Fix logger for Azure App Service and update deployment docs

- Fix logger to handle Azure App Service write restrictions - Skip file logging in Azure App Service (console logs captured automatically) - Add deployment scripts for App Service setup - Update documentation with correct resource names - Add Key Vault access request documentation - Add alternative authentication methods for ACR and Key Vault
2026-01-22 00:51:53 +01:00
parent ffce6e8db3
commit b8d7e7a229
7 changed files with 644 additions and 77 deletions
--- a/scripts/grant-keyvault-access-admin.sh
+++ b/scripts/grant-keyvault-access-admin.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+# Grant Key Vault Access - For Admin to Run
+# This script grants Key Vault access to App Service Managed Identities
+# Run this script as a user with "User Access Administrator" or "Owner" role
+
+set -e
+
+# Configuration
+KEY_VAULT_NAME="zdl-cmdb-insight-prd-kv"
+RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
+BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
+FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
+
+echo "🔐 Granting Key Vault Access to App Services..."
+echo ""
+
+# Get Key Vault Resource ID
+echo "📋 Getting Key Vault Resource ID..."
+KV_ID=$(az keyvault show --name $KEY_VAULT_NAME --query id -o tsv)
+echo "   Key Vault ID: $KV_ID"
+echo ""
+
+# Get Backend Principal ID
+echo "🔑 Getting Backend Principal ID..."
+BACKEND_PRINCIPAL_ID=$(az webapp identity show \
+  --name $BACKEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --query principalId -o tsv)
+
+if [ -z "$BACKEND_PRINCIPAL_ID" ]; then
+  echo "❌ Failed to get Backend Principal ID. Is Managed Identity enabled?"
+  exit 1
+fi
+
+echo "   Backend Principal ID: $BACKEND_PRINCIPAL_ID"
+echo ""
+
+# Get Frontend Principal ID
+echo "🔑 Getting Frontend Principal ID..."
+FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
+  --name $FRONTEND_APP_NAME \
+  --resource-group $RESOURCE_GROUP \
+  --query principalId -o tsv)
+
+if [ -z "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "⚠️  Warning: Could not get Frontend Principal ID. Skipping frontend."
+  FRONTEND_PRINCIPAL_ID=""
+fi
+
+if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "   Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
+  echo ""
+fi
+
+# Grant Key Vault Secrets User role to Backend
+echo "🔓 Granting 'Key Vault Secrets User' role to Backend..."
+az role assignment create \
+  --assignee $BACKEND_PRINCIPAL_ID \
+  --role "Key Vault Secrets User" \
+  --scope $KV_ID \
+  --output none
+
+echo "✅ Backend access granted"
+echo ""
+
+# Grant Key Vault Secrets User role to Frontend (if available)
+if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "🔓 Granting 'Key Vault Secrets User' role to Frontend..."
+  az role assignment create \
+    --assignee $FRONTEND_PRINCIPAL_ID \
+    --role "Key Vault Secrets User" \
+    --scope $KV_ID \
+    --output none
+  
+  echo "✅ Frontend access granted"
+  echo ""
+fi
+
+echo "✅ Key Vault access configured successfully!"
+echo ""
+echo "📋 Summary:"
+echo "   Key Vault: $KEY_VAULT_NAME"
+echo "   Backend App: $BACKEND_APP_NAME"
+echo "   Backend Principal ID: $BACKEND_PRINCIPAL_ID"
+if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
+  echo "   Frontend App: $FRONTEND_APP_NAME"
+  echo "   Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
+fi
+echo ""