5
-Requires-Dist: pulumi>=3.156.0
-Requires-Dist: pulumi-azure-native>=2.89.1
-Requires-Dist: pulumi-random>=4.18.0
+Requires-Dist: django-storages[azure]<2.0.0,>=1.14.6
+Requires-Dist: pulumi>=3.165.0
+Requires-Dist: pulumi-azure-native>=3.2.0
+Requires-Dist: pulumi-random>=4.18.1
 Requires-Dist: redis[hiredis]<6.0.0,>=5.2.1
-Dynamic: license-file
 
 # Pulumi Django Deployment
 
@@ -76,7 +52,7 @@ Your Django project should contain a folder `cicd` with these files:
   sh cicd/collectstatic.sh &
 
   python manage.py migrate
-  gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
+  gunicorn --timeout 600 --workers $((($NUM_CORES*2)+1)) --preload --chdir $APP_PATH yourapplication.wsgi --access-logfile '-' --error-logfile '-'
   ```
 
   Be sure to change `yourapplication` in the above.
@@ -168,7 +144,7 @@ django.add_database_administrator(
    ```python
    from pulumi_django_azure.settings import *  # noqa: F403
 
-   # This will provide the management command to purge the CDN
+   # This will provide the management command to purge the CDN and cache
    INSTALLED_APPS += ["pulumi_django_azure"]
 
    # This will provide the health check middleware that will also take care of credential rotation.

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/src/pulumi_django_azure.egg-info/SOURCES.txt

@@ -1,4 +1,3 @@
-LICENSE
 README.md
 pyproject.toml
 setup.cfg
@@ -13,4 +12,5 @@ src/pulumi_django_azure.egg-info/dependency_links.txt
 src/pulumi_django_azure.egg-info/requires.txt
 src/pulumi_django_azure.egg-info/top_level.txt
 src/pulumi_django_azure/management/commands/__init__.py
+src/pulumi_django_azure/management/commands/purge_cache.py
 src/pulumi_django_azure/management/commands/purge_cdn.py

{pulumi_django_azure-1.0.26 → pulumi_django_azure-1.0.28}/src/pulumi_django_azure.egg-info/requires.txt

@@ -2,12 +2,12 @@ azure-identity<2.0.0,>=1.21.0
 azure-keyvault-secrets<5.0.0,>=4.9.0
 azure-mgmt-cdn<14.0.0,>=13.1.1
 azure-mgmt-resource<24.0.0,>=23.3.0
-django<6.0.0,>=5.1.7
-django-azure-communication-email<2.0.0,>=1.3.0
+django<6.0,>=5.2
+django-azure-communication-email<2.0.0,>=1.3.2
 django-environ<0.13.0,>=0.12.0
 django-redis<6.0.0,>=5.4.0
-django-storages[azure]<2.0.0,>=1.14.5
-pulumi>=3.156.0
-pulumi-azure-native>=2.89.1
-pulumi-random>=4.18.0
+django-storages[azure]<2.0.0,>=1.14.6
+pulumi>=3.165.0
+pulumi-azure-native>=3.2.0
+pulumi-random>=4.18.1
 redis[hiredis]<6.0.0,>=5.2.1

pulumi_django_azure-1.0.26/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2023 YouReal BV
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

pulumi_django_azure-1.0.26/src/pulumi_django_azure/azure_helper.py

@@ -1,67 +0,0 @@
-import base64
-import json
-import os
-from dataclasses import dataclass
-from subprocess import check_output
-
-from azure.identity import DefaultAzureCredential
-from azure.mgmt.resource import SubscriptionClient
-from azure.mgmt.resource.subscriptions.models import Subscription
-
-# Azure credentials
-AZURE_CREDENTIAL = DefaultAzureCredential()
-
-# Get the local IP addresses of the machine (only when runnig on Azure)
-if os.environ.get("ORYX_ENV_NAME"):
-    LOCAL_IP_ADDRESSES = check_output(["hostname", "--all-ip-addresses"]).decode("utf-8").strip().split(" ")
-else:
-    LOCAL_IP_ADDRESSES = []
-
-
-def get_db_password() -> str:
-    """
-    Get a valid password for the database.
-    """
-    return AZURE_CREDENTIAL.get_token("https://ossrdbms-aad.database.windows.net/.default").token
-
-
-@dataclass
-class RedisCredentials:
-    username: str
-    password: str
-
-
-def get_redis_credentials() -> RedisCredentials:
-    """
-    Get valid credentials for the Redis cache.
-    """
-    token = AZURE_CREDENTIAL.get_token("https://redis.azure.com/.default").token
-    return RedisCredentials(_extract_username_from_token(token), token)
-
-
-def get_subscription() -> Subscription:
-    """
-    Get the subscription for the current user.
-    """
-    subscription_client = SubscriptionClient(AZURE_CREDENTIAL)
-    subscriptions = list(subscription_client.subscriptions.list())
-    return subscriptions[0]
-
-
-def _extract_username_from_token(token: str) -> str:
-    """
-    Extract the username from the JSON Web Token (JWT) token.
-    """
-    parts = token.split(".")
-    base64_str = parts[1]
-
-    if len(base64_str) % 4 == 2:
-        base64_str += "=="
-    elif len(base64_str) % 4 == 3:
-        base64_str += "="
-
-    json_bytes = base64.b64decode(base64_str)
-    json_str = json_bytes.decode("utf-8")
-    jwt = json.loads(json_str)
-
-    return jwt["oid"]