feat: implement naming convention, deployment automation, and infrastructure updates

- Add comprehensive naming convention (provider-region-resource-env-purpose) - Implement Terraform locals for centralized naming - Update all Terraform resources to use new naming convention - Create deployment automation framework (18 phase scripts) - Add Azure setup scripts (provider registration, quota checks) - Update deployment scripts config with naming functions - Create complete deployment documentation (guide, steps, quick reference) - Add frontend portal implementations (public and internal) - Add UI component library (18 components) - Enhance Entra VerifiedID integration with file utilities - Add API client package for all services - Create comprehensive documentation (naming, deployment, next steps) Infrastructure: - Resource groups, storage accounts with new naming - Terraform configuration updates - Outputs with naming convention examples Deployment: - Automated deployment scripts for all 15 phases - State management and logging - Error handling and validation Documentation: - Naming convention guide and implementation summary - Complete deployment guide (296 steps) - Next steps and quick start guides - Azure prerequisites and setup completion docs Note: ESLint warnings present - will be addressed in follow-up commit
2025-11-12 08:22:51 -08:00
parent 9e46f3f316
commit 8649ad4124
136 changed files with 17251 additions and 147 deletions
--- a/scripts/deploy/phase8-secrets.sh
+++ b/scripts/deploy/phase8-secrets.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+#
+# Phase 8: Secrets Configuration
+# Store secrets in Azure Key Vault
+# Note: Some secrets may need to be set manually
+#
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/config.sh"
+
+log_info "=========================================="
+log_info "Phase 8: Secrets Configuration"
+log_info "=========================================="
+
+# Verify Key Vault exists
+log_step "8.1 Verifying Azure Key Vault..."
+
+KV_EXISTS=$(az keyvault show \
+  --name "${KEY_VAULT_NAME}" \
+  --resource-group "${AKS_RESOURCE_GROUP}" \
+  --query name -o tsv 2>/dev/null || echo "")
+
+if [ -z "${KV_EXISTS}" ]; then
+  error_exit "Key Vault ${KEY_VAULT_NAME} not found. Create it first with Terraform."
+fi
+
+log_success "Key Vault found: ${KEY_VAULT_NAME}"
+
+# Store database URL if provided
+if [ -n "${DATABASE_URL:-}" ]; then
+  log_step "8.2 Storing database URL..."
+  az keyvault secret set \
+    --vault-name "${KEY_VAULT_NAME}" \
+    --name "database-url-${ENVIRONMENT}" \
+    --value "${DATABASE_URL}" \
+    || log_warning "Failed to store database URL"
+  log_success "Database URL stored"
+fi
+
+# Check for Entra secrets
+log_step "8.3 Checking Entra ID secrets..."
+
+ENTRA_SECRETS=("entra-tenant-id" "entra-client-id" "entra-client-secret" "entra-credential-manifest-id")
+MISSING_SECRETS=()
+
+for secret in "${ENTRA_SECRETS[@]}"; do
+  if ! az keyvault secret show \
+    --vault-name "${KEY_VAULT_NAME}" \
+    --name "${secret}" \
+    --query value -o tsv &> /dev/null; then
+    MISSING_SECRETS+=("${secret}")
+  fi
+done
+
+if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
+  log_warning "Missing Entra ID secrets: ${MISSING_SECRETS[*]}"
+  log_info "Run: ./scripts/deploy/store-entra-secrets.sh"
+else
+  log_success "All Entra ID secrets found"
+fi
+
+# Store JWT secret if not exists
+log_step "8.4 Storing JWT secret..."
+
+if ! az keyvault secret show \
+  --vault-name "${KEY_VAULT_NAME}" \
+  --name "jwt-secret" \
+  --query value -o tsv &> /dev/null; then
+  
+  JWT_SECRET=$(openssl rand -base64 32)
+  az keyvault secret set \
+    --vault-name "${KEY_VAULT_NAME}" \
+    --name "jwt-secret" \
+    --value "${JWT_SECRET}" \
+    || error_exit "Failed to store JWT secret"
+  log_success "JWT secret generated and stored"
+else
+  log_success "JWT secret already exists"
+fi
+
+log_info "Secrets configuration complete"
+log_info "Note: Additional secrets may need to be set manually"
+log_info "See docs/deployment/DEPLOYMENT_GUIDE.md Phase 8 for complete list"
+
+# Save state
+save_state "phase8" "complete"
+
+log_success "=========================================="
+log_success "Phase 8: Secrets Configuration - COMPLETE"
+log_success "=========================================="
+