Updating software versions and moving to pymyqsl driver to avoid issues...

Updating software versions and moving to pymyqsl driver to avoid issues building mariadb for Python on AppService plan

doc/azure-stateful-webapp.tex

@@ -130,7 +130,7 @@ If these exercises are followed using an Azure student account, then a MariaDB d
 \subsection{Accessing the database}
 
 \begin{enumerate}
-\item Follow the instructions at \href{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl}{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl} to download the \texttt{BaltimoreCyberTrustRoot.crt.pem} file and save it into the \texttt{src} directory.
+\item Follow the instructions at \href{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl}{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl} to download the \texttt{DigiCertGlobalRootG2.crt.pem} file and save it into the \texttt{src} directory.
 
 \item Set the environment variables for either the student account or teaching environment:
 \begin{itemize}
@@ -140,28 +140,28 @@ If these exercises are followed using an Azure student account, then a MariaDB d
 \item \texttt{DB\_NAME} - The database name.  (This is the same as the \texttt{DB\_USER}, when using the teaching environment.)
 \end{itemize}
 
-\item Open a command prompt or Bash shell window in the \texttt{src} directory.  Then connect to the remote MariaDB database server using the command given in Listing~\ref{listing:mysql-connect} or \ref{listing:mysql-connect-ssl}, where Listing~\ref{listing:mysql-connect-ssl} should be used if the \texttt{BaltimoreCyberTrustRoot.crt.pem} certificate has already been installed on the host operating system.  If this command is typed into a Bash shell on Windows, then it must be prefixed by \texttt{winpty}.  
+\item Open a command prompt or Bash shell window in the \texttt{src} directory.  Then connect to the remote MariaDB database server using the command given in Listing~\ref{listing:mysql-connect-ssl}.  If this command is typed into a Bash shell on Windows, then it must be prefixed by \texttt{winpty}.  
 
 \clearpage
 
-\begin{lstlisting}[caption={Connecting to the remote MariaDB server.},label=listing:mysql-connect,numbers=none,language=,showspaces=true]
-mysql --host $DB_SERVER \
---user $DB_USER -p$DB_PASSWORD --ssl \
---ssl-verify-server-cert --ssl-ca=BaltimoreCyberTrustRoot.crt.pem \
---tls-version="TLSv1.2,TLSv1.3" $DB_NAME
-\end{lstlisting}
-
 \begin{lstlisting}[caption={Connecting to the remote MariaDB server.},label=listing:mysql-connect-ssl,numbers=none,language=,showspaces=true]
 mysql --host $DB_SERVER \
 --user $DB_USER -p$DB_PASSWORD --ssl \
 --tls-version="TLSv1.2,TLSv1.3" $DB_NAME
 \end{lstlisting}
 
-If the command given in Listing~\ref{listing:mysql-connect} fails with the error that is given in Listing~\ref{listing:ssl-error}, run the command that is given in Listing~\ref{listing:mysql-connect-ssl} instead.  This error can occur if the \texttt{BaltimoreCyberTrustRoot.crt.pem} is already installed on the host computer, such that it clashes with the version provided locally.
+%\begin{lstlisting}[caption={Connecting to the remote MariaDB server.},label=listing:mysql-%connect,numbers=none,language=,showspaces=true]
+%mysql --host $DB_SERVER \
+%--user $DB_USER -p$DB_PASSWORD --ssl \
+%--ssl-verify-server-cert --ssl-ca=BaltimoreCyberTrustRoot.crt.pem \
+%--tls-version="TLSv1.2,TLSv1.3" $DB_NAME
+%\end{lstlisting}
 
-\begin{lstlisting}[caption={Certificate chain error.},label=listing:ssl-error,numbers=none,language=,showspaces=true]
-ERROR 2026 (HY000): SSL connection error: Server certificate validation failed. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
-\end{lstlisting}
+%If the command given in Listing~\ref{listing:mysql-connect} fails with the error that is given in Listing~\ref{listing:ssl-error}, run the command that is given in Listing~\ref{listing:mysql-connect-ssl} instead.  This error can occur if the%\texttt{BaltimoreCyberTrustRoot.crt.pem} is already installed on the host computer, such that it clashes with the version provided locally.
+
+%\begin{lstlisting}[caption={Certificate chain error.},label=listing:ssl-error,numbers=none,language=,showspaces=true]
+%ERROR 2026 (HY000): SSL connection error: Server certificate validation failed. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
+%\end{lstlisting}
 
 \item Check the tables present and remove any existing tables by using Listing~\ref{listing:list-tables} and \ref{listing:db-reset}, respectively.  The name \texttt{db\_name} should be replaced with the database name.
 
@@ -191,10 +191,8 @@ It is easier to debug a program when it is running on the local computer, since
 \item \texttt{DB\_USER} is the user name for the remote database server.
 \item \texttt{DB\_PASSWORD} is the password for the remote database server.
 \item \texttt{DB\_NAME} is the name of the database within the remote database server.
-\item \texttt{DB\_SSL} is set to \texttt{"true"}, if the \texttt{BaltimoreCyberTrustRoot.crt.pem} is already installed on the host operating system.
-\item \texttt{DB\_SSL\_CERT} is set to \texttt{BaltimoreCyberTrustRoot.crt.pem}, if the \texttt{BaltimoreCyberTrustRoot.crt.pem} is not installed on the host operating system.
+\item \texttt{DB\_SSL\_CERT} should be set to \texttt{DigiCertGlobalRootG2.crt.pem}.
 \end{itemize}
-Either \texttt{DB\_SSL} or \texttt{DB\_SSL\_CERT} should be set, but not both.
 
 \item Run the file \texttt{app.py}.
 \item Verify the end points work as expected by using Listing~\ref{listing:web-service-test} or Postman.
@@ -217,8 +215,8 @@ curl -s -X GET "http://127.0.0.1:5000/books/"
 \item Create a zip file that contains the source code files, configuration and the certification, using Listing~\ref{listing:zip-files}.
 
 \begin{lstlisting}[caption={Creating a zip file, ready for deployment.},label=listing:zip-files,numbers=none,language=,showspaces=true]
-zip -r myapp.zip app.py models.py routes.py requirements.txt \
-startup.txt BaltimoreCyberTrustRoot.crt.pem
+zip -r zip myapp.zip app.py models.py requirements.txt routes.py \
+startup.txt DigiCertGlobalRootG2.crt.pem
 \end{lstlisting}
 
 \item Create a Web App by using Listing~\ref{listing:create-web-app}, where the \texttt{plan\_id} should be replaced with the id of the existing plan on the teaching environment.  Alternatively, a plan can be created in the student account.  Following the Azure resource naming convention, the \texttt{app\_name} should start with the prefix ``app-''.
@@ -227,17 +225,17 @@ startup.txt BaltimoreCyberTrustRoot.crt.pem
 az webapp create --name $app_name \
 --plan $plan_id \
 --resource-group $resource_group \
---runtime "python|3.9" \
+--runtime "python:3.9" \
 --startup-file startup.txt
 \end{lstlisting}
 
-\item Configure the Web App by using Listing~\ref{listing:web-app-config}.  The DB\_SSL\_CERT setting is needed, since the Linux App Service Plan does not contain the \texttt{BaltimoreCyberTrustRoot.crt.pem} certificate. 
+\item Configure the Web App by using Listing~\ref{listing:web-app-config}. 
 
 \begin{lstlisting}[caption={Configuring the Web App, with the database connection details and build flag.},label=listing:web-app-config,numbers=none,language=,showspaces=true]
 az webapp config appsettings set --resource-group $resource_group \
 --name $app_name --settings DB_SERVER=$DB_SERVER DB_NAME=$DB_NAME \
 DB_USER=$DB_USER DB_PASSWORD=$DB_PASSWORD \
-DB_SSL_CERT=BaltimoreCyberTrustRoot.crt.pem \
+DB_SSL_CERT=DigiCertGlobalRootG2.crt.pem \
 SCM_DO_BUILD_DURING_DEPLOYMENT=true
 \end{lstlisting}
 

doc/software-versions.csv

 Package,{Package Type},Version
-MariaDB Client,Native,10.5.10
-Python,Native,3.9.7
-azure-cli,Native,2.45.0
-Flask,Python,2.2.3
-Flask-SQLAlchemy,Python,3.0.3
-mariadb,Python,1.0.11
-SQLAlchemy,Python,2.0.4
\ No newline at end of file
+MariaDB Client,Native,10.11.6
+Python,Native,3.11.7
+azure-cli,Native,2.56.0
+Flask,Python,3.0.2
+Flask-SQLAlchemy,Python,3.1.1
+PyMSQL,Python,1.1.0
+SQLAlchemy,Python,2.0.25
\ No newline at end of file

src/app.py

@@ -16,11 +16,15 @@ def database_uri() -> sqlalchemy.engine.url.URL:
         return url
 
     # Create a new DB connection string from components.
+    host=os.environ.get("DB_SERVER", default="127.0.0.1")
+    username = os.environ.get("DB_USER", default="none")
+    username = f"{username}@{host}"
+
     url = sqlalchemy.engine.url.URL.create(
-        drivername=os.environ.get("DB_DRIVER", default="mariadb+mariadbconnector"),
-        username=os.environ.get("DB_USER", default="none"),
+        drivername=os.environ.get("DB_DRIVER", default="mysql+pymysql"),
+        username=username,
         password=os.environ.get("DB_PASSWORD", default="none"),
-        host=os.environ.get("DB_SERVER", default="127.0.0.1"),
+        host=host,
         port=os.environ.get("DB_PORT", default="3306"),
         database=os.environ.get("DB_NAME", default="mydb"))
 
@@ -38,17 +42,9 @@ def database_connection_args() -> dict:
     ssl_cert_file = os.environ.get("DB_SSL_CERT", default=None)
     if ssl_cert_file is not None:
         connection_args.update({
-            "ssl_ca": ssl_cert_file
+            'ssl': {'ca': ssl_cert_file}
         })
 
-    # Check if SSL should be enabled.
-    ssl_str = os.environ.get("DB_SSL", default=None)
-    if ssl_str is not None:
-        if ssl_str.strip().lower() == "true":
-            connection_args.update({
-                "ssl": 1
-            })
-
     return connection_args
 
 

src/requirements.txt

-Flask>=2.2
+Flask>=3
 Flask-SQLAlchemy>=3
-mariadb==1.0.11
+PyMSQL>=1
 SQLAlchemy>=2
\ No newline at end of file