This Python app is a simple restaurant review application using the Django framework. The app uses Azure App Service, Azure Database for PostgreSQL relational database service, and Azure Storage. When deployed, Azure managed identity allows the web app hosted in App Service to connect to the database and storage resources without the need to specify sensitive connection info in code or environment variables.
This sample app can be run locally and then deployed to Azure, hosted in a fully managed Azure App Service. For more information on how to deploy this to Azure, see the Overview: Deploy a Django web app to Azure with managed identity.
If you need an Azure account, you can create on for free.
A Flask sample application with similar functionality is at https://github.com/Azure-Samples/msdocs-flask-web-app-managed-identity.
The requirements.txt has the following packages:
| Package | Description |
|---|---|
| Django | Web application framework. |
| pyscopg2-binary | PostgreSQL database adapter for Python. |
| python-dotenv | Read key-value pairs from .env file and set them as environment variables. In this sample app, environment variables describe how to connect to the database and storage resources. Because managed identity is used no sensitive information is included in environment variables. This package is used in the manage.py file to load environment variables. |
| whitenoise | Static file serving for WSGI applications, used in the deployed app. This package is used in the azureproject/production.py file, which configures production settings. |
| azure-blob-storage | Microsoft Azure Storage SDK for Python |
| azure-identity | Microsoft Azure Identity Library for Python |
The DefaultAzureCredential is used in the views.py file. For example:
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient
azure_credential = DefaultAzureCredential(exclude_shared_token_cache_credential=True)
blob_service_client = BlobServiceClient(
account_url=account_url,
credential=azure_credential)The DefaultAzureCredential is also used to get a token for PostgreSQL in the get_token.py file when running in Azure.
azure_credential = DefaultAzureCredential()
token = azure_credential.get_token("https://ossrdbms-aad.database.windows.net")
conf.settings.DATABASES['default']['PASSWORD'] = token.tokenDeployed, the start.sh file sets a SECRET_KEY and runs the Django migrate command. The SECRET_KEY is used to encrypt session data. The migrate command creates the database tables. Instead of a start.sh you could set the SECRET_KEY as an app setting and run the migrate command manually by ssh'ing into the app service.
To run the app locally, create a copy of .env.example and name it .env. Then, update the values in the .env file with your database and storage connection information. The .env file is used by the manage.py file to set environment variables.
Running locally can be challenging because if you want to be truly local you need to set up resources locally. For example, you need to install PostgreSQL and create a database. You also need to install Azure Storage Emulator and create a storage account.
As an alternative:
Regardless of how you connect to resources, you need to run the Django migrate command in the start.sh before the app starts up.