d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Legal Office seal and complete Azure CDN deployment

Browse Source 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
This commit is contained in:
defiQUG
2025-11-12 22:03:42 -08:00
parent 8649ad4124
commit 92cc41d26d
258 changed files with 16021 additions and 1260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
scripts/validation/check-seal-deployment-issues.sh Executable file
View File

@@ -0,0 +1,256 @@
#!/bin/bash
# Comprehensive check for gaps, errors, issues, and warnings
# in the Order of St John seal deployment process
set -euo pipefail
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[CHECK]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[!]${NC} $1"; }
log_error() { echo -e "${RED}[✗]${NC} $1"; }
cd "$(dirname "$0")/../.."
ISSUES=0
WARNINGS=0
ERRORS=0
echo ""
log_info "=== Comprehensive Seal Deployment Issue Check ==="
echo ""
# 1. Pre-deployment checks
log_info "1. PRE-DEPLOYMENT CHECKS"
echo ""
# Check script permissions
log_info " Checking script permissions..."
for script in scripts/deploy/prepare-all-credential-seals.sh \
scripts/validation/validate-seal-files.sh \
scripts/deploy/complete-seal-deployment.sh \
scripts/deploy/update-manifest-seal-urls.sh; do
if [ -f "${script}" ]; then
if [ -x "${script}" ]; then
log_success " ${script}: Executable"
else
log_error " ${script}: Not executable"
((ERRORS++))
fi
else
log_error " ${script}: File not found"
((ERRORS++))
fi
done
# Check script syntax
log_info " Checking script syntax..."
for script in scripts/deploy/prepare-all-credential-seals.sh \
scripts/validation/validate-seal-files.sh \
scripts/deploy/complete-seal-deployment.sh \
scripts/deploy/update-manifest-seal-urls.sh; do
if bash -n "${script}" 2>/dev/null; then
log_success " ${script}: Syntax valid"
else
log_error " ${script}: Syntax errors"
((ERRORS++))
fi
done
# Check directories
log_info " Checking directories..."
[ -d "assets/credential-images/svg" ] && log_success " SVG directory exists" || { log_error " SVG directory missing"; ((ERRORS++)); }
[ -d "assets/credential-images/png" ] && log_success " PNG directory exists" || { log_warning " PNG directory missing (will be created)"; ((WARNINGS++)); }
# Check SVG files
log_info " Checking SVG files..."
EXPECTED_SVGS=(
"digital-bank-seal.svg"
"iccc-seal.svg"
"iccc-provost-marshals-seal.svg"
"diplomatic-security-seal.svg"
)
for svg in "${EXPECTED_SVGS[@]}"; do
if [ -f "assets/credential-images/svg/${svg}" ]; then
log_success " ${svg}: Exists"
# Validate SVG structure
if grep -q "viewBox\|<svg" "assets/credential-images/svg/${svg}"; then
log_success " Valid SVG structure"
else
log_error " Invalid SVG structure"
((ERRORS++))
fi
if grep -q "maltese-cross\|Maltese Cross" "assets/credential-images/svg/${svg}" -i; then
log_success " Contains Maltese Cross"
else
log_warning " Maltese Cross reference not found"
((WARNINGS++))
fi
else
log_error " ${svg}: Missing"
((ERRORS++))
fi
done
# Check conversion tools
log_info " Checking conversion tools..."
HAS_CONVERTER=false
if command -v convert &> /dev/null; then
log_success " ImageMagick: Available"
HAS_CONVERTER=true
elif command -v inkscape &> /dev/null; then
log_success " Inkscape: Available"
HAS_CONVERTER=true
elif command -v node &> /dev/null && node -e "require('sharp')" 2>/dev/null; then
log_success " Node.js with sharp: Available"
HAS_CONVERTER=true
else
log_warning " No conversion tool available (ImageMagick, Inkscape, or sharp)"
log_warning " PNG conversion will fail without one of these"
((WARNINGS++))
fi
echo ""
# 2. During deployment checks
log_info "2. DURING DEPLOYMENT CHECKS"
echo ""
# Run deployment and capture output
log_info " Running deployment script..."
DEPLOY_LOG="/tmp/seal-deployment-check.log"
if ./scripts/deploy/complete-seal-deployment.sh > "${DEPLOY_LOG}" 2>&1; then
log_success " Deployment script completed"
else
log_error " Deployment script failed"
((ERRORS++))
fi
# Check for errors in log
log_info " Analyzing deployment log..."
ERROR_COUNT=$(grep -i "error\|failed\|✗" "${DEPLOY_LOG}" 2>/dev/null | grep -v "WARNING\|warning" | wc -l || echo "0")
WARNING_COUNT=$(grep -i "warning\|!" "${DEPLOY_LOG}" 2>/dev/null | wc -l || echo "0")
if [ "${ERROR_COUNT}" -gt 0 ]; then
log_error " Found ${ERROR_COUNT} error(s) in deployment log"
((ERRORS+=ERROR_COUNT))
echo " Sample errors:"
grep -i "error\|failed\|✗" "${DEPLOY_LOG}" 2>/dev/null | grep -v "WARNING\|warning" | head -5 | sed 's/^/ /'
fi
if [ "${WARNING_COUNT}" -gt 0 ]; then
log_warning " Found ${WARNING_COUNT} warning(s) in deployment log"
((WARNINGS+=WARNING_COUNT))
fi
echo ""
# 3. Post-deployment checks
log_info "3. POST-DEPLOYMENT CHECKS"
echo ""
# Check PNG files
log_info " Checking generated PNG files..."
PNG_COUNT=$(find assets/credential-images/png -name "*.png" -type f 2>/dev/null | wc -l)
if [ "${PNG_COUNT}" -gt 0 ]; then
log_success " ${PNG_COUNT} PNG file(s) generated"
# Validate PNG files
INVALID_PNG=0
for png in assets/credential-images/png/*.png; do
if [ -f "${png}" ]; then
if file "${png}" | grep -q "PNG"; then
size_kb=$(du -k "${png}" | cut -f1)
if [ "${size_kb}" -gt 500 ]; then
log_warning " $(basename "${png}"): Large size (${size_kb}KB, recommend <100KB)"
((WARNINGS++))
fi
else
log_error " $(basename "${png}"): Invalid PNG"
((INVALID_PNG++))
((ERRORS++))
fi
fi
done
if [ ${INVALID_PNG} -eq 0 ]; then
log_success " All PNG files are valid"
fi
else
if [ "${HAS_CONVERTER}" = "false" ]; then
log_warning " No PNG files generated (conversion tool not available)"
else
log_error " No PNG files generated (conversion may have failed)"
((ERRORS++))
fi
fi
# Check generated reports
log_info " Checking generated reports..."
REPORTS=(
"assets/credential-images/png/MANIFEST.txt"
"assets/credential-images/png/VALIDATION_REPORT.txt"
"assets/credential-images/DEPLOYMENT_CHECKLIST.md"
"assets/credential-images/DEPLOYMENT_SUMMARY.md"
)
for report in "${REPORTS[@]}"; do
if [ -f "${report}" ]; then
log_success " $(basename "${report}"): Generated"
else
log_warning " $(basename "${report}"): Not generated"
((WARNINGS++))
fi
done
# Check manifest templates
log_info " Checking manifest templates..."
for manifest in manifests/entra/*-manifest-template.json; do
if [ -f "${manifest}" ]; then
filename=$(basename "${manifest}")
if jq -e '.display.logo.uri' "${manifest}" >/dev/null 2>&1; then
log_success " ${filename}: Valid JSON"
if grep -q "cdn.theorder.org/images.*seal" "${manifest}"; then
log_success " Has seal URL reference"
else
log_warning " Missing seal URL reference"
((WARNINGS++))
fi
else
log_error " ${filename}: Invalid JSON"
((ERRORS++))
fi
fi
done
echo ""
# 4. Summary
log_info "=== ISSUE SUMMARY ==="
echo ""
log_success "Checks passed: Multiple"
if [ ${WARNINGS} -gt 0 ]; then
log_warning "Warnings: ${WARNINGS}"
fi
if [ ${ERRORS} -gt 0 ]; then
log_error "Errors: ${ERRORS}"
fi
echo ""
if [ ${ERRORS} -eq 0 ] && [ ${WARNINGS} -eq 0 ]; then
log_success "No issues found! Deployment is ready."
exit 0
elif [ ${ERRORS} -eq 0 ]; then
log_warning "Deployment has warnings but no critical errors."
exit 0
else
log_error "Deployment has errors that need to be fixed."
exit 1
fi

172
scripts/validation/validate-entra-config.sh Executable file
View File

@@ -0,0 +1,172 @@
#!/bin/bash
# Validate Entra VerifiedID Configuration
# Checks all configuration files and environment setup
set -euo pipefail
GREEN='\033[0;32m'
RED='\033[0;31m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[PASS]${NC} $1"; }
log_error() { echo -e "${RED}[FAIL]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[WARN]${NC} $1"; }
cd "$(dirname "$0")/../.."
ERRORS=0
WARNINGS=0
log_info "Validating Entra VerifiedID Configuration..."
# Check environment variables
log_info "Checking environment variables..."
if [ -f ".env" ]; then
source .env 2>/dev/null || true
fi
check_var() {
local var=$1
local required=${2:-false}
if [ -z "${!var:-}" ]; then
if [ "${required}" = "true" ]; then
log_error "${var} is not set (required)"
((ERRORS++))
else
log_warning "${var} is not set (optional)"
((WARNINGS++))
fi
else
log_success "${var} is set"
fi
}
check_var "ENTRA_TENANT_ID" true
check_var "ENTRA_CLIENT_ID" true
check_var "ENTRA_CLIENT_SECRET" true
check_var "ENTRA_CREDENTIAL_MANIFEST_ID" true
check_var "ENTRA_MANIFESTS" false
check_var "ENTRA_RATE_LIMIT_ISSUANCE" false
check_var "ENTRA_RATE_LIMIT_VERIFICATION" false
# Validate manifest JSON if set
if [ -n "${ENTRA_MANIFESTS:-}" ]; then
log_info "Validating ENTRA_MANIFESTS JSON..."
if echo "${ENTRA_MANIFESTS}" | jq empty 2>/dev/null; then
log_success "ENTRA_MANIFESTS is valid JSON"
else
log_error "ENTRA_MANIFESTS is not valid JSON"
((ERRORS++))
fi
fi
# Check required files
log_info "Checking required files..."
REQUIRED_FILES=(
"packages/auth/src/entra-verifiedid.ts"
"packages/auth/src/entra-verifiedid-enhanced.ts"
"services/identity/src/entra-integration.ts"
"services/identity/src/entra-webhooks.ts"
"packages/monitoring/src/entra-metrics.ts"
)
for file in "${REQUIRED_FILES[@]}"; do
if [ -f "${file}" ]; then
log_success "Found: ${file}"
else
log_error "Missing: ${file}"
((ERRORS++))
fi
done
# Check scripts
log_info "Checking automation scripts..."
SCRIPTS=(
"scripts/deploy/setup-entra-automated.sh"
"scripts/deploy/create-entra-app.sh"
"scripts/deploy/configure-env-dev.sh"
"scripts/test/test-entra-integration.sh"
)
for script in "${SCRIPTS[@]}"; do
if [ -f "${script}" ] && [ -x "${script}" ]; then
log_success "Found and executable: ${script}"
elif [ -f "${script}" ]; then
log_warning "Found but not executable: ${script}"
((WARNINGS++))
else
log_error "Missing: ${script}"
((ERRORS++))
fi
done
# Check Kubernetes manifests
log_info "Checking Kubernetes manifests..."
K8S_FILES=(
"infra/k8s/identity-service-entra-secrets.yaml"
"infra/k8s/identity-service-deployment-entra.yaml"
)
for file in "${K8S_FILES[@]}"; do
if [ -f "${file}" ]; then
log_success "Found: ${file}"
else
log_warning "Missing: ${file}"
((WARNINGS++))
fi
done
# Check monitoring configs
log_info "Checking monitoring configurations..."
MONITORING_FILES=(
"infra/monitoring/prometheus-entra-config.yml"
"infra/monitoring/grafana-entra-dashboard.json"
)
for file in "${MONITORING_FILES[@]}"; do
if [ -f "${file}" ]; then
log_success "Found: ${file}"
else
log_warning "Missing: ${file}"
((WARNINGS++))
fi
done
# Test API connectivity (if service is running)
log_info "Testing API connectivity..."
if curl -sf http://localhost:4002/health > /dev/null 2>&1; then
log_success "Identity service is running"
# Test Entra endpoints
if curl -sf http://localhost:4002/vc/issue/entra > /dev/null 2>&1; then
log_success "Entra issuance endpoint accessible"
else
log_warning "Entra issuance endpoint not accessible (may require auth)"
fi
else
log_warning "Identity service not running locally"
fi
# Summary
echo ""
log_info "Validation Summary:"
if [ ${ERRORS} -eq 0 ]; then
log_success "No errors found!"
else
log_error "${ERRORS} error(s) found"
fi
if [ ${WARNINGS} -gt 0 ]; then
log_warning "${WARNINGS} warning(s) found"
fi
if [ ${ERRORS} -eq 0 ]; then
exit 0
else
exit 1
fi

197
scripts/validation/validate-seal-files.sh Executable file
View File

@@ -0,0 +1,197 @@
#!/bin/bash
# Validate Order of St John seal files
# Checks SVG structure, PNG quality, and file integrity
set -euo pipefail
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[VALIDATE]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[!]${NC} $1"; }
log_error() { echo -e "${RED}[✗]${NC} $1"; }
cd "$(dirname "$0")/../.."
SVG_DIR="assets/credential-images/svg"
PNG_DIR="assets/credential-images/png"
CHECKS_PASSED=0
CHECKS_FAILED=0
CHECKS_WARNING=0
check() {
local name=$1
local command=$2
if eval "${command}" > /dev/null 2>&1; then
log_success "${name}"
((CHECKS_PASSED++))
return 0
else
log_error "${name}"
((CHECKS_FAILED++))
return 1
fi
}
check_warning() {
local name=$1
local command=$2
if eval "${command}" > /dev/null 2>&1; then
log_success "${name}"
((CHECKS_PASSED++))
return 0
else
log_warning "${name}"
((CHECKS_WARNING++))
return 1
fi
}
echo ""
log_info "=== Order of St John Seal Validation ==="
echo ""
# Check directories exist
log_info "1. Directory Structure"
check "SVG directory exists" "[ -d '${SVG_DIR}' ]"
check "PNG directory exists" "[ -d '${PNG_DIR}' ]"
# Check for required SVG files
log_info "2. Required SVG Files"
EXPECTED_SEALS=(
"digital-bank-seal.svg"
"iccc-seal.svg"
"iccc-provost-marshals-seal.svg"
"diplomatic-security-seal.svg"
)
for seal in "${EXPECTED_SEALS[@]}"; do
check "Required seal exists: ${seal}" "[ -f '${SVG_DIR}/${seal}' ]"
done
# Validate SVG structure
log_info "3. SVG File Structure"
for svg_file in "${SVG_DIR}"/*.svg; do
if [ -f "${svg_file}" ]; then
filename=$(basename "${svg_file}")
# Check for Maltese Cross
if grep -q "maltese-cross\|Maltese Cross\|maltese" "${svg_file}" -i; then
log_success "${filename}: Contains Maltese Cross reference"
((CHECKS_PASSED++))
else
log_warning "${filename}: Maltese Cross reference not found"
((CHECKS_WARNING++))
fi
# Check for OSJ reference
if grep -q "OSJ\|ORDER OF ST JOHN\|ORDO S. IOANNIS" "${svg_file}"; then
log_success "${filename}: Contains OSJ reference"
((CHECKS_PASSED++))
else
log_warning "${filename}: OSJ reference not found"
((CHECKS_WARNING++))
fi
# Check SVG is valid XML
if xmllint --noout "${svg_file}" 2>/dev/null; then
log_success "${filename}: Valid SVG/XML"
((CHECKS_PASSED++))
else
check_warning "${filename}: XML validation (xmllint not available)" "true"
fi
# Check viewBox exists
if grep -q 'viewBox="0 0' "${svg_file}"; then
log_success "${filename}: Has viewBox"
((CHECKS_PASSED++))
else
log_warning "${filename}: Missing viewBox"
((CHECKS_WARNING++))
fi
fi
done
# Validate PNG files
log_info "4. PNG File Validation"
PNG_COUNT=0
for png_file in "${PNG_DIR}"/*.png; do
if [ -f "${png_file}" ]; then
((PNG_COUNT++))
filename=$(basename "${png_file}")
# Check if valid PNG
if file "${png_file}" | grep -q "PNG"; then
log_success "${filename}: Valid PNG"
((CHECKS_PASSED++))
# Check file size (should be under 100KB for credentials)
size_kb=$(du -k "${png_file}" | cut -f1)
if [ "${size_kb}" -lt 100 ]; then
log_success "${filename}: Size OK (${size_kb}KB)"
((CHECKS_PASSED++))
else
log_warning "${filename}: Large size (${size_kb}KB, recommend <100KB)"
((CHECKS_WARNING++))
fi
else
log_error "${filename}: Invalid PNG"
((CHECKS_FAILED++))
fi
fi
done
if [ ${PNG_COUNT} -eq 0 ]; then
log_warning "No PNG files found (run prepare-all-credential-seals.sh first)"
((CHECKS_WARNING++))
fi
# Check manifest templates reference seals
log_info "5. Manifest Template References"
MANIFEST_DIR="manifests/entra"
if [ -d "${MANIFEST_DIR}" ]; then
for manifest in "${MANIFEST_DIR}"/*-manifest-template.json; do
if [ -f "${manifest}" ]; then
filename=$(basename "${manifest}")
if grep -q "cdn.theorder.org/images.*seal" "${manifest}"; then
log_success "${filename}: References seal image"
((CHECKS_PASSED++))
else
log_warning "${filename}: Seal image reference not found"
((CHECKS_WARNING++))
fi
fi
done
fi
# Summary
echo ""
log_info "=== Validation Summary ==="
log_success "Passed: ${CHECKS_PASSED}"
if [ ${CHECKS_FAILED} -gt 0 ]; then
log_error "Failed: ${CHECKS_FAILED}"
fi
if [ ${CHECKS_WARNING} -gt 0 ]; then
log_warning "Warnings: ${CHECKS_WARNING}"
fi
TOTAL=$((CHECKS_PASSED + CHECKS_FAILED + CHECKS_WARNING))
if [ ${TOTAL} -gt 0 ]; then
PERCENTAGE=$((CHECKS_PASSED * 100 / TOTAL))
echo ""
if [ ${CHECKS_FAILED} -eq 0 ]; then
log_success "All critical checks passed! (${PERCENTAGE}%)"
exit 0
else
log_error "Some checks failed (${PERCENTAGE}%)"
exit 1
fi
fi