working psql

felipmiguel · Aug 9, 2023 · 2ab4421 · 2ab4421
1 parent 408a719
commit 2ab4421
Show file tree

Hide file tree

Showing 9 changed files with 133 additions and 12 deletions.
diff --git a/infra/core/appsettings.json b/infra/core/appsettings.json
@@ -0,0 +1,5 @@
+{
+    "ConnectionStrings": {
+        "DefaultConnection": "Server=psqlf-batec-ossrdbms-demo-uak-dev.postgres.database.azure.com;Database=psqlfdb-batec-ossrdbms-demo-dev;Ssl Mode=Require;Port=5432;Trust Server Certificate=true;User Id=fmiguel_outlook.com#EXT#@fmigueloutlook.onmicrosoft.com;"
+    }
+}
diff --git a/infra/core/main.tf b/infra/core/main.tf
@@ -12,7 +12,11 @@ terraform {
 }
 
 provider "azurerm" {
-  features {}
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
 }
 
 locals {
@@ -64,3 +68,11 @@ module "mysql_database" {
   environment      = local.environment
   location         = var.location
 }
+
+module "application_insights" {
+  source            = "./modules/application-insights"
+  resource_group    = azurerm_resource_group.main.name
+  application_name  = var.application_name
+  environment       = local.environment
+  location          = var.location
+}
diff --git a/infra/core/modules/application-insights/README.md b/infra/core/modules/application-insights/README.md
@@ -0,0 +1,8 @@
+# Terraform module for Azure Application Insights configuration
+
+This module configures an Azure Application Insights instance with Terraform.
+
+## Resources
+
+[What is Azure Application Insights](https://aka.ms/nubesgen-app-insights)
+[Terraform Azure Application Insights reference](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights)
diff --git a/infra/core/modules/application-insights/main.tf b/infra/core/modules/application-insights/main.tf
@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    azurecaf = {
+      source  = "aztfmod/azurecaf"
+      version = "1.2.24"
+    }
+  }
+}
+
+resource "azurecaf_name" "application_insights" {
+  name          = var.application_name
+  resource_type = "azurerm_application_insights"
+  suffixes      = [var.environment]
+}
+
+resource "azurerm_application_insights" "application_insights" {
+  name                = azurecaf_name.application_insights.result
+  location            = var.location
+  resource_group_name = var.resource_group
+  application_type    = "other"
+
+  tags = {
+    "environment"      = var.environment
+    "application-name" = var.application_name
+  }
+}
diff --git a/infra/core/modules/application-insights/outputs.tf b/infra/core/modules/application-insights/outputs.tf
@@ -0,0 +1,9 @@
+output "azure_application_insights_instrumentation_key" {
+  value       = azurerm_application_insights.application_insights.instrumentation_key
+  description = "The Azure Application Insights instrumentation key"
+}
+
+output "azure_application_insights_connection_string" {
+  value       = azurerm_application_insights.application_insights.connection_string
+  description = "The Azure Application Insights connection string"
+}
diff --git a/infra/core/modules/application-insights/variables.tf b/infra/core/modules/application-insights/variables.tf
@@ -0,0 +1,23 @@
+variable "resource_group" {
+  type        = string
+  description = "The resource group"
+  default     = ""
+}
+
+variable "application_name" {
+  type        = string
+  description = "The name of your application"
+  default     = ""
+}
+
+variable "environment" {
+  type        = string
+  description = "The environment (dev, test, prod...)"
+  default     = "dev"
+}
+
+variable "location" {
+  type        = string
+  description = "The Azure region where all resources in this example should be created"
+  default     = ""
+}
diff --git a/infra/core/outputs.tf b/infra/core/outputs.tf
@@ -52,11 +52,16 @@ output "pgsql_database_name" {
   value       = module.pgsql_database.database_name
   description = "The PostgreSQL database name"
 }
- 
+
 output "msi_database_login_name" {
   value = module.application.database_login_name
 }
 
 output "container_environment_name" {
   value = module.application.container_environment_name
 }
+
+output "application_insights_connection_string" {
+  value     = module.application_insights.azure_application_insights_connection_string
+  sensitive = true
+}
diff --git a/infra/create-user-pgsql.sh b/infra/create-user-pgsql.sh
@@ -11,10 +11,15 @@ ADMIN_PASSWORD=$(az account get-access-token --resource-type oss-rdbms -o tsv --
 
 cat <<EOF > pgsqluser.sql
 select * from pgaadauth_create_principal_with_oid('${APPLICATION_LOGIN_NAME}', '${APPLICATION_IDENTITY_APPID}', 'service', false, false);
+EOF
+
+cat <<EOF > grantuser.sql
 GRANT ALL PRIVILEGES ON DATABASE "${DATABASE_NAME}" TO "${APPLICATION_LOGIN_NAME}";
 GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "${APPLICATION_LOGIN_NAME}";
 GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO "${APPLICATION_LOGIN_NAME}";
 EOF
 
 az postgres flexible-server execute --name ${PGSQL_SERVER} --file-path pgsqluser.sql --admin-password "${ADMIN_PASSWORD}" --admin-user "${ADMIN_USER}" --verbose
+az postgres flexible-server execute --name ${PGSQL_SERVER} --file-path grantuser.sql --database-name ${DATABASE_NAME} --admin-password "${ADMIN_PASSWORD}" --admin-user "${ADMIN_USER}" --verbose
 rm pgsqluser.sql
+rm grantuser.sql
diff --git a/infra/deploy-all.sh b/infra/deploy-all.sh
@@ -13,21 +13,15 @@ MSI_LOGIN_NAME=$(terraform output -raw msi_database_login_name)
 MSI_CONTAINER_IDENTITY=$(terraform output -raw container_apps_identity)
 CONTAINER_APP_ENVIRONMENT=$(terraform output -raw container_environment_name)
 RESOURCE_GROUP=$(terraform output -raw resource_group)
+APPINSIGHTS_CONNECTIONSTRING=$(terraform output -raw application_insights_connection_string)
 
 APPLICATION_IDENTITY_APPID=$(az identity show --id "${MSI_CONTAINER_IDENTITY}" -o tsv --query clientId)
 
 MYSQL_CONNECTION_STRING="Server=${MYSQL_SERVER}.mysql.database.azure.com;Database=${MYSQL_DATABASE_NAME};SslMode=Required"
 PGSQL_CONNECTION_STRING="Server=${PGSQL_SERVER}.postgres.database.azure.com;Database=${PGSQL_DATABASE_NAME};Ssl Mode=Require;Port=5432;Trust Server Certificate=true"
 
-cd ..
-# create mysq login for managed identity
-./create-user-mysql.sh $MYSQL_SERVER $MYSQL_DATABASE_NAME $MSI_LOGIN_NAME $APPLICATION_IDENTITY_APPID $MYSQL_ADMIN_USER
-
-# create postgresql login for managed identity
-./create-user-pgsql.sh $PGSQL_SERVER $PGSQL_DATABASE_NAME $MSI_LOGIN_NAME $APPLICATION_IDENTITY_APPID $PGSQL_ADMIN_USER
-
 # create database schema using ef tools
-cd ../src/repo.mysql
+cd ../../src/repo.mysql
 cat <<EOF > appsettings.json
 {
     "ConnectionStrings": {
@@ -47,10 +41,24 @@ cat <<EOF > appsettings.json
 EOF
 dotnet ef database update
 
+
+cd ../../infra
+pwd
+# create mysq login for managed identity
+./create-user-mysql.sh $MYSQL_SERVER $MYSQL_DATABASE_NAME $MSI_LOGIN_NAME $APPLICATION_IDENTITY_APPID $MYSQL_ADMIN_USER
+
+# create postgresql login for managed identity
+./create-user-pgsql.sh $PGSQL_SERVER $PGSQL_DATABASE_NAME $MSI_LOGIN_NAME $APPLICATION_IDENTITY_APPID $PGSQL_ADMIN_USER
+
+
+
 # create docker image for the app
-cd ..
+cd ../src
 az acr build -t $ACR_NAME.azurecr.io/todoapi:latest -t $ACR_NAME.azurecr.io/todoapi:1.0.0 -r $ACR_NAME .
 
+# create docker image for the web
+cd web
+az acr build -t $ACR_NAME.azurecr.io/todoweb:latest -t $ACR_NAME.azurecr.io/todoweb:1.0.0 -r $ACR_NAME .
 
 az containerapp create -n mysqlapi -g ${RESOURCE_GROUP} \
     --image ${ACR_NAME}.azurecr.io/todoapi:1.0.0 --environment ${CONTAINER_APP_ENVIRONMENT} \
@@ -60,10 +68,30 @@ az containerapp create -n mysqlapi -g ${RESOURCE_GROUP} \
     --cpu 0.25 --memory 0.5Gi \
     --env-vars TargetDb="MySql" MySqlConnection="${MYSQL_CONNECTION_STRING};UserID=${MSI_LOGIN_NAME};" UserAssignedManagedClientId="${APPLICATION_IDENTITY_APPID}"
 
+az containerapp ingress cors update -n mysqlapi -g ${RESOURCE_GROUP} --allowed-origins "*" --allowed-methods "*"
+
 az containerapp create -n pgsqlapi -g ${RESOURCE_GROUP} \
     --image ${ACR_NAME}.azurecr.io/todoapi:1.0.0 --environment ${CONTAINER_APP_ENVIRONMENT} \
     --ingress external --target-port 80 \
     --registry-server ${ACR_NAME}.azurecr.io --registry-identity "${MSI_CONTAINER_IDENTITY}" \
     --user-assigned ${MSI_CONTAINER_IDENTITY} \
     --cpu 0.25 --memory 0.5Gi \
-    --env-vars TargetDb="Postgresql" PgSqlConnection="${PGSQL_CONNECTION_STRING};User Id=${MSI_LOGIN_NAME};" UserAssignedManagedClientId="${APPLICATION_IDENTITY_APPID}"
+    --env-vars TargetDb="Postgresql" PgSqlConnection="${PGSQL_CONNECTION_STRING};User Id=${MSI_LOGIN_NAME};" UserAssignedManagedClientId="${APPLICATION_IDENTITY_APPID}"
+az containerapp ingress cors update -n pgsqlapi -g ${RESOURCE_GROUP} --allowed-origins "*" --allowed-methods "*"
+
+MYSQLAPI_FQDN=$(az containerapp show -n mysqlapi -g ${RESOURCE_GROUP} -o tsv --query "properties.configuration.ingress.fqdn")
+PGSQLAPI_FQDN=$(az containerapp show -n pgsqlapi -g ${RESOURCE_GROUP} -o tsv --query "properties.configuration.ingress.fqdn")
+
+az containerapp create -n mysqlweb -g ${RESOURCE_GROUP} \
+    --image ${ACR_NAME}.azurecr.io/todoweb:1.0.0 --environment ${CONTAINER_APP_ENVIRONMENT} \
+    --ingress external --target-port 80 \
+    --registry-server ${ACR_NAME}.azurecr.io --registry-identity "${MSI_CONTAINER_IDENTITY}" \
+    --cpu 0.25 --memory 0.5Gi \
+    --env-vars REACT_APP_API_BASE_URL="https://${MYSQLAPI_FQDN}" REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING="${APPINSIGHTS_CONNECTIONSTRING}"
+
+az containerapp create -n pgsqlweb -g ${RESOURCE_GROUP} \
+    --image ${ACR_NAME}.azurecr.io/todoweb:1.0.0 --environment ${CONTAINER_APP_ENVIRONMENT} \
+    --ingress external --target-port 80 \
+    --registry-server ${ACR_NAME}.azurecr.io --registry-identity "${MSI_CONTAINER_IDENTITY}" \
+    --cpu 0.25 --memory 0.5Gi \
+    --env-vars REACT_APP_API_BASE_URL="https://${PGSQLAPI_FQDN}"  REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING="${APPINSIGHTS_CONNECTIONSTRING}"