92cc41d26d
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll) - Create legal-office-manifest-template.json for Legal Office credentials - Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation - Complete Azure CDN infrastructure deployment: - Resource group, storage account, and container created - 17 PNG seal files uploaded to Azure Blob Storage - All manifest templates updated with Azure URLs - Configuration files generated (azure-cdn-config.env) - Add comprehensive Azure CDN setup scripts and documentation - Fix manifest URL generation to prevent double slashes - Verify all seals accessible via HTTPS
245 lines
5.8 KiB
Bash
Executable File
245 lines
5.8 KiB
Bash
Executable File
#!/bin/bash
|
|
# Create Credential Manifests in Entra VerifiedID
|
|
# Provides templates and step-by-step instructions for all manifest types
|
|
|
|
set -euo pipefail
|
|
|
|
GREEN='\033[0;32m'
|
|
BLUE='\033[0;34m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
|
|
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
|
|
log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
|
|
|
|
cd "$(dirname "$0")/../.."
|
|
|
|
MANIFESTS_DIR="manifests/entra"
|
|
mkdir -p "${MANIFESTS_DIR}"
|
|
|
|
log_info "Credential Manifest Creation Guide"
|
|
echo ""
|
|
|
|
# Create manifest templates
|
|
log_info "Creating manifest templates..."
|
|
|
|
# Default/Identity Manifest Template
|
|
cat > "${MANIFESTS_DIR}/default-manifest-template.json" << 'EOF'
|
|
{
|
|
"name": "The Order Identity Credential",
|
|
"description": "Identity credential for members of The Order",
|
|
"claims": [
|
|
{
|
|
"claim": "email",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "name",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "role",
|
|
"type": "String",
|
|
"required": false
|
|
},
|
|
{
|
|
"claim": "userId",
|
|
"type": "String",
|
|
"required": false
|
|
}
|
|
],
|
|
"issuer": {
|
|
"name": "The Order",
|
|
"domain": "theorder.org"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Diplomatic Manifest Template
|
|
cat > "${MANIFESTS_DIR}/diplomatic-manifest-template.json" << 'EOF'
|
|
{
|
|
"name": "The Order Letters of Credence",
|
|
"description": "Diplomatic credential for Letters of Credence",
|
|
"claims": [
|
|
{
|
|
"claim": "recipientName",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "recipientTitle",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "missionCountry",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "missionType",
|
|
"type": "String",
|
|
"required": true,
|
|
"enum": ["embassy", "consulate", "delegation", "mission"]
|
|
},
|
|
{
|
|
"claim": "appointmentDate",
|
|
"type": "DateTime",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "expirationDate",
|
|
"type": "DateTime",
|
|
"required": false
|
|
}
|
|
],
|
|
"issuer": {
|
|
"name": "The Order",
|
|
"domain": "theorder.org"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Judicial Manifest Template
|
|
cat > "${MANIFESTS_DIR}/judicial-manifest-template.json" << 'EOF'
|
|
{
|
|
"name": "The Order Judicial Appointment Credential",
|
|
"description": "Judicial appointment credential",
|
|
"claims": [
|
|
{
|
|
"claim": "role",
|
|
"type": "String",
|
|
"required": true,
|
|
"enum": ["judge", "magistrate", "justice", "prosecutor"]
|
|
},
|
|
{
|
|
"claim": "appointmentAuthority",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "jurisdiction",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "appointmentDate",
|
|
"type": "DateTime",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "termLength",
|
|
"type": "Number",
|
|
"required": false
|
|
}
|
|
],
|
|
"issuer": {
|
|
"name": "The Order",
|
|
"domain": "theorder.org"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Financial Manifest Template
|
|
cat > "${MANIFESTS_DIR}/financial-manifest-template.json" << 'EOF'
|
|
{
|
|
"name": "The Order Financial Role Credential",
|
|
"description": "Financial role credential",
|
|
"claims": [
|
|
{
|
|
"claim": "role",
|
|
"type": "String",
|
|
"required": true,
|
|
"enum": ["financial-officer", "treasurer", "accountant", "auditor"]
|
|
},
|
|
{
|
|
"claim": "appointmentAuthority",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "jurisdiction",
|
|
"type": "String",
|
|
"required": true
|
|
},
|
|
{
|
|
"claim": "appointmentDate",
|
|
"type": "DateTime",
|
|
"required": true
|
|
}
|
|
],
|
|
"issuer": {
|
|
"name": "The Order",
|
|
"domain": "theorder.org"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
log_success "Manifest templates created in ${MANIFESTS_DIR}/"
|
|
echo ""
|
|
|
|
# Create step-by-step guide
|
|
log_info "Step-by-Step Instructions:"
|
|
echo ""
|
|
echo "For each manifest type, follow these steps:"
|
|
echo ""
|
|
echo "1. Go to Azure Portal → Verified ID → Credentials"
|
|
echo " Direct link: https://portal.azure.com/#view/Microsoft_AAD_IAM/VerifiedIDBlade"
|
|
echo ""
|
|
echo "2. Click 'Add credential' or 'Create new credential'"
|
|
echo ""
|
|
echo "3. Choose credential type (or use 'Custom credential')"
|
|
echo ""
|
|
echo "4. Configure the credential using the templates in ${MANIFESTS_DIR}/"
|
|
echo ""
|
|
echo "5. For each manifest:"
|
|
echo " - Default: Use default-manifest-template.json"
|
|
echo " - Diplomatic: Use diplomatic-manifest-template.json"
|
|
echo " - Judicial: Use judicial-manifest-template.json"
|
|
echo " - Financial: Use financial-manifest-template.json"
|
|
echo ""
|
|
echo "6. After creating each manifest:"
|
|
echo " - Note the Manifest ID (displayed after creation)"
|
|
echo " - Run: ./scripts/deploy/configure-multi-manifest.sh"
|
|
echo " - Or manually add to ENTRA_MANIFESTS environment variable"
|
|
echo ""
|
|
|
|
# Create automated manifest ID collector
|
|
cat > "${MANIFESTS_DIR}/collect-manifest-ids.sh" << 'EOF'
|
|
#!/bin/bash
|
|
# Collect Manifest IDs after creation
|
|
# Run this after creating manifests in Azure Portal
|
|
|
|
echo "Enter Manifest IDs (press Enter to skip optional ones):"
|
|
echo ""
|
|
|
|
read -p "Default Manifest ID: " DEFAULT_ID
|
|
read -p "Diplomatic Manifest ID (optional): " DIPLOMATIC_ID
|
|
read -p "Judicial Manifest ID (optional): " JUDICIAL_ID
|
|
read -p "Financial Manifest ID (optional): " FINANCIAL_ID
|
|
|
|
MANIFESTS="{"
|
|
MANIFESTS+="\"default\":\"${DEFAULT_ID}\""
|
|
|
|
[ -n "${DIPLOMATIC_ID}" ] && MANIFESTS+=",\"diplomatic\":\"${DIPLOMATIC_ID}\""
|
|
[ -n "${JUDICIAL_ID}" ] && MANIFESTS+=",\"judicial\":\"${JUDICIAL_ID}\""
|
|
[ -n "${FINANCIAL_ID}" ] && MANIFESTS+=",\"financial\":\"${FINANCIAL_ID}\""
|
|
|
|
MANIFESTS+="}"
|
|
|
|
echo ""
|
|
echo "ENTRA_MANIFESTS='${MANIFESTS}'"
|
|
echo ""
|
|
echo "Add this to your .env file or Kubernetes secrets"
|
|
EOF
|
|
|
|
chmod +x "${MANIFESTS_DIR}/collect-manifest-ids.sh"
|
|
|
|
log_success "Manifest creation guide complete!"
|
|
log_info "Templates saved to: ${MANIFESTS_DIR}/"
|
|
log_info "After creating manifests, run: ${MANIFESTS_DIR}/collect-manifest-ids.sh"
|
|
|