update README

Author: bryansan-local

samples/web-app-sql-database/python/README.md

@@ -1,6 +1,6 @@
 # Azure Web App with Azure SQL Database and Azure Key Vault
 
-This sample demonstrates a Python Flask single-page web application called *Vacation Planner* hosted on an [Azure Web App](https://learn.microsoft.com/en-us/azure/app-service/overview). The app runs on an Azure App Service Plan and stores activity data in an `activities` table within the `sampledb` database on an [Azure SQL Database](https://learn.microsoft.com/en-us/azure/azure-sql/database/) instance. The connection string of the SQL database is stored as a secret in [Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview).
+This sample demonstrates a Python Flask single-page web application called *Vacation Planner* hosted on an [Azure Web App](https://learn.microsoft.com/en-us/azure/app-service/overview). The app runs on an Azure App Service Plan and stores activity data in an `activities` table within the `sampledb` database on an [Azure SQL Database](https://learn.microsoft.com/en-us/azure/azure-sql/database/) instance. The connection string of the SQL database is stored as a secret in [Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview). The application also retrieves its certificate from Key Vault to serve traffic over HTTPS. 
 
 
 ## Architecture
@@ -12,7 +12,7 @@ The following diagram illustrates the architecture of the solution:
 - **Azure Web App**: Hosts the Python Flask application
 - **Azure App Service Plan**: Provides compute resources for the web app
 - **Azure SQL Database**: Stores activity data in a relational table
-- **Azure Key Vault**: Stores the database connection string
+- **Azure Key Vault**: Stores the database connection string and the certificate used to secure HTTPS traffic
 
 ## Prerequisites
 
@@ -48,7 +48,7 @@ The application integrates with Azure Key Vault for managing secrets and certifi
 
 Secrets: The SQL connection string is stored as a secret in Key Vault. At runtime, the app retrieves it using the Azure Key Vault Secrets SDK. This is configured via the KEY_VAULT_NAME and SECRET_NAME environment variables.
 
-Certificates: A self-signed certificate is created in Key Vault during deployment. The app exposes a GET /api/certificate/validate endpoint that retrieves the certificate using the Azure Key Vault Certificates SDK and returns its name, confirming the integration works. This is configured via the KEYVAULT_URI and CERT_NAME environment variables.
+Certificates: A self-signed certificate is created in Key Vault during deployment. The app exposes a GET /api/certificate endpoint that retrieves the certificate using the Azure Key Vault Certificates SDK and returns its name, confirming the integration works. This is configured via the KEYVAULT_URI and CERT_NAME environment variables.
 
 ## Deployment
 

samples/web-app-sql-database/python/scripts/get-web-app-url.sh

@@ -65,28 +65,6 @@ get_docker_container_port_mapping() {
 	echo "$host_port"
 }
 
-wait_for_http_response() {
-	local url="$1"
-	local description="$2"
-	local max_retries="${3:-5}"
-	local retry_interval="${4:-5}"
-
-	echo "Waiting for [$description] to respond at [$url]..."
-
-	for i in $(seq 1 $max_retries); do
-		http_status=$(curl -s -o /dev/null -w "%{http_code}" "$url" --max-time 5)
-		if [ "$http_status" -eq 200 ]; then
-			echo "[$description] is responding with HTTP 200"
-			return 0
-		fi
-		echo "Attempt $i/$max_retries - HTTP $http_status. Retrying in ${retry_interval}s..."
-		sleep $retry_interval
-	done
-
-	echo "Error: [$description] failed to respond with HTTP 200 after $max_retries attempts" >&2
-	return 1
-}
-
 call_web_app() {
 	# Get the web app name
 	echo "Getting web app name..."
@@ -204,7 +182,7 @@ call_web_app() {
 	fi
 
 	echo "Validating certificate from Key Vault..."
-	KV_RESPONSE=$(curl -sk "https://$container_ip:8443/api/certificate/validate")
+	KV_RESPONSE=$(curl -sk "https://$container_ip:8443/api/certificate")
 	KV_THUMBPRINT=$(echo "$KV_RESPONSE" | jq -r '.thumbprint')
 	KV_NAME=$(echo "$KV_RESPONSE" | jq -r '.name')
 	KV_SUBJECT=$(echo "$KV_RESPONSE" | jq -r '.subject')

samples/web-app-sql-database/python/src/app.py

@@ -136,17 +136,17 @@ def update(activity_id: int):
 
     return redirect(url_for('index'))
 
-@app.route('/api/certificate/validate', methods=['GET'])
+@app.route('/api/certificate', methods=['GET'])
 def validate_certificate():
     """
     Downloads the certificate from Key Vault, loads it as X509,
     and returns its properties to validate that Key Vault certificate
     emulation works correctly.
     """
     vault_uri = os.environ.get('KEYVAULT_URI')
-    cert_name = os.environ.get('CERT_NAME', 'test-cert')
+    cert_name = os.environ.get('CERT_NAME')
 
-    if not vault_uri:
+    if not vault_uri or not cert_name:
         return jsonify({"error": "KEYVAULT_URI not configured"}), 500
 
     try: