Update template: java-postgresql (#2556)

* Use KeyVault replace of passwordless * add spring-boot-starter-validation to adapt spring-data-jpa * update architecture diagram * fix spell issue * update Github Action * terraform update
Azure · Jul 31, 2023 · c4f9589 · c4f9589
1 parent ba94dea
commit c4f9589
Show file tree

Hide file tree

Showing 19 changed files with 145 additions and 188 deletions.
diff --git a/...a-postgresql/githubworkflow/azure-dev.yml → ...ub/workflows/java/terraform/azure-dev.yml b/...a-postgresql/githubworkflow/azure-dev.yml → ...ub/workflows/java/terraform/azure-dev.yml
@@ -1,36 +1,50 @@
 on:
   workflow_dispatch:
   push:
+    # Run when commits are pushed to mainline branch (main or master)
+    # Set this to the mainline branch you are using
     branches:
       - main
       - master
 
+# GitHub Actions workflow to deploy to Azure using azd
+# To configure required secrets for connecting to Azure, simply run `azd pipeline config --auth-type client-credentials`
+
 jobs:
   build:
     runs-on: ubuntu-latest
-    container:
-      image: mcr.microsoft.com/azure-dev-cli-apps:latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
+      - name: Install azd
+        uses: Azure/[email protected]
+
+      - name: Install java
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'microsoft'
+          java-version: '17'
+      - run: |
+          chmod +x ${GITHUB_WORKSPACE}/src/api/mvnw
+
       - name: Log in with Azure
         run: |
           $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
           Write-Host "::add-mask::$($info.clientSecret)"
 
-          azd login `
+          azd auth login `
             --client-id "$($info.clientId)" `
             --client-secret "$($info.clientSecret)" `
             --tenant-id "$($info.tenantId)"
         shell: pwsh
         env:
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
-      - name: Install PostgreSQL Command Line Tools
-        run: |
-          apt-get update
-          apt-get install --yes --no-install-recommends postgresql-client
-      - name: Azure Dev Provision
+
+      - name: Enable terraform alpha feature
+        run: azd config set alpha.terraform on
+
+      - name: Provision Infrastructure
         run: azd provision --no-prompt
         env:
           AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
@@ -43,9 +57,9 @@ jobs:
           RS_STORAGE_ACCOUNT: ${{ vars.RS_STORAGE_ACCOUNT }}
           RS_CONTAINER_NAME: ${{ vars.RS_CONTAINER_NAME }}
 
-      - name: Azure Dev Deploy
+      - name: Deploy Application
         run: azd deploy --no-prompt
         env:
           AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
           AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
-          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
diff --git a/templates/common/infra/terraform/core/database/postgresql/postgresql.tf b/templates/common/infra/terraform/core/database/postgresql/postgresql.tf
@@ -1,3 +1,7 @@
+locals {
+  psqlUserName = "psqluser"
+}
+
 terraform {
   required_providers {
     azurerm = {
@@ -20,16 +24,8 @@ resource "azurecaf_name" "psql_name" {
   clean_input   = true
 }
 
-data "azurerm_client_config" "current" {}
-
-locals {
-  tenant_id      = var.tenant_id == "" ? data.azurerm_client_config.current.tenant_id : var.tenant_id
-  object_id      = var.object_id == "" ? data.azurerm_client_config.current.object_id : var.object_id
-  principal_name = var.principal_name == "" ? data.azurerm_client_config.current.object_id : var.principal_name
-  principal_type = var.client_id == "" ? "User" : "ServicePrincipal"
-}
-
 resource "random_password" "password" {
+  count            = 2
   length           = 32
   special          = true
   override_special = "_%@"
@@ -42,18 +38,12 @@ resource "azurerm_postgresql_flexible_server" "psql_server" {
   tags                   = var.tags
   version                = "12"
   administrator_login    = var.administrator_login
-  administrator_password = random_password.password.result
+  administrator_password = random_password.password[0].result
   zone                   = "1"
 
   storage_mb = 32768
 
   sku_name = "GP_Standard_D4s_v3"
-
-  authentication {
-    active_directory_auth_enabled = true
-    password_auth_enabled         = true
-    tenant_id                     = data.azurerm_client_config.current.tenant_id
-  }
 }
 
 
@@ -71,11 +61,51 @@ resource "azurerm_postgresql_flexible_server_database" "database" {
   charset   = "utf8"
 }
 
-resource "azurerm_postgresql_flexible_server_active_directory_administrator" "aad_admin" {
-  server_name         = azurerm_postgresql_flexible_server.psql_server.name
+resource "azurerm_resource_deployment_script_azure_cli" "psql-script" {
+  name                = "psql-script-${var.resource_token}"
   resource_group_name = var.rg_name
-  tenant_id           = local.tenant_id
-  object_id           = local.object_id
-  principal_name      = local.principal_name
-  principal_type      = local.principal_type
+  location            = var.location
+  version             = "2.40.0"
+  retention_interval  = "PT1H"
+  cleanup_preference  = "OnSuccess"
+  timeout             = "PT5M"
+
+  environment_variable {
+    name              = "PSQLADMINNAME"
+    value             = azurerm_postgresql_flexible_server.psql_server.administrator_login
+  }
+  environment_variable {
+    name              = "PSQLADMINPASSWORD"
+    value             = random_password.password[0].result
+  }
+  environment_variable {
+    name              = "PSQLUSERNAME"
+    value             = local.psqlUserName
+  }
+  environment_variable {
+    name              = "PSQLUSERPASSWORD"
+    value             = random_password.password[1].result
+  }
+  environment_variable {
+    name              = "DBNAME"
+    value             = var.database_name
+  }
+  environment_variable {
+    name              = "DBSERVER"
+    value             = azurerm_postgresql_flexible_server.psql_server.fqdn
+  }
+
+  script_content = <<-EOT
+
+      apk add postgresql-client
+
+      cat << EOF > create_user.sql
+      CREATE ROLE "$PSQLUSERNAME" WITH LOGIN PASSWORD '$PSQLUSERPASSWORD';
+      GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO "$PSQLUSERNAME";
+      EOF
+
+      psql "host=$DBSERVER user=$PSQLADMINNAME dbname=$DBNAME port=5432 password=$PSQLADMINPASSWORD sslmode=require" < create_user.sql
+  EOT
+
+  depends_on = [ azurerm_postgresql_flexible_server_database.database ]
 }
diff --git a/templates/common/infra/terraform/core/database/postgresql/postgresql_output.tf b/templates/common/infra/terraform/core/database/postgresql/postgresql_output.tf
@@ -11,6 +11,11 @@ output "AZURE_POSTGRESQL_SPRING_DATASOURCE_URL" {
   value = "jdbc:postgresql://${azurerm_postgresql_flexible_server.psql_server.fqdn}:5432/${azurerm_postgresql_flexible_server_database.database.name}?sslmode=require"
 }
 
-output "AZURE_POSTGRESQL_ADMIN_USERNAME" {
-  value = azurerm_postgresql_flexible_server_active_directory_administrator.aad_admin.principal_name
+output "AZURE_POSTGRESQL_USERNAME" {
+  value = local.psqlUserName
+}
+
+output "AZURE_POSTGRESQL_PASSWORD" {
+  value     = random_password.password[1].result
+  sensitive = true
 }
diff --git a/templates/common/infra/terraform/core/database/postgresql/postgresql_variables.tf b/templates/common/infra/terraform/core/database/postgresql/postgresql_variables.tf
@@ -28,28 +28,4 @@ variable "database_name" {
   type        = string
   description = "The database name of PostgreSQL"
   default     = "todo"
-}
-
-variable "client_id" {
-  type        = string
-  description = "Client id of current account"
-  default     = ""
-}
-
-variable "tenant_id" {
-  type        = string
-  description = "TenantId id of current account"
-  default     = ""
-}
-
-variable "object_id" {
-  type        = string
-  description = "Object id of current account"
-  default     = ""
-}
-
-variable "principal_name" {
-  type        = string
-  description = "Principal name of current account"
-  default     = ""
 }
diff --git a/templates/common/infra/terraform/core/security/passwordless/postgresql/passwordless.tf b/templates/common/infra/terraform/core/security/passwordless/postgresql/passwordless.tf
diff --git a/...es/common/infra/terraform/core/security/passwordless/postgresql/passwordless_variables.tf b/...es/common/infra/terraform/core/security/passwordless/postgresql/passwordless_variables.tf
diff --git a/...s/common/infra/terraform/core/security/passwordless/postgresql/scripts/create_ad_user.sql b/...s/common/infra/terraform/core/security/passwordless/postgresql/scripts/create_ad_user.sql
diff --git a/...mmon/infra/terraform/core/security/passwordless/postgresql/scripts/pg-create-aad-role.ps1 b/...mmon/infra/terraform/core/security/passwordless/postgresql/scripts/pg-create-aad-role.ps1
diff --git a/...ommon/infra/terraform/core/security/passwordless/postgresql/scripts/pg-create-aad-role.sh b/...ommon/infra/terraform/core/security/passwordless/postgresql/scripts/pg-create-aad-role.sh
diff --git a/templates/cspell-templates.txt b/templates/cspell-templates.txt
@@ -75,4 +75,10 @@ substr
 PGPASSWORD
 pathexpand
 dbname
-psqladmin
+psqladmin
+psqluser
+PSQLADMINNAME
+PSQLADMINPASSWORD
+PSQLUSERNAME
+PSQLUSERPASSWORD
+DBSERVER
diff --git a/templates/todo/api/java-postgresql/pom.xml b/templates/todo/api/java-postgresql/pom.xml
@@ -38,6 +38,10 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-validation</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-devtools</artifactId>
@@ -63,9 +67,14 @@
     <!-- Azure dependencies -->
     <dependency>
       <groupId>com.azure.spring</groupId>
-      <artifactId>spring-cloud-azure-starter-jdbc-postgresql</artifactId>
+      <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
       <version>5.1.0</version>
     </dependency>
+    <dependency>
+      <groupId>org.postgresql</groupId>
+      <artifactId>postgresql</artifactId>
+      <version>42.5.4</version>
+    </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>applicationinsights-runtime-attach</artifactId>

diff --git a/...s/todo/api/java-postgresql/src/main/java/com/microsoft/azure/simpletodo/api/ListsApi.java b/...s/todo/api/java-postgresql/src/main/java/com/microsoft/azure/simpletodo/api/ListsApi.java
@@ -221,7 +221,7 @@ default ResponseEntity<TodoList> updateListById(
         @Parameter(name = "listId", description = "The Todo list unique identifier", required = true) @PathVariable(
             "listId"
         ) String listId,
-        @Parameter(name = "TodoList", description = "The Todo List") @Valid @RequestBody(required = false) TodoList todoList
+        @Parameter(name = "TodoList", description = "The Todo List") @NotNull @RequestBody(required = false) TodoList todoList
     ) {
         getRequest()
             .ifPresent(request -> {

diff --git a/...todo/api/java-postgresql/src/main/java/com/microsoft/azure/simpletodo/model/TodoItem.java b/...todo/api/java-postgresql/src/main/java/com/microsoft/azure/simpletodo/model/TodoItem.java
@@ -95,8 +95,7 @@ public void setName(String name) {
      * Get description
      * @return description
      */
-    @NotNull
-    @Schema(name = "description", required = true)
+    @Schema(name = "description", required = false)
     public String getDescription() {
         return description;
     }