Skip to content

Latest commit

 

History

History
142 lines (90 loc) · 6.41 KB

README.md

File metadata and controls

142 lines (90 loc) · 6.41 KB

Open in GitHub Codespaces Open in Remote - Containers

This repository includes a small Python Flask web site, made for demonstration purposes only.

Opening the project

This project has Dev Container support, so it will be be setup automatically if you open it in Github Codespaces or in local VS Code with the Dev Containers extension.

If you're not using one of those options for opening the project, then you'll need to:

  1. Create a Python virtual environment and activate it.

  2. Install the requirements:

    python3 -m pip install -r requirements-dev.txt
  3. Install the pre-commit hooks:

    pre-commit install

Local development

  1. Create an .env file using .env.sample as a guide. Set the value of DBNAME to the name of an existing database in your local PostgreSQL instance. Set the values of DBHOST, DBUSER, and DBPASS as appropriate for your local PostgreSQL instance. If you're in the Dev Container, copy the values exactly from .env.sample.

  2. Apply migrations to database:

python3 -m flask db upgrade --directory src/flaskapp/migrations
  1. Load in seed data (to create first quiz):
python3 -m flask seed
  1. Run the server:
python3 -m flask --debug run --port 50505
  1. Click 'http://127.0.0.1:50505' in the terminal, which should open the website in a new tab.
  2. Open the quiz linked from the index page.
  3. Answer the quiz and submit, notice the high scores update below.

Tests

  1. Install the development requirements:
python3 -m pip install -r requirements-dev.txt
playwright install --with-deps
  1. Run the tests:
python3 -m pytest

Deployment

This repository is set up for deployment on Azure using the configuration files in the infra folder.

Architecture diagram: App Service, PostgreSQL Flexible server, Log Analytics

  1. Sign up for a free Azure account

  2. Install the Azure Dev CLI. (If you open this repository in Codespaces or with the VS Code Dev Containers extension, that part will be done for you.)

  3. Initialize a new azd environment:

    azd init

    It will prompt you to provide a name (like "flask-app") that will later be used in the name of the deployed resources.

  4. Provision and deploy all the resources:

    azd up

    It will prompt you to login, pick a subscription, and provide a location (like "eastus"). Then it will provision the resources in your account and deploy the latest code. If you get an error with deployment, changing the location (like to "centralus") can help, as there may be availability constraints for some of the resources.

  5. When azd has finished deploying, you'll see an endpoint URI in the command output. Visit that URI and you should see the quiz! 🎉

  6. When you've made any changes to the app code, you can just run:

    azd deploy

CI/CD pipeline

This project includes a Github workflow for deploying the resources to Azure on every push to main. That workflow requires several Azure-related authentication secrets to be stored as Github action secrets. To set that up, run:

azd pipeline config

Security

Database

It is important to secure the databases in web applications to prevent unwanted data access. This infrastructure uses the following mechanisms to secure the PostgreSQL database:

  • Azure Firewall: The database is accessible only from other Azure IPs, not from public IPs. (Note that includes other customers using Azure).
  • Admin Username: A unique string generated based on the resource name (not random, but not a standard name, either).
  • Admin Password: Randomly generated and updated on each deploy.
  • PostgreSQL Version: Latest available on Azure, version 14, which includes security improvements.

⚠️ To make your database connection more secure, consider:

  1. Storing username/password in Key Vault. See the django-quiz-app project for example infrastructure files.
  2. Using an Azure Virtual Network to connect the Web App to the Database. See the django-on-azure project for example infrastructure files.

Sessions

This Flask app does not currently use sessions, so it doesn't require a secret key. However, if you do add a secret key in the future, you should store that securely in Key Vault. See the django-quiz-app project for infrastructure files that store secrets in Key Vault.

Costs

Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage.

You can try the Azure pricing calculator for the resources:

  • Azure App Service: Free Tier with shared CPU cores, 1 GB RAM. Pricing
  • PostgreSQL Flexible Server: Burstable Tier with 1 CPU core, 32GB storage. Pricing is hourly. Pricing
  • Log analytics: Pay-as-you-go tier. Costs based on data ingested. Pricing

⚠️ To avoid unnecessary costs, remember to take down your app if it's no longer in use, either by deleting the resource group in the Portal or running azd down.