the_order/scripts/deploy/phase4-database-storage.sh

#!/bin/bash
#
# Phase 4: Database & Storage Setup
# Configure PostgreSQL, Storage Accounts, Redis, OpenSearch
#

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/config.sh"

log_info "=========================================="
log_info "Phase 4: Database & Storage Setup"
log_info "=========================================="

# 4.1 PostgreSQL Database Setup
log_step "4.1 Configuring PostgreSQL database..."

# Check if database exists
DB_EXISTS=$(az postgres db show \
  --resource-group "${AKS_RESOURCE_GROUP}" \
  --server-name "${POSTGRES_SERVER_NAME}" \
  --name "${POSTGRES_DB_NAME}" \
  --query name -o tsv 2>/dev/null || echo "")

if [ -z "${DB_EXISTS}" ]; then
  log_info "Creating database ${POSTGRES_DB_NAME}..."
  az postgres db create \
    --resource-group "${AKS_RESOURCE_GROUP}" \
    --server-name "${POSTGRES_SERVER_NAME}" \
    --name "${POSTGRES_DB_NAME}" \
    || error_exit "Failed to create database"
  log_success "Database created"
else
  log_success "Database already exists"
fi

# Configure firewall rules for AKS
log_step "4.2 Configuring database firewall rules..."

# Get AKS outbound IPs (if using NAT gateway)
# For now, allow Azure services
az postgres server firewall-rule create \
  --resource-group "${AKS_RESOURCE_GROUP}" \
  --server-name "${POSTGRES_SERVER_NAME}" \
  --name "AllowAzureServices" \
  --start-ip-address "0.0.0.0" \
  --end-ip-address "0.0.0.0" \
  --output none 2>/dev/null || log_info "Firewall rule may already exist"

log_success "Database firewall configured"

# 4.2 Storage Account Setup
log_step "4.3 Configuring storage accounts..."

# Verify storage account exists
STORAGE_EXISTS=$(az storage account show \
  --name "${STORAGE_ACCOUNT_NAME}" \
  --resource-group "${AKS_RESOURCE_GROUP}" \
  --query name -o tsv 2>/dev/null || echo "")

if [ -z "${STORAGE_EXISTS}" ]; then
  log_warning "Storage account ${STORAGE_ACCOUNT_NAME} not found"
  log_info "Storage account should be created by Terraform"
else
  log_success "Storage account found"
  
  # Create containers
  CONTAINERS=("intake-documents" "dataroom-deals" "credentials")
  
  for container in "${CONTAINERS[@]}"; do
    log_info "Creating container: ${container}..."
    az storage container create \
      --name "${container}" \
      --account-name "${STORAGE_ACCOUNT_NAME}" \
      --auth-mode login \
      --output none 2>/dev/null && \
      log_success "Container ${container} created" || \
      log_info "Container ${container} may already exist"
  done
fi

# Save state
save_state "phase4" "complete"

log_success "=========================================="
log_success "Phase 4: Database & Storage - COMPLETE"
log_success "=========================================="