Fix logger for Azure App Service and update deployment docs

- Fix logger to handle Azure App Service write restrictions
- Skip file logging in Azure App Service (console logs captured automatically)
- Add deployment scripts for App Service setup
- Update documentation with correct resource names
- Add Key Vault access request documentation
- Add alternative authentication methods for ACR and Key Vault

scripts/configure-acr-auth-admin.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Configure ACR Authentication using Admin Credentials
+# Use this when you don't have permissions to create role assignments on shared ACR
+
+set -e
+
+# Configuration
+RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
+ACR_NAME="zdlasacr"
+BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
+FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
+
+echo "🔐 Configuring ACR Authentication using Admin Credentials..."
+echo ""
+
+# Step 1: Enable ACR admin (if not already enabled)
+echo "📋 Step 1: Enabling ACR admin..."
+az acr update --name $ACR_NAME --admin-enabled true
+
+# Step 2: Get ACR credentials
+echo ""
+echo "🔑 Step 2: Getting ACR credentials..."
+ACR_USERNAME=$(az acr credential show --name $ACR_NAME --query username -o tsv)
+ACR_PASSWORD=$(az acr credential show --name $ACR_NAME --query passwords[0].value -o tsv)
+
+if [ -z "$ACR_USERNAME" ] || [ -z "$ACR_PASSWORD" ]; then
+  echo "❌ Failed to get ACR credentials"
+  exit 1
+fi
+
+echo "✅ ACR credentials retrieved"
+echo "   Username: $ACR_USERNAME"
+echo ""
+
+# Step 3: Configure backend web app
+echo "🐳 Step 3: Configuring backend web app..."
+az webapp config container set \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
+  --docker-registry-server-user $ACR_USERNAME \
+  --docker-registry-server-password $ACR_PASSWORD
+
+echo "✅ Backend configured"
+
+# Step 4: Configure frontend web app
+echo ""
+echo "🐳 Step 4: Configuring frontend web app..."
+az webapp config container set \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
+  --docker-registry-server-user $ACR_USERNAME \
+  --docker-registry-server-password $ACR_PASSWORD
+
+echo "✅ Frontend configured"
+
+echo ""
+echo "✅ ACR authentication configured successfully!"
+echo ""
+echo "⚠️  Note: Using admin credentials is simpler but less secure than Managed Identity."
+echo "   For production, consider asking an admin to grant AcrPull role via Managed Identity."
+echo ""

scripts/configure-app-settings-direct.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+# Configure App Service App Settings Directly (Without Key Vault)
+# This is a simpler alternative that works without Key Vault permissions
+
+set -e
+
+# Configuration
+RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
+BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
+FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
+
+echo "⚙️  Configuring App Service App Settings (Direct - No Key Vault)..."
+echo ""
+
+# Generate session secret
+SESSION_SECRET=$(openssl rand -hex 32)
+echo "✅ Generated session secret"
+
+# Get app URLs
+BACKEND_URL="https://${BACKEND_APP_NAME}.azurewebsites.net"
+FRONTEND_URL="https://${FRONTEND_APP_NAME}.azurewebsites.net"
+
+echo ""
+echo "📝 Configure these values:"
+echo "   JIRA_SCHEMA_ID: (your Jira schema ID)"
+echo "   JIRA_PAT: (your Jira Personal Access Token)"
+echo "   Or JIRA_OAUTH_CLIENT_ID and JIRA_OAUTH_CLIENT_SECRET"
+echo ""
+
+# Prompt for values (or set them as environment variables)
+read -p "Enter JIRA_SCHEMA_ID (or press Enter to skip): " JIRA_SCHEMA_ID
+read -p "Enter JIRA_PAT (or press Enter to skip): " JIRA_PAT
+read -p "Enter JIRA_OAUTH_CLIENT_ID (or press Enter to skip): " JIRA_OAUTH_CLIENT_ID
+read -p "Enter JIRA_OAUTH_CLIENT_SECRET (or press Enter to skip): " JIRA_OAUTH_CLIENT_SECRET
+
+echo ""
+echo "🔧 Configuring backend app settings..."
+
+# Build settings string
+SETTINGS="NODE_ENV=production PORT=3001 JIRA_BASE_URL=https://jira.zuyderland.nl SESSION_SECRET=${SESSION_SECRET} FRONTEND_URL=${FRONTEND_URL}"
+
+if [ -n "$JIRA_SCHEMA_ID" ]; then
+  SETTINGS="${SETTINGS} JIRA_SCHEMA_ID=${JIRA_SCHEMA_ID}"
+fi
+
+if [ -n "$JIRA_PAT" ]; then
+  SETTINGS="${SETTINGS} JIRA_PAT=${JIRA_PAT}"
+fi
+
+if [ -n "$JIRA_OAUTH_CLIENT_ID" ]; then
+  SETTINGS="${SETTINGS} JIRA_OAUTH_CLIENT_ID=${JIRA_OAUTH_CLIENT_ID}"
+fi
+
+if [ -n "$JIRA_OAUTH_CLIENT_SECRET" ]; then
+  SETTINGS="${SETTINGS} JIRA_OAUTH_CLIENT_SECRET=${JIRA_OAUTH_CLIENT_SECRET}"
+fi
+
+# Configure backend
+az webapp config appsettings set \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --settings $SETTINGS \
+  --output none
+
+echo "✅ Backend configured"
+
+# Configure frontend
+echo ""
+echo "🔧 Configuring frontend app settings..."
+az webapp config appsettings set \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --settings "VITE_API_URL=${BACKEND_URL}/api" \
+  --output none
+
+echo "✅ Frontend configured"
+
+echo ""
+echo "✅ App settings configured successfully!"
+echo ""
+echo "⚠️  Note: Secrets are stored in App Service app settings (encrypted at rest)."
+echo "   For production, consider migrating to Key Vault later when permissions are available."
+echo ""
+echo "📋 Configured URLs:"
+echo "   Backend:  $BACKEND_URL"
+echo "   Frontend: $FRONTEND_URL"
+echo ""

scripts/deploy-app-service.sh

@@ -0,0 +1,164 @@
+#!/bin/bash
+# Azure App Service Deployment Script
+# Deploys CMDB Insight backend and frontend to Azure App Service
+
+set -e  # Exit on error
+
+# Configuration
+RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
+APP_SERVICE_PLAN="zdl-cmdb-insight-prd-euwe-appsvc"
+ACR_NAME="zdlasacr"
+BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
+FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
+REPOSITORY_NAME="cmdb-insight"
+IMAGE_TAG="latest"
+
+echo "🚀 Starting Azure App Service Deployment..."
+echo "Resource Group: $RESOURCE_GROUP"
+echo "App Service Plan: $APP_SERVICE_PLAN"
+echo "ACR: $ACR_NAME"
+echo ""
+
+# Step 1: Create Backend Web App
+echo "📦 Step 1: Creating Backend Web App..."
+az webapp create \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --plan $APP_SERVICE_PLAN \
+  --container-image-name ${ACR_NAME}.azurecr.io/${REPOSITORY_NAME}/backend:${IMAGE_TAG}
+
+if [ $? -eq 0 ]; then
+  echo "✅ Backend web app created successfully"
+else
+  echo "❌ Failed to create backend web app"
+  exit 1
+fi
+
+# Step 2: Create Frontend Web App
+echo ""
+echo "📦 Step 2: Creating Frontend Web App..."
+az webapp create \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --plan $APP_SERVICE_PLAN \
+  --container-image-name ${ACR_NAME}.azurecr.io/${REPOSITORY_NAME}/frontend:${IMAGE_TAG}
+
+if [ $? -eq 0 ]; then
+  echo "✅ Frontend web app created successfully"
+else
+  echo "❌ Failed to create frontend web app"
+  exit 1
+fi
+
+# Step 3: Enable Managed Identity for both apps
+echo ""
+echo "🔐 Step 3: Enabling Managed Identity..."
+az webapp identity assign \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP
+
+az webapp identity assign \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP
+
+echo "✅ Managed Identity enabled for both apps"
+
+# Step 4: Get Principal IDs
+echo ""
+echo "🔑 Step 4: Getting Principal IDs..."
+BACKEND_PRINCIPAL_ID=$(az webapp identity show \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --query principalId -o tsv)
+
+FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --query principalId -o tsv)
+
+if [ -z "$BACKEND_PRINCIPAL_ID" ] || [ -z "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "⚠️  Warning: Could not retrieve Principal IDs. Managed Identity may not be fully enabled yet."
+  echo "   Waiting 10 seconds and retrying..."
+  sleep 10
+  
+  BACKEND_PRINCIPAL_ID=$(az webapp identity show \
+    --name $BACKEND_APP_NAME \
+    --resource-group $RESOURCE_GROUP \
+    --query principalId -o tsv)
+  
+  FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
+    --name $FRONTEND_APP_NAME \
+    --resource-group $RESOURCE_GROUP \
+    --query principalId -o tsv)
+fi
+
+echo "Backend Principal ID: $BACKEND_PRINCIPAL_ID"
+echo "Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
+
+# Step 5: Get ACR Resource ID
+echo ""
+echo "📋 Step 5: Getting ACR Resource ID..."
+ACR_ID=$(az acr show --name $ACR_NAME --query id -o tsv)
+
+if [ -z "$ACR_ID" ]; then
+  echo "❌ Failed to get ACR Resource ID. Is the ACR name correct?"
+  exit 1
+fi
+
+echo "ACR Resource ID: $ACR_ID"
+
+# Step 6: Grant AcrPull permissions
+echo ""
+echo "🔓 Step 6: Granting AcrPull permissions..."
+az role assignment create \
+  --assignee $BACKEND_PRINCIPAL_ID \
+  --role AcrPull \
+  --scope $ACR_ID \
+  --output none
+
+az role assignment create \
+  --assignee $FRONTEND_PRINCIPAL_ID \
+  --role AcrPull \
+  --scope $ACR_ID \
+  --output none
+
+echo "✅ AcrPull permissions granted"
+
+# Step 7: Configure container registry URL
+echo ""
+echo "🐳 Step 7: Configuring container registry settings..."
+az webapp config container set \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
+  --output none
+
+az webapp config container set \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
+  --output none
+
+echo "✅ Container registry configured"
+
+# Step 8: Get web app URLs
+echo ""
+echo "🌐 Step 8: Getting web app URLs..."
+BACKEND_URL="https://${BACKEND_APP_NAME}.azurewebsites.net"
+FRONTEND_URL="https://${FRONTEND_APP_NAME}.azurewebsites.net"
+
+echo ""
+echo "✅ Deployment completed successfully!"
+echo ""
+echo "📋 Summary:"
+echo "   Backend URL:  $BACKEND_URL"
+echo "   Frontend URL: $FRONTEND_URL"
+echo ""
+echo "⚠️  Next Steps:"
+echo "   1. Configure environment variables (see docs/AZURE-APP-SERVICE-DEPLOYMENT.md)"
+echo "   2. Set up Azure Key Vault for secrets (recommended)"
+echo "   3. Configure custom domain and SSL certificate"
+echo "   4. Test the deployment:"
+echo "      curl $BACKEND_URL/api/health"
+echo "      curl $FRONTEND_URL"
+echo ""

scripts/grant-keyvault-access-admin.sh

@@ -0,0 +1,89 @@
+#!/bin/bash
+# Grant Key Vault Access - For Admin to Run
+# This script grants Key Vault access to App Service Managed Identities
+# Run this script as a user with "User Access Administrator" or "Owner" role
+
+set -e
+
+# Configuration
+KEY_VAULT_NAME="zdl-cmdb-insight-prd-kv"
+RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
+BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
+FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
+
+echo "🔐 Granting Key Vault Access to App Services..."
+echo ""
+
+# Get Key Vault Resource ID
+echo "📋 Getting Key Vault Resource ID..."
+KV_ID=$(az keyvault show --name $KEY_VAULT_NAME --query id -o tsv)
+echo "   Key Vault ID: $KV_ID"
+echo ""
+
+# Get Backend Principal ID
+echo "🔑 Getting Backend Principal ID..."
+BACKEND_PRINCIPAL_ID=$(az webapp identity show \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --query principalId -o tsv)
+
+if [ -z "$BACKEND_PRINCIPAL_ID" ]; then
+  echo "❌ Failed to get Backend Principal ID. Is Managed Identity enabled?"
+  exit 1
+fi
+
+echo "   Backend Principal ID: $BACKEND_PRINCIPAL_ID"
+echo ""
+
+# Get Frontend Principal ID
+echo "🔑 Getting Frontend Principal ID..."
+FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --query principalId -o tsv)
+
+if [ -z "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "⚠️  Warning: Could not get Frontend Principal ID. Skipping frontend."
+  FRONTEND_PRINCIPAL_ID=""
+fi
+
+if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "   Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
+  echo ""
+fi
+
+# Grant Key Vault Secrets User role to Backend
+echo "🔓 Granting 'Key Vault Secrets User' role to Backend..."
+az role assignment create \
+  --assignee $BACKEND_PRINCIPAL_ID \
+  --role "Key Vault Secrets User" \
+  --scope $KV_ID \
+  --output none
+
+echo "✅ Backend access granted"
+echo ""
+
+# Grant Key Vault Secrets User role to Frontend (if available)
+if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "🔓 Granting 'Key Vault Secrets User' role to Frontend..."
+  az role assignment create \
+    --assignee $FRONTEND_PRINCIPAL_ID \
+    --role "Key Vault Secrets User" \
+    --scope $KV_ID \
+    --output none
+  
+  echo "✅ Frontend access granted"
+  echo ""
+fi
+
+echo "✅ Key Vault access configured successfully!"
+echo ""
+echo "📋 Summary:"
+echo "   Key Vault: $KEY_VAULT_NAME"
+echo "   Backend App: $BACKEND_APP_NAME"
+echo "   Backend Principal ID: $BACKEND_PRINCIPAL_ID"
+if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "   Frontend App: $FRONTEND_APP_NAME"
+  echo "   Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
+fi
+echo ""