search

SAFEHR-data / Dash-Seedling

FlowEHR template Dash app
Apache License 2.0
1 stars 2 forks source link

Cosmos client does not allow creation of containers #24

Open hqva opened 1 year ago

hqva commented 1 year ago

New containers or databases cannot be created with the cosmos client despite the user having permissions to do so.

This is the case both

  1. when logging in with a DefaultAzureCredential() for a user that has permissions to create a container via the azure portal
  2. when specifying a COSMOSDB_KEY

This bug can be reproduced with the following code:

from app import cosmos_client
client = cosmos_client()

# databases cannot be created
db_name = "db"
db = client.create_database(db_name)

# if a database is created via the azure portal, a container cannot be created within it
container_name = "cont"
database_client = client.get_database_client(db_name)
database_client.create_container(id= container_name, partition_key="/Id")
lawrenceadams commented 1 year ago

Looks like this is expected behaviour, as the cosmos client with RBAC is only to read/write data and not for resource provisioning - including database or container creation

I think we're gonna have to fart about with azure.mgmt.cosmosdb.CosmosDBManagementClient to actually create containers and databases 🤔 ?like this

@jedheaj314 Have I completely lost the plot?

hqva commented 1 year ago

Is it then simplest to make it part of the terraform/ initial provisioning process when the seedlings are initially made? Give app developers a single prescribed database and container that is then used for all state storage?