d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f0181bbddb4a775f3cbbf7612c5db296bb51dd0d
the_order/scripts/deploy/create-entra-app.sh
defiQUG 92cc41d26d Add Legal Office seal and complete Azure CDN deployment 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
2025-11-12 22:03:42 -08:00

97 lines
3.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Create Azure AD App Registration for Entra VerifiedID
# This script automates the app registration creation
set -euo pipefail
# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
# Check Azure CLI
if ! command -v az &> /dev/null; then
log_warning "Azure CLI not found. Install from: https://docs.microsoft.com/cli/azure/install-azure-cli"
exit 1
fi
# Check login
if ! az account show &> /dev/null; then
log_warning "Not logged in to Azure. Run: az login"
exit 1
fi
log_info "Creating Azure AD App Registration for Entra VerifiedID..."
# Get inputs
read -p "App Registration name (default: the-order-entra): " APP_NAME
APP_NAME=${APP_NAME:-the-order-entra}
read -p "Resource Group (optional, for tagging): " RESOURCE_GROUP
# Create app registration
log_info "Creating app registration: ${APP_NAME}"
APP_ID=$(az ad app create \
--display-name "${APP_NAME}" \
--query appId -o tsv)
log_success "App Registration created!"
log_info "Application (Client) ID: ${APP_ID}"
# Get tenant ID
TENANT_ID=$(az account show --query tenantId -o tsv)
log_info "Directory (Tenant) ID: ${TENANT_ID}"
# Create service principal
log_info "Creating service principal..."
az ad sp create --id "${APP_ID}" --output none
log_success "Service principal created"
# Create client secret
log_info "Creating client secret (valid for 1 year)..."
SECRET_RESPONSE=$(az ad app credential reset --id "${APP_ID}" --years 1)
CLIENT_SECRET=$(echo "${SECRET_RESPONSE}" | jq -r '.password')
log_success "Client secret created"
log_warning "IMPORTANT: Save this secret now - it won't be shown again!"
log_info "Client Secret: ${CLIENT_SECRET}"
# Add API permissions
log_info "Adding Verifiable Credentials Service permissions..."
VC_SERVICE_APP_ID="3db474b9-7a6d-4f50-afdc-70940ce1df8f"
# Note: Exact permission IDs may vary - this is a template
log_warning "You need to add permissions manually in Azure Portal:"
log_info "1. Go to Azure Portal → App registrations → ${APP_NAME} → API permissions"
log_info "2. Add permission → APIs my organization uses"
log_info "3. Search for 'Verifiable Credentials Service'"
log_info "4. Add Application permissions: VerifiableCredential.Create.All, VerifiableCredential.Verify.All"
log_info "5. Grant admin consent"
# Output summary
cat > .entra-app-info.txt << EOF
Azure AD App Registration Created
==================================
Application Name: ${APP_NAME}
Application (Client) ID: ${APP_ID}
Directory (Tenant) ID: ${TENANT_ID}
Client Secret: ${CLIENT_SECRET}
NEXT STEPS:
1. Add API permissions in Azure Portal (see above)
2. Grant admin consent
3. Store these values securely
4. Run: ./scripts/deploy/store-entra-secrets.sh
EOF
log_success "App registration complete!"
log_info "Details saved to: .entra-app-info.txt"
log_warning "Remember to add API permissions and grant admin consent!"
Reference in New Issue View Git Blame Copy Permalink