Postgresql vacation planner#94
Merged
Merged
Conversation
Sibling to web-app-cosmosdb-mongodb-api: same Vacation Planner Flask UI, backed by Azure Database for PostgreSQL flexible server fronted by a Private Endpoint (group `postgresqlServer`). The server runs in public-access mode with a permissive firewall rule so the deploy machine can run the post-create psql bootstrap; the Web App reaches the server through the Private Endpoint via the linked `privatelink.postgres.database.azure.com` Private DNS Zone. The deploy flow mirrors web-app-sql-database: after the IaC provisions the infra (server + database + private endpoint + Web App), psql creates a dedicated application role `testuser`, grants the minimum schema privileges on `PlannerDB`, creates the `activities` table, and seeds three demo rows. The Web App's `PG_USER` / `PG_PASSWORD` are set to `testuser` after psql — the server-admin login is never written to the Web App's app settings. Three IaC variants (scripts, Bicep, Terraform) deploy the same topology. All three derive `PG_HOST` and `PG_PORT` from the server's `fullyQualifiedDomainName` by splitting on `:`: LocalStack returns host:port (the dynamic TCP-proxy port that fronts the shared `postgres:18` container), real Azure returns just the bare host so `PG_PORT` defaults to 5432. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Add a new
web-app-postgresql-flexible-serversample that mirrors the existingweb-app-cosmosdb-mongodb-apiandweb-app-sql-databasevacation-planner samples, but backed by an Azure Database for PostgreSQL flexible server fronted by a Private Endpoint.This PR also changes the
favicon.icofor all the vacation planner samples.Changes
A new sample at
samples/web-app-postgresql-flexible-server/python/, with the same shape as the sibling Mongo / SQL samples:src/— Flask Vacation Planner UI, switched topsycopg2(database.py,app.py,requirements.txt).bicep/—main.bicep+main.bicepparam+ per-resource modules underbicep/modules/(PostgreSQL flexible server, Private Endpoint to the server with grouppostgresqlServer, Private DNS Zoneprivatelink.postgres.database.azure.com, VNet, NAT Gateway, NSGs, Log Analytics, App Service Plan, VNet-integrated Web App).terraform/— the same topology expressed as Terraform modules.scripts/—deploy.sh(rawazCLI) provisions the resources,validate.shinspects them,call-web-app.sh(unchanged from the Cosmos sample) exercises the deployed Web App from four entry points.psqlbootstrap step (matching the pattern inweb-app-sql-database): create a dedicatedtestuserapplication role, grant minimum schema privileges onPlannerDB, create theactivitiestable, seed three sample rows, and writePG_USER/PG_PASSWORDonto the Web App so the runtime never authenticates as the server admin.bicep/,terraform/,scripts/.Testing
The Bicep, Terraform, Azure CLI based deployments were successfully tested end-to-end first against real Azure and then locally against the LocalStack for Azure emulator.
validate.shandcall-web-app.shwere run after each deploy.