Merge pull request #116 from Azure-Samples/envfixes

Fix tenant_id and sslmode for post-provision scripts

scripts/setup_postgres_azurerole.ps1

@@ -5,10 +5,11 @@ if (-not $?) {
 }
 $POSTGRES_USERNAME = (azd env get-value POSTGRES_USERNAME)
 $APP_IDENTITY_NAME = (azd env get-value SERVICE_WEB_IDENTITY_NAME)
+$AZURE_TENANT_ID = (azd env get-value AZURE_TENANT_ID)
 
 if ([string]::IsNullOrEmpty($POSTGRES_HOST) -or [string]::IsNullOrEmpty($POSTGRES_USERNAME) -or [string]::IsNullOrEmpty($APP_IDENTITY_NAME)) {
     Write-Host "Can't find POSTGRES_HOST, POSTGRES_USERNAME, and SERVICE_WEB_IDENTITY_NAME environment variables. Make sure you run azd up first."
     exit 1
 }
 
-python ./src/backend/fastapi_app/setup_postgres_azurerole.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --app-identity-name $APP_IDENTITY_NAME
+python ./src/backend/fastapi_app/setup_postgres_azurerole.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --app-identity-name $APP_IDENTITY_NAME --sslmode require --tenant-id $AZURE_TENANT_ID

scripts/setup_postgres_azurerole.sh

@@ -5,6 +5,7 @@ if [ $? -ne 0 ]; then
 fi
 POSTGRES_USERNAME=$(azd env get-value POSTGRES_USERNAME)
 APP_IDENTITY_NAME=$(azd env get-value SERVICE_WEB_IDENTITY_NAME)
+AZURE_TENANT_ID=$(azd env get-value AZURE_TENANT_ID)
 
 if [ -z "$POSTGRES_HOST" ] || [ -z "$POSTGRES_USERNAME" ] || [ -z "$APP_IDENTITY_NAME" ]; then
     echo "Can't find POSTGRES_HOST, POSTGRES_USERNAME, and SERVICE_WEB_IDENTITY_NAME environment variables. Make sure you run azd up first."
@@ -13,4 +14,4 @@ fi
 
 . ./scripts/load_python_env.sh
 
-.venv/bin/python ./src/backend/fastapi_app/setup_postgres_azurerole.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --app-identity-name $APP_IDENTITY_NAME
+.venv/bin/python ./src/backend/fastapi_app/setup_postgres_azurerole.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --app-identity-name $APP_IDENTITY_NAME --sslmode require --tenant-id $AZURE_TENANT_ID

scripts/setup_postgres_database.ps1

@@ -5,10 +5,11 @@ if (-not $?) {
 }
 $POSTGRES_USERNAME = (azd env get-value POSTGRES_USERNAME)
 $POSTGRES_DATABASE = (azd env get-value POSTGRES_DATABASE)
+$AZURE_TENANT_ID = (azd env get-value AZURE_TENANT_ID)
 
 if ([string]::IsNullOrEmpty($POSTGRES_HOST) -or [string]::IsNullOrEmpty($POSTGRES_USERNAME) -or [string]::IsNullOrEmpty($POSTGRES_DATABASE)) {
     Write-Host "Can't find POSTGRES_HOST, POSTGRES_USERNAME, and POSTGRES_DATABASE environment variables. Make sure you run azd up first."
     exit 1
 }
 
-python ./src/backend/fastapi_app/setup_postgres_database.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE
+python ./src/backend/fastapi_app/setup_postgres_database.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE --sslmode require --tenant-id $AZURE_TENANT_ID 

scripts/setup_postgres_database.sh

@@ -5,7 +5,8 @@ if [ $? -ne 0 ]; then
 fi
 POSTGRES_USERNAME=$(azd env get-value POSTGRES_USERNAME)
 POSTGRES_DATABASE=$(azd env get-value POSTGRES_DATABASE)
+AZURE_TENANT_ID=$(azd env get-value AZURE_TENANT_ID)
 
 . ./scripts/load_python_env.sh
 
-.venv/bin/python ./src/backend/fastapi_app/setup_postgres_database.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE
+.venv/bin/python ./src/backend/fastapi_app/setup_postgres_database.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE  --sslmode require --tenant-id $AZURE_TENANT_ID

scripts/setup_postgres_seeddata.ps1

@@ -5,10 +5,11 @@ if (-not $?) {
 }
 $POSTGRES_USERNAME = (azd env get-value POSTGRES_USERNAME)
 $POSTGRES_DATABASE = (azd env get-value POSTGRES_DATABASE)
+$AZURE_TENANT_ID = (azd env get-value AZURE_TENANT_ID)
 
 if ([string]::IsNullOrEmpty($POSTGRES_HOST) -or [string]::IsNullOrEmpty($POSTGRES_USERNAME) -or [string]::IsNullOrEmpty($POSTGRES_DATABASE)) {
     Write-Host "Can't find POSTGRES_HOST, POSTGRES_USERNAME, and POSTGRES_DATABASE environment variables. Make sure you run azd up first."
     exit 1
 }
 
-python ./src/backend/fastapi_app/setup_postgres_seeddata.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE
+python ./src/backend/fastapi_app/setup_postgres_seeddata.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE  --sslmode require --tenant-id $AZURE_TENANT_ID

scripts/setup_postgres_seeddata.sh

@@ -5,7 +5,8 @@ if [ $? -ne 0 ]; then
 fi
 POSTGRES_USERNAME=$(azd env get-value POSTGRES_USERNAME)
 POSTGRES_DATABASE=$(azd env get-value POSTGRES_DATABASE)
+AZURE_TENANT_ID=$(azd env get-value AZURE_TENANT_ID)
 
 . ./scripts/load_python_env.sh
 
-.venv/bin/python ./src/backend/fastapi_app/setup_postgres_seeddata.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE
+.venv/bin/python ./src/backend/fastapi_app/setup_postgres_seeddata.py --host $POSTGRES_HOST --username $POSTGRES_USERNAME --database $POSTGRES_DATABASE  --sslmode require --tenant-id $AZURE_TENANT_ID

src/backend/fastapi_app/postgres_engine.py

@@ -64,7 +64,12 @@ async def create_postgres_engine_from_env(azure_credential=None) -> AsyncEngine:
 
 async def create_postgres_engine_from_args(args, azure_credential=None) -> AsyncEngine:
     if azure_credential is None and args.host.endswith(".database.azure.com"):
-        azure_credential = AzureDeveloperCliCredential(process_timeout=60)
+        if tenant_id := args.tenant_id:
+            logger.info("Authenticating to Azure using Azure Developer CLI Credential for tenant %s", tenant_id)
+            azure_credential = AzureDeveloperCliCredential(tenant_id=tenant_id, process_timeout=60)
+        else:
+            logger.info("Authenticating to Azure using Azure Developer CLI Credential")
+            azure_credential = AzureDeveloperCliCredential(process_timeout=60)
 
     return await create_postgres_engine(
         host=args.host,

src/backend/fastapi_app/setup_postgres_azurerole.py

@@ -45,6 +45,7 @@ async def main():
     # You must connect to the *postgres* database when assigning roles
     parser.add_argument("--database", type=str, help="Postgres database", default="postgres")
     parser.add_argument("--sslmode", type=str, help="Postgres SSL mode", default=None)
+    parser.add_argument("--tenant-id", type=str, help="Azure tenant ID", default=None)
     parser.add_argument("--app-identity-name", type=str, help="Azure App Service identity name")
 
     args = parser.parse_args()

src/backend/fastapi_app/setup_postgres_database.py

@@ -28,6 +28,7 @@ async def main():
     parser.add_argument("--password", type=str, help="Postgres password")
     parser.add_argument("--database", type=str, help="Postgres database")
     parser.add_argument("--sslmode", type=str, help="Postgres sslmode")
+    parser.add_argument("--tenant-id", type=str, help="Azure tenant ID", default=None)
 
     # if no args are specified, use environment variables
     args = parser.parse_args()

src/backend/fastapi_app/setup_postgres_seeddata.py

@@ -62,6 +62,7 @@ async def main():
     parser.add_argument("--password", type=str, help="Postgres password")
     parser.add_argument("--database", type=str, help="Postgres database")
     parser.add_argument("--sslmode", type=str, help="Postgres sslmode")
+    parser.add_argument("--tenant-id", type=str, help="Azure tenant ID", default=None)
 
     # if no args are specified, use environment variables
     args = parser.parse_args()