From ef9bb67b6904000e1f59ef827a0b05999d08da9f Mon Sep 17 00:00:00 2001
From: Pamela Fox <pamela.fox@gmail.com>
Date: Tue, 16 Apr 2024 12:46:30 -0700
Subject: [PATCH] More fixes to the Bicep

---
 infra/core/database/postgresql/flexibleserver.bicep |  2 +-
 infra/main.bicep                                    |  6 +++---
 scripts/assign_role.py                              | 13 +++++++------
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/infra/core/database/postgresql/flexibleserver.bicep b/infra/core/database/postgresql/flexibleserver.bicep
index d1a4583..cfd1312 100644
--- a/infra/core/database/postgresql/flexibleserver.bicep
+++ b/infra/core/database/postgresql/flexibleserver.bicep
@@ -110,7 +110,7 @@ resource addAddUser 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@20
     principalName: entraAdministratorName
   }
   // This is a workaround for a bug in the API that requires the parent to be fully resolved
-  dependsOn: [postgresServer]
+  dependsOn: [postgresServer, firewall_all, firewall_azure]
 }
 
 output POSTGRES_DOMAIN_NAME string =  postgresServer.properties.fullyQualifiedDomainName
diff --git a/infra/main.bicep b/infra/main.bicep
index 83bb40e..cc4fa9a 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -63,12 +63,12 @@ module postgresServer 'core/database/postgresql/flexibleserver.bicep' = {
   }
 }
 
-var webAppName = '${prefix}-app-service'
+var webAppName = '${prefix}-appservice'
 module web 'core/host/appservice.bicep' = {
   name: 'appservice'
   scope: resourceGroup
   params: {
-    name: '${prefix}-appservice'
+    name: webAppName
     location: location
     tags: union(tags, { 'azd-service-name': 'web' })
     appServicePlanId: appServicePlan.outputs.id
@@ -96,7 +96,7 @@ module appServicePlan 'core/host/appserviceplan.bicep' = {
     location: location
     tags: tags
     sku: {
-      name: 'F1'
+      name: 'B1'
     }
     reserved: true
   }
diff --git a/scripts/assign_role.py b/scripts/assign_role.py
index fe4133b..fe7d0ba 100644
--- a/scripts/assign_role.py
+++ b/scripts/assign_role.py
@@ -35,11 +35,12 @@ def assign_role_for_webapp(postgres_host, postgres_username, app_identity_name):
     else:
         logger.info(f"Creating a PostgreSQL role for identity {app_identity_name}")
         cur.execute(f"SELECT * FROM pgaadauth_create_principal('{app_identity_name}', false, false)")
-        cur.execute(f'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "{app_identity_name}"')
-        cur.execute(
-            f"ALTER DEFAULT PRIVILEGES IN SCHEMA public"
-            f'GRANT SELECT, UPDATE, INSERT, DELETE ON TABLES TO "{app_identity_name}"'
-        )
+    logger.info(f"Granting permissions to {app_identity_name}")
+    cur.execute(f'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "{app_identity_name}"')
+    cur.execute(
+        f"ALTER DEFAULT PRIVILEGES IN SCHEMA public "
+        f'GRANT SELECT, UPDATE, INSERT, DELETE ON TABLES TO "{app_identity_name}"'
+    )
     cur.close()
 
 
@@ -52,7 +53,7 @@ def assign_role_for_webapp(postgres_host, postgres_username, app_identity_name):
     APP_IDENTITY_NAME = os.getenv("WEB_APP_NAME")
     if not POSTGRES_HOST or not POSTGRES_USERNAME or not APP_IDENTITY_NAME:
         logger.error(
-            "Can't find POSTGRES_DOMAIN_NAME, POSTGRES_ADMIN_USERNAME, and WEB_APP_NAME environment variables."
+            "Can't find POSTGRES_DOMAIN_NAME, POSTGRES_ADMIN_USERNAME, and WEB_APP_NAME environment variables. "
             "Make sure you run azd up first."
         )
     else: