PyPI - pulumi-django-azure - Versions diffs - 1.0.35__tar.gz → 1.0.37__tar.gz - Mend

pulumi-django-azure 1.0.35tar.gz → 1.0.37tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pulumi-django-azure might be problematic. Click here for more details.

Files changed (19) hide show

{pulumi_django_azure-1.0.35 → pulumi_django_azure-1.0.37}/PKG-INFO RENAMED Viewed

@@ -1,244 +1,246 @@
-Metadata-Version: 2.4
-Name: pulumi-django-azure
-Version: 1.0.35
-Summary: Simply deployment of Django on Azure with Pulumi
-Author-email: Maarten Ureel <maarten@youreal.eu>
-License-Expression: MIT
-Project-URL: Homepage, https://gitlab.com/MaartenUreel/pulumi-django-azure
-Keywords: django,pulumi,azure
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Requires-Python: <3.14,>=3.11
-Description-Content-Type: text/markdown
-Requires-Dist: azure-identity<2.0.0,>=1.24.0
-Requires-Dist: azure-keyvault-secrets<5.0.0,>=4.10.0
-Requires-Dist: azure-mgmt-cdn<14.0.0,>=13.1.1
-Requires-Dist: azure-mgmt-resource<25.0.0,>=24.0.0
-Requires-Dist: django<6.0.0,>=5.2.5
-Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.2
-Requires-Dist: django-environ<0.13.0,>=0.12.0
-Requires-Dist: django-redis<7.0.0,>=6.0.0
-Requires-Dist: django-storages[azure]<2.0.0,>=1.14.6
-Requires-Dist: pulumi>=3.189.0
-Requires-Dist: pulumi-azure-native>=3.7.1
-Requires-Dist: pulumi-random>=4.18.3
-Requires-Dist: redis[hiredis]<7.0.0,>=6.4.0
-Requires-Dist: tenacity<10.0.0,>=9.1.2
-# Pulumi Django Deployment
-This project aims to make a simple Django deployment on Azure easier.
-To have a proper and secure environment, we need these components:
-* Storage account for media and static files
-* CDN endpoint in front with a domain name of our choosing
-* PostgreSQL server
-* Azure Communication Services to send e-mails
-* Webapp with multiple custom host names and managed SSL for the website itself
-* Azure Key Vault per application
-* Webapp running pgAdmin
-## Project requirements
-## Installation
-This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
-To use a specific branch in your project, add to pyproject.toml dependencies:
-```
-pulumi-django-azure = { git = "git@gitlab.com:MaartenUreel/pulumi-django-azure.git", branch = "dev" }
-```
-A simple project could look like this:
-```python
-import pulumi
-import pulumi_azure_native as azure
-from pulumi_django_azure import DjangoDeployment
-stack = pulumi.get_stack()
-config = pulumi.Config()
-# Create resource group
-rg = azure.resources.ResourceGroup(f"rg-{stack}")
-# Create VNet
-vnet = azure.network.VirtualNetwork(
-    f"vnet-{stack}",
-    resource_group_name=rg.name,
-    address_space=azure.network.AddressSpaceArgs(
-        address_prefixes=["10.0.0.0/16"],
-    ),
-)
-# Deploy the website and all its components
-django = DjangoDeployment(
-    stack,
-    tenant_id="abc123...",
-    resource_group_name=rg.name,
-    vnet=vnet,
-    pgsql_ip_prefix="10.0.10.0/24",
-    appservice_ip_prefix="10.0.20.0/24",
-    app_service_sku=azure.web.SkuDescriptionArgs(
-        name="B2",
-        tier="Basic",
-    ),
-    storage_account_name="mystorageaccount",
-    cdn_host="cdn.example.com",
-)
-django.add_django_website(
-    name="web",
-    db_name="mywebsite",
-    repository_url="git@gitlab.com:project/website.git",
-    repository_branch="main",
-    website_hosts=["example.com", "www.example.com"],
-    django_settings_module="mywebsite.settings.production",
-    comms_data_location="europe",
-    comms_domains=["mydomain.com"],
-)
-django.add_database_administrator(
-    object_id="a1b2c3....",
-    user_name="user@example.com",
-    tenant_id="a1b2c3....",
-)
-```
-## Changes to your Django project
-1. Add `pulumi_django_azure` to your `INSTALLED_APPS`
-2. Add to your settings file:
-   ```python
-   from pulumi_django_azure.settings import *  # noqa: F403
-   # This will provide the management command to purge the CDN and cache
-   INSTALLED_APPS += ["pulumi_django_azure"]
-   # This will provide the health check middleware that will also take care of credential rotation.
-   MIDDLEWARE += ["pulumi_django_azure.middleware.HealthCheckMiddleware"]
-   ```
-   This will pre-configure most settings to make your app work on Azure. You can check the source for details,
-   and ofcourse override any value after importing them.
-## Deployment steps
-1. Deploy without custom hosts (for CDN and websites)
-2. Configure the PostgreSQL server (create and grant permissions to role for your websites)
-3. Retrieve the deployment SSH key and configure your remote GIT repository with it
-4. Configure your CDN host (add the CNAME record)
-5. Configure your custom website domains (add CNAME/A record and TXT validation records)
-6. Re-deploy with custom hosts
-7. Re-deploy once more to enable HTTPS on website domains
-8. Manually activate HTTPS on the CDN host
-9. Go to the e-mail communications service on Azure and configure DKIM, SPF,... for your custom domains.
-## Custom domain name for CDN
-When deploying the first time, you will get a `cdn_cname` output. You need to create a CNAME to this domain before the deployment of the custom domain will succeed.
-You can safely deploy with the failing CustomDomain to get the CNAME, create the record and then deploy again.
-To enable HTTPS, you need to do this manually in the console. This is because of a limitation in the Azure API:
-https://github.com/Azure/azure-rest-api-specs/issues/17498
-## Custom domain names for web application
-Because of a circular dependency in custom domain name bindings and certificates that is out of our control, you need to deploy the stack twice.
-The first time will create the bindings without a certificate.
-The second deployment will then create the certificate for the domain (which is only possible if the binding exists), but also set the fingerprint of that certificate on the binding.
-To make the certificate work, you need to create a TXT record named `asuid` point to the output of `{your_app}_site_domain_verification_id`. For example:
-```
-asuid.mywebsite.com.      TXT  "A1B2C3D4E5..."
-asuid.www.mywebsite.com.  TXT  "A1B2C3D4E5..."
-```
-## Database authentication
-The PostgreSQL uses Entra ID authentication only, no passwords.
-### Administrator login
-If you want to log in to the database yourself, you can add yourself as an administrator with the `add_database_administrator` function.
-Your username is your e-mailaddress, a temporary password can be obtained using `az account get-access-token`.
-You can use this method to log in to pgAdmin.
-### Application
-Refer to this documentation:
-https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-role-using-microsoft-entra-object-identifier
-In short, run something like this in the `postgres` database:
-```
-SELECT * FROM pgaadauth_create_principal_with_oid('web_managed_identity', 'c8b25b85-d060-4cfc-bad4-b8581cfdf946', 'service', false, false);
-```
-Replace the GUID of course with the managed identity our web app gets.
-The name of the role is outputted by `{your_app}_site_db_user`
-Be sure to grant this role the correct permissions too.
-## pgAdmin specifics
-pgAdmin will be created with a default login:
-* Login: dbadmin@dbadmin.net
-* Password: dbadmin
-Best practice is to log in right away, create a user for yourself and delete this default user.
-## Azure OAuth2 / Django Social Auth
-If you want to set up login with Azure, which would make sense since you are in the ecosystem, you need to create an App Registration in Entra ID, create a secret and then register these settings in your stack:
-```
-pulumi config set --secret --path 'mywebsite_social_auth_azure.key' secret_ID
-pulumi config set --secret --path 'mywebsite_social_auth_azure.secret' secret_value
-pulumi config set --secret --path 'mywebsite_social_auth_azure.tenant_id' directory_tenant_id
-pulumi config set --secret --path 'mywebsite_social_auth_azure.client_id' application_id
-```
-Then in your Django deployment, pass to the `add_django_website` command:
-```
-secrets={
-    "mywebsite_social_auth_azure": "AZURE_OAUTH",
-},
-```
-The value will be automatically stored in the vault where the application has access to.
-The environment variable will be suffixed with `_SECRET_NAME`.
-Then, in your application, retrieve this data from the vault, e.g.:
-```python
-# Social Auth settings
-oauth_secret = AZURE_KEY_VAULT_CLIENT.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
-oauth_secret = json.loads(oauth_secret.value)
-SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = oauth_secret["client_id"]
-SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = oauth_secret["secret"]
-SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = oauth_secret["tenant_id"]
-SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = ["username", "first_name", "last_name", "email"]
-SOCIAL_AUTH_POSTGRES_JSONFIELD = True
-AUTHENTICATION_BACKENDS = (
-    "social_core.backends.azuread_tenant.AzureADTenantOAuth2",
-    "django.contrib.auth.backends.ModelBackend",
-)
-```
-And of course add the login button somewhere, following Django Social Auth instructions.
-## Automate deployments
-When using a service like GitLab, you can configure a Webhook to fire upon a push to your branch.
-You need to download the deployment profile to obtain the deployment username and password, and then you can construct a URL like this:
-```
-https://{user}:{pass}@{appname}.scm.azurewebsites.net/deploy
-```
-```
-https://{appname}.scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
-```
-Be sure to configure the SSH key that Azure will use on GitLab side. You can obtain it using:
-This would then trigger a redeploy everytime you make a commit to your live branch.
-## Change requests
-I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.
-Therefore this project is not super generic, but tailored to my needs. I am however open to pull or change requests to improve this project or to make it more usable for others.
+Metadata-Version: 2.4
+Name: pulumi-django-azure
+Version: 1.0.37
+Summary: Simply deployment of Django on Azure with Pulumi
+License-Expression: MIT
+Keywords: django,pulumi,azure
+Author: Maarten Ureel
+Author-email: maarten@youreal.eu
+Requires-Python: >=3.11,<3.14
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Requires-Dist: azure-identity (>=1.25.0,<2.0.0)
+Requires-Dist: azure-keyvault-secrets (>=4.10.0,<5.0.0)
+Requires-Dist: azure-mgmt-cdn (>=13.1.1,<14.0.0)
+Requires-Dist: azure-mgmt-resource (>=24.0.0,<25.0.0)
+Requires-Dist: django (>=5.2.7,<6.0.0)
+Requires-Dist: django-azure-communication-email (>=1.4.0,<2.0.0)
+Requires-Dist: django-environ (>=0.12.0,<0.13.0)
+Requires-Dist: django-redis (>=6.0.0,<7.0.0)
+Requires-Dist: django-storages[azure] (>=1.14.6,<2.0.0)
+Requires-Dist: pulumi (>=3.199.0)
+Requires-Dist: pulumi-azure-native (>=3.8.0)
+Requires-Dist: pulumi-random (>=4.18.3)
+Requires-Dist: redis[hiredis] (>=6.4.0,<7.0.0)
+Requires-Dist: tenacity (>=9.1.2,<10.0.0)
+Project-URL: Homepage, https://gitlab.com/MaartenUreel/pulumi-django-azure
+Description-Content-Type: text/markdown
+# Pulumi Django Deployment
+This project aims to make a simple Django deployment on Azure easier.
+To have a proper and secure environment, we need these components:
+* Storage account for media and static files
+* CDN endpoint in front with a domain name of our choosing
+* PostgreSQL server
+* Azure Communication Services to send e-mails
+* Webapp with multiple custom host names and managed SSL for the website itself
+* Azure Key Vault per application
+* Webapp running pgAdmin
+## Project requirements
+## Installation
+This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
+To use a specific branch in your project, add to pyproject.toml dependencies:
+```
+pulumi-django-azure = { git = "git@gitlab.com:MaartenUreel/pulumi-django-azure.git", branch = "dev" }
+```
+A simple project could look like this:
+```python
+import pulumi
+import pulumi_azure_native as azure
+from pulumi_django_azure import DjangoDeployment
+stack = pulumi.get_stack()
+config = pulumi.Config()
+# Create resource group
+rg = azure.resources.ResourceGroup(f"rg-{stack}")
+# Create VNet
+vnet = azure.network.VirtualNetwork(
+    f"vnet-{stack}",
+    resource_group_name=rg.name,
+    address_space=azure.network.AddressSpaceArgs(
+        address_prefixes=["10.0.0.0/16"],
+    ),
+)
+# Deploy the website and all its components
+django = DjangoDeployment(
+    stack,
+    tenant_id="abc123...",
+    resource_group_name=rg.name,
+    vnet=vnet,
+    pgsql_ip_prefix="10.0.10.0/24",
+    appservice_ip_prefix="10.0.20.0/24",
+    app_service_sku=azure.web.SkuDescriptionArgs(
+        name="B2",
+        tier="Basic",
+    ),
+    storage_account_name="mystorageaccount",
+    cdn_host="cdn.example.com",
+)
+django.add_django_website(
+    name="web",
+    db_name="mywebsite",
+    repository_url="git@gitlab.com:project/website.git",
+    repository_branch="main",
+    website_hosts=["example.com", "www.example.com"],
+    django_settings_module="mywebsite.settings.production",
+    comms_data_location="europe",
+    comms_domains=["mydomain.com"],
+)
+django.add_database_administrator(
+    object_id="a1b2c3....",
+    user_name="user@example.com",
+    tenant_id="a1b2c3....",
+)
+```
+## Changes to your Django project
+1. Add `pulumi_django_azure` to your `INSTALLED_APPS`
+2. Add to your settings file:
+   ```python
+   from pulumi_django_azure.settings import *  # noqa: F403
+   # This will provide the management command to purge the CDN and cache
+   INSTALLED_APPS += ["pulumi_django_azure"]
+   # This will provide the health check middleware that will also take care of credential rotation.
+   MIDDLEWARE += ["pulumi_django_azure.middleware.HealthCheckMiddleware"]
+   ```
+   This will pre-configure most settings to make your app work on Azure. You can check the source for details,
+   and ofcourse override any value after importing them.
+## Deployment steps
+1. Deploy without custom hosts (for CDN and websites)
+2. Configure the PostgreSQL server (create and grant permissions to role for your websites)
+3. Retrieve the deployment SSH key and configure your remote GIT repository with it
+4. Configure your CDN host (add the CNAME record)
+5. Configure your custom website domains (add CNAME/A record and TXT validation records)
+6. Re-deploy with custom hosts
+7. Re-deploy once more to enable HTTPS on website domains
+8. Manually activate HTTPS on the CDN host
+9. Go to the e-mail communications service on Azure and configure DKIM, SPF,... for your custom domains.
+## Custom domain name for CDN
+When deploying the first time, you will get a `cdn_cname` output. You need to create a CNAME to this domain before the deployment of the custom domain will succeed.
+You can safely deploy with the failing CustomDomain to get the CNAME, create the record and then deploy again.
+To enable HTTPS, you need to do this manually in the console. This is because of a limitation in the Azure API:
+https://github.com/Azure/azure-rest-api-specs/issues/17498
+## Custom domain names for web application
+Because of a circular dependency in custom domain name bindings and certificates that is out of our control, you need to deploy the stack twice.
+The first time will create the bindings without a certificate.
+The second deployment will then create the certificate for the domain (which is only possible if the binding exists), but also set the fingerprint of that certificate on the binding.
+To make the certificate work, you need to create a TXT record named `asuid` point to the output of `{your_app}_site_domain_verification_id`. For example:
+```
+asuid.mywebsite.com.      TXT  "A1B2C3D4E5..."
+asuid.www.mywebsite.com.  TXT  "A1B2C3D4E5..."
+```
+## Database authentication
+The PostgreSQL uses Entra ID authentication only, no passwords.
+### Administrator login
+If you want to log in to the database yourself, you can add yourself as an administrator with the `add_database_administrator` function.
+Your username is your e-mailaddress, a temporary password can be obtained using `az account get-access-token`.
+You can use this method to log in to pgAdmin.
+### Application
+Refer to this documentation:
+https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-role-using-microsoft-entra-object-identifier
+In short, run something like this in the `postgres` database:
+```
+SELECT * FROM pgaadauth_create_principal_with_oid('web_managed_identity', 'c8b25b85-d060-4cfc-bad4-b8581cfdf946', 'service', false, false);
+```
+Replace the GUID of course with the managed identity our web app gets.
+The name of the role is outputted by `{your_app}_site_db_user`
+Be sure to grant this role the correct permissions too.
+## pgAdmin specifics
+pgAdmin will be created with a default login:
+* Login: dbadmin@dbadmin.net
+* Password: dbadmin
+Best practice is to log in right away, create a user for yourself and delete this default user.
+## Azure OAuth2 / Django Social Auth
+If you want to set up login with Azure, which would make sense since you are in the ecosystem, you need to create an App Registration in Entra ID, create a secret and then register these settings in your stack:
+```
+pulumi config set --secret --path 'mywebsite_social_auth_azure.key' secret_ID
+pulumi config set --secret --path 'mywebsite_social_auth_azure.secret' secret_value
+pulumi config set --secret --path 'mywebsite_social_auth_azure.tenant_id' directory_tenant_id
+pulumi config set --secret --path 'mywebsite_social_auth_azure.client_id' application_id
+```
+Then in your Django deployment, pass to the `add_django_website` command:
+```
+secrets={
+    "mywebsite_social_auth_azure": "AZURE_OAUTH",
+},
+```
+The value will be automatically stored in the vault where the application has access to.
+The environment variable will be suffixed with `_SECRET_NAME`.
+Then, in your application, retrieve this data from the vault, e.g.:
+```python
+# Social Auth settings
+oauth_secret = AZURE_KEY_VAULT_CLIENT.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
+oauth_secret = json.loads(oauth_secret.value)
+SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = oauth_secret["client_id"]
+SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = oauth_secret["secret"]
+SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = oauth_secret["tenant_id"]
+SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = ["username", "first_name", "last_name", "email"]
+SOCIAL_AUTH_POSTGRES_JSONFIELD = True
+AUTHENTICATION_BACKENDS = (
+    "social_core.backends.azuread_tenant.AzureADTenantOAuth2",
+    "django.contrib.auth.backends.ModelBackend",
+)
+```
+And of course add the login button somewhere, following Django Social Auth instructions.
+## Automate deployments
+When using a service like GitLab, you can configure a Webhook to fire upon a push to your branch.
+You need to download the deployment profile to obtain the deployment username and password, and then you can construct a URL like this:
+```
+https://{user}:{pass}@{appname}.scm.azurewebsites.net/deploy
+```
+```
+https://{appname}.scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
+```
+Be sure to configure the SSH key that Azure will use on GitLab side. You can obtain it using:
+This would then trigger a redeploy everytime you make a commit to your live branch.
+## Change requests
+I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.
+Therefore this project is not super generic, but tailored to my needs. I am however open to pull or change requests to improve this project or to make it more usable for others.

{pulumi_django_azure-1.0.35 → pulumi_django_azure-1.0.37}/pyproject.toml RENAMED Viewed

@@ -1,10 +1,10 @@
 [build-system]
-requires = ["setuptools>=61.0.0", "wheel"]
-build-backend = "setuptools.build_meta"
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
 [project]
 name = "pulumi-django-azure"
-version = "1.0.35"
+version = "1.0.37"
 description = "Simply deployment of Django on Azure with Pulumi"
 readme = "README.md"
 authors = [{ name = "Maarten Ureel", email = "maarten@youreal.eu" }]
@@ -15,17 +15,17 @@ classifiers = [
 ]
 keywords = ["django", "pulumi", "azure"]
 dependencies = [
-    "azure-identity (>=1.24.0,<2.0.0)",
+    "azure-identity (>=1.25.0,<2.0.0)",
     "azure-keyvault-secrets (>=4.10.0,<5.0.0)",
     "azure-mgmt-cdn (>=13.1.1,<14.0.0)",
     "azure-mgmt-resource (>=24.0.0,<25.0.0)",
-    "django (>=5.2.5,<6.0.0)",
-    "django-azure-communication-email (>=1.3.2,<2.0.0)",
+    "django (>=5.2.7,<6.0.0)",
+    "django-azure-communication-email (>=1.4.0,<2.0.0)",
     "django-environ (>=0.12.0,<0.13.0)",
     "django-redis (>=6.0.0,<7.0.0)",
     "django-storages[azure] (>=1.14.6,<2.0.0)",
-    "pulumi (>=3.189.0)",
-    "pulumi-azure-native (>=3.7.1)",
+    "pulumi (>=3.199.0)",
+    "pulumi-azure-native (>=3.8.0)",
     "pulumi-random (>=4.18.3)",
     "redis[hiredis] (>=6.4.0,<7.0.0)",
     "tenacity (>=9.1.2,<10.0.0)"
@@ -35,35 +35,29 @@ requires-python = ">=3.11,<3.14"
 [project.urls]
 Homepage = "https://gitlab.com/MaartenUreel/pulumi-django-azure"
-[tool.poetry]
-name = "pulumi-django-azure"
-version = "1.0.35"
-description = "Simplify deployment of Django websites on Azure with Pulumi"
-authors = ["Maarten Ureel <maarten@youreal.eu>"]
 [tool.poetry.dependencies]
 python = "^3.11,<3.14"
-azure-identity = "^1.24.0"
+azure-identity = "^1.25.0"
 azure-keyvault-secrets = "^4.10.0"
 azure-mgmt-cdn = "^13.1.1"
 azure-mgmt-resource = "^24.0.0"
-django = "^5.2.5"
-django-azure-communication-email = "^1.3.2"
+django = "^5.2.7"
+django-azure-communication-email = "^1.4.0"
 django-environ = "^0.12.0"
 django-redis = "^6.0.0"
 django-storages = {extras = ["azure"], version = "^1.14.6"}
-pulumi = ">=3.189.0"
-pulumi-azure-native = ">=3.7.1"
+pulumi = ">=3.199.0"
+pulumi-azure-native = ">=3.8.0"
 pulumi-random = ">=4.18.3"
 redis = {extras = ["hiredis"], version = "^6.4.0"}
 tenacity = "^9.1.2"
 [tool.poetry.group.dev.dependencies]
 build = "^1.3.0"
-mkdocs-material = "^9.6.16"
+mkdocs-material = "^9.6.21"
 pre-commit = "^4.3.0"
-ruff = "^0.12.8"
-twine = "^6.1.0"
+ruff = "^0.13.2"
+twine = "^6.2.0"
 [tool.ruff]
 line-length = 140

pulumi_django_azure-1.0.35/setup.cfg DELETED Viewed

@@ -1,8 +0,0 @@
-[flake8]
-max-line-length = 140
-exclude = .git
-[egg_info]
-tag_build =
-tag_date = 0

pulumi_django_azure-1.0.35/src/pulumi_django_azure.egg-info/PKG-INFO DELETED Viewed

@@ -1,244 +0,0 @@
-Metadata-Version: 2.4
-Name: pulumi-django-azure
-Version: 1.0.35
-Summary: Simply deployment of Django on Azure with Pulumi
-Author-email: Maarten Ureel <maarten@youreal.eu>
-License-Expression: MIT
-Project-URL: Homepage, https://gitlab.com/MaartenUreel/pulumi-django-azure
-Keywords: django,pulumi,azure
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Requires-Python: <3.14,>=3.11
-Description-Content-Type: text/markdown
-Requires-Dist: azure-identity<2.0.0,>=1.24.0
-Requires-Dist: azure-keyvault-secrets<5.0.0,>=4.10.0
-Requires-Dist: azure-mgmt-cdn<14.0.0,>=13.1.1
-Requires-Dist: azure-mgmt-resource<25.0.0,>=24.0.0
-Requires-Dist: django<6.0.0,>=5.2.5
-Requires-Dist: django-azure-communication-email<2.0.0,>=1.3.2
-Requires-Dist: django-environ<0.13.0,>=0.12.0
-Requires-Dist: django-redis<7.0.0,>=6.0.0
-Requires-Dist: django-storages[azure]<2.0.0,>=1.14.6
-Requires-Dist: pulumi>=3.189.0
-Requires-Dist: pulumi-azure-native>=3.7.1
-Requires-Dist: pulumi-random>=4.18.3
-Requires-Dist: redis[hiredis]<7.0.0,>=6.4.0
-Requires-Dist: tenacity<10.0.0,>=9.1.2
-# Pulumi Django Deployment
-This project aims to make a simple Django deployment on Azure easier.
-To have a proper and secure environment, we need these components:
-* Storage account for media and static files
-* CDN endpoint in front with a domain name of our choosing
-* PostgreSQL server
-* Azure Communication Services to send e-mails
-* Webapp with multiple custom host names and managed SSL for the website itself
-* Azure Key Vault per application
-* Webapp running pgAdmin
-## Project requirements
-## Installation
-This package is published on PyPi, so you can just add pulumi-django-azure to your requirements file.
-To use a specific branch in your project, add to pyproject.toml dependencies:
-```
-pulumi-django-azure = { git = "git@gitlab.com:MaartenUreel/pulumi-django-azure.git", branch = "dev" }
-```
-A simple project could look like this:
-```python
-import pulumi
-import pulumi_azure_native as azure
-from pulumi_django_azure import DjangoDeployment
-stack = pulumi.get_stack()
-config = pulumi.Config()
-# Create resource group
-rg = azure.resources.ResourceGroup(f"rg-{stack}")
-# Create VNet
-vnet = azure.network.VirtualNetwork(
-    f"vnet-{stack}",
-    resource_group_name=rg.name,
-    address_space=azure.network.AddressSpaceArgs(
-        address_prefixes=["10.0.0.0/16"],
-    ),
-)
-# Deploy the website and all its components
-django = DjangoDeployment(
-    stack,
-    tenant_id="abc123...",
-    resource_group_name=rg.name,
-    vnet=vnet,
-    pgsql_ip_prefix="10.0.10.0/24",
-    appservice_ip_prefix="10.0.20.0/24",
-    app_service_sku=azure.web.SkuDescriptionArgs(
-        name="B2",
-        tier="Basic",
-    ),
-    storage_account_name="mystorageaccount",
-    cdn_host="cdn.example.com",
-)
-django.add_django_website(
-    name="web",
-    db_name="mywebsite",
-    repository_url="git@gitlab.com:project/website.git",
-    repository_branch="main",
-    website_hosts=["example.com", "www.example.com"],
-    django_settings_module="mywebsite.settings.production",
-    comms_data_location="europe",
-    comms_domains=["mydomain.com"],
-)
-django.add_database_administrator(
-    object_id="a1b2c3....",
-    user_name="user@example.com",
-    tenant_id="a1b2c3....",
-)
-```
-## Changes to your Django project
-1. Add `pulumi_django_azure` to your `INSTALLED_APPS`
-2. Add to your settings file:
-   ```python
-   from pulumi_django_azure.settings import *  # noqa: F403
-   # This will provide the management command to purge the CDN and cache
-   INSTALLED_APPS += ["pulumi_django_azure"]
-   # This will provide the health check middleware that will also take care of credential rotation.
-   MIDDLEWARE += ["pulumi_django_azure.middleware.HealthCheckMiddleware"]
-   ```
-   This will pre-configure most settings to make your app work on Azure. You can check the source for details,
-   and ofcourse override any value after importing them.
-## Deployment steps
-1. Deploy without custom hosts (for CDN and websites)
-2. Configure the PostgreSQL server (create and grant permissions to role for your websites)
-3. Retrieve the deployment SSH key and configure your remote GIT repository with it
-4. Configure your CDN host (add the CNAME record)
-5. Configure your custom website domains (add CNAME/A record and TXT validation records)
-6. Re-deploy with custom hosts
-7. Re-deploy once more to enable HTTPS on website domains
-8. Manually activate HTTPS on the CDN host
-9. Go to the e-mail communications service on Azure and configure DKIM, SPF,... for your custom domains.
-## Custom domain name for CDN
-When deploying the first time, you will get a `cdn_cname` output. You need to create a CNAME to this domain before the deployment of the custom domain will succeed.
-You can safely deploy with the failing CustomDomain to get the CNAME, create the record and then deploy again.
-To enable HTTPS, you need to do this manually in the console. This is because of a limitation in the Azure API:
-https://github.com/Azure/azure-rest-api-specs/issues/17498
-## Custom domain names for web application
-Because of a circular dependency in custom domain name bindings and certificates that is out of our control, you need to deploy the stack twice.
-The first time will create the bindings without a certificate.
-The second deployment will then create the certificate for the domain (which is only possible if the binding exists), but also set the fingerprint of that certificate on the binding.
-To make the certificate work, you need to create a TXT record named `asuid` point to the output of `{your_app}_site_domain_verification_id`. For example:
-```
-asuid.mywebsite.com.      TXT  "A1B2C3D4E5..."
-asuid.www.mywebsite.com.  TXT  "A1B2C3D4E5..."
-```
-## Database authentication
-The PostgreSQL uses Entra ID authentication only, no passwords.
-### Administrator login
-If you want to log in to the database yourself, you can add yourself as an administrator with the `add_database_administrator` function.
-Your username is your e-mailaddress, a temporary password can be obtained using `az account get-access-token`.
-You can use this method to log in to pgAdmin.
-### Application
-Refer to this documentation:
-https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-role-using-microsoft-entra-object-identifier
-In short, run something like this in the `postgres` database:
-```
-SELECT * FROM pgaadauth_create_principal_with_oid('web_managed_identity', 'c8b25b85-d060-4cfc-bad4-b8581cfdf946', 'service', false, false);
-```
-Replace the GUID of course with the managed identity our web app gets.
-The name of the role is outputted by `{your_app}_site_db_user`
-Be sure to grant this role the correct permissions too.
-## pgAdmin specifics
-pgAdmin will be created with a default login:
-* Login: dbadmin@dbadmin.net
-* Password: dbadmin
-Best practice is to log in right away, create a user for yourself and delete this default user.
-## Azure OAuth2 / Django Social Auth
-If you want to set up login with Azure, which would make sense since you are in the ecosystem, you need to create an App Registration in Entra ID, create a secret and then register these settings in your stack:
-```
-pulumi config set --secret --path 'mywebsite_social_auth_azure.key' secret_ID
-pulumi config set --secret --path 'mywebsite_social_auth_azure.secret' secret_value
-pulumi config set --secret --path 'mywebsite_social_auth_azure.tenant_id' directory_tenant_id
-pulumi config set --secret --path 'mywebsite_social_auth_azure.client_id' application_id
-```
-Then in your Django deployment, pass to the `add_django_website` command:
-```
-secrets={
-    "mywebsite_social_auth_azure": "AZURE_OAUTH",
-},
-```
-The value will be automatically stored in the vault where the application has access to.
-The environment variable will be suffixed with `_SECRET_NAME`.
-Then, in your application, retrieve this data from the vault, e.g.:
-```python
-# Social Auth settings
-oauth_secret = AZURE_KEY_VAULT_CLIENT.get_secret(env("AZURE_OAUTH_SECRET_NAME"))
-oauth_secret = json.loads(oauth_secret.value)
-SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = oauth_secret["client_id"]
-SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = oauth_secret["secret"]
-SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = oauth_secret["tenant_id"]
-SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = ["username", "first_name", "last_name", "email"]
-SOCIAL_AUTH_POSTGRES_JSONFIELD = True
-AUTHENTICATION_BACKENDS = (
-    "social_core.backends.azuread_tenant.AzureADTenantOAuth2",
-    "django.contrib.auth.backends.ModelBackend",
-)
-```
-And of course add the login button somewhere, following Django Social Auth instructions.
-## Automate deployments
-When using a service like GitLab, you can configure a Webhook to fire upon a push to your branch.
-You need to download the deployment profile to obtain the deployment username and password, and then you can construct a URL like this:
-```
-https://{user}:{pass}@{appname}.scm.azurewebsites.net/deploy
-```
-```
-https://{appname}.scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
-```
-Be sure to configure the SSH key that Azure will use on GitLab side. You can obtain it using:
-This would then trigger a redeploy everytime you make a commit to your live branch.
-## Change requests
-I created this for internal use but since it took me a while to puzzle all the things together I decided to share it.
-Therefore this project is not super generic, but tailored to my needs. I am however open to pull or change requests to improve this project or to make it more usable for others.

pulumi_django_azure-1.0.35/src/pulumi_django_azure.egg-info/SOURCES.txt DELETED Viewed

@@ -1,18 +0,0 @@
-README.md
-pyproject.toml
-setup.cfg
-src/pulumi_django_azure/__init__.py
-src/pulumi_django_azure/azure_helper.py
-src/pulumi_django_azure/context_processors.py
-src/pulumi_django_azure/django_deployment.py
-src/pulumi_django_azure/middleware.py
-src/pulumi_django_azure/settings.py
-src/pulumi_django_azure.egg-info/PKG-INFO
-src/pulumi_django_azure.egg-info/SOURCES.txt
-src/pulumi_django_azure.egg-info/dependency_links.txt
-src/pulumi_django_azure.egg-info/requires.txt
-src/pulumi_django_azure.egg-info/top_level.txt
-src/pulumi_django_azure/management/commands/__init__.py
-src/pulumi_django_azure/management/commands/purge_cache.py
-src/pulumi_django_azure/management/commands/purge_cdn.py
-src/pulumi_django_azure/management/commands/test_redis.py

pulumi_django_azure-1.0.35/src/pulumi_django_azure.egg-info/dependency_links.txt DELETED Viewed

	@@ -1 +0,0 @@
1	-

pulumi_django_azure-1.0.35/src/pulumi_django_azure.egg-info/requires.txt DELETED Viewed

@@ -1,14 +0,0 @@
-azure-identity<2.0.0,>=1.24.0
-azure-keyvault-secrets<5.0.0,>=4.10.0
-azure-mgmt-cdn<14.0.0,>=13.1.1
-azure-mgmt-resource<25.0.0,>=24.0.0
-django<6.0.0,>=5.2.5
-django-azure-communication-email<2.0.0,>=1.3.2
-django-environ<0.13.0,>=0.12.0
-django-redis<7.0.0,>=6.0.0
-django-storages[azure]<2.0.0,>=1.14.6
-pulumi>=3.189.0
-pulumi-azure-native>=3.7.1
-pulumi-random>=4.18.3
-redis[hiredis]<7.0.0,>=6.4.0
-tenacity<10.0.0,>=9.1.2