#!/bin/bash
# Azure App Service Deployment Script
# Deploys CMDB Insight backend and frontend to Azure App Service

set -e  # Exit on error

# Configuration
RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
APP_SERVICE_PLAN="zdl-cmdb-insight-prd-euwe-appsvc"
ACR_NAME="zdlasacr"
BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
REPOSITORY_NAME="cmdb-insight"
IMAGE_TAG="latest"

echo "🚀 Starting Azure App Service Deployment..."
echo "Resource Group: $RESOURCE_GROUP"
echo "App Service Plan: $APP_SERVICE_PLAN"
echo "ACR: $ACR_NAME"
echo ""

# Step 1: Create Backend Web App
echo "📦 Step 1: Creating Backend Web App..."
az webapp create \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --plan $APP_SERVICE_PLAN \
  --container-image-name ${ACR_NAME}.azurecr.io/${REPOSITORY_NAME}/backend:${IMAGE_TAG}

if [ $? -eq 0 ]; then
  echo "✅ Backend web app created successfully"
else
  echo "❌ Failed to create backend web app"
  exit 1
fi

# Step 2: Create Frontend Web App
echo ""
echo "📦 Step 2: Creating Frontend Web App..."
az webapp create \
  --name $FRONTEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --plan $APP_SERVICE_PLAN \
  --container-image-name ${ACR_NAME}.azurecr.io/${REPOSITORY_NAME}/frontend:${IMAGE_TAG}

if [ $? -eq 0 ]; then
  echo "✅ Frontend web app created successfully"
else
  echo "❌ Failed to create frontend web app"
  exit 1
fi

# Step 3: Enable Managed Identity for both apps
echo ""
echo "🔐 Step 3: Enabling Managed Identity..."
az webapp identity assign \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP

az webapp identity assign \
  --name $FRONTEND_APP_NAME \
  --resource-group $RESOURCE_GROUP

echo "✅ Managed Identity enabled for both apps"

# Step 4: Get Principal IDs
echo ""
echo "🔑 Step 4: Getting Principal IDs..."
BACKEND_PRINCIPAL_ID=$(az webapp identity show \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --query principalId -o tsv)

FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
  --name $FRONTEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --query principalId -o tsv)

if [ -z "$BACKEND_PRINCIPAL_ID" ] || [ -z "$FRONTEND_PRINCIPAL_ID" ]; then
  echo "⚠️  Warning: Could not retrieve Principal IDs. Managed Identity may not be fully enabled yet."
  echo "   Waiting 10 seconds and retrying..."
  sleep 10
  
  BACKEND_PRINCIPAL_ID=$(az webapp identity show \
    --name $BACKEND_APP_NAME \
    --resource-group $RESOURCE_GROUP \
    --query principalId -o tsv)
  
  FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
    --name $FRONTEND_APP_NAME \
    --resource-group $RESOURCE_GROUP \
    --query principalId -o tsv)
fi

echo "Backend Principal ID: $BACKEND_PRINCIPAL_ID"
echo "Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"

# Step 5: Get ACR Resource ID
echo ""
echo "📋 Step 5: Getting ACR Resource ID..."
ACR_ID=$(az acr show --name $ACR_NAME --query id -o tsv)

if [ -z "$ACR_ID" ]; then
  echo "❌ Failed to get ACR Resource ID. Is the ACR name correct?"
  exit 1
fi

echo "ACR Resource ID: $ACR_ID"

# Step 6: Grant AcrPull permissions
echo ""
echo "🔓 Step 6: Granting AcrPull permissions..."
az role assignment create \
  --assignee $BACKEND_PRINCIPAL_ID \
  --role AcrPull \
  --scope $ACR_ID \
  --output none

az role assignment create \
  --assignee $FRONTEND_PRINCIPAL_ID \
  --role AcrPull \
  --scope $ACR_ID \
  --output none

echo "✅ AcrPull permissions granted"

# Step 7: Configure container registry URL
echo ""
echo "🐳 Step 7: Configuring container registry settings..."
az webapp config container set \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
  --output none

az webapp config container set \
  --name $FRONTEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
  --output none

echo "✅ Container registry configured"

# Step 8: Get web app URLs
echo ""
echo "🌐 Step 8: Getting web app URLs..."
BACKEND_URL="https://${BACKEND_APP_NAME}.azurewebsites.net"
FRONTEND_URL="https://${FRONTEND_APP_NAME}.azurewebsites.net"

echo ""
echo "✅ Deployment completed successfully!"
echo ""
echo "📋 Summary:"
echo "   Backend URL:  $BACKEND_URL"
echo "   Frontend URL: $FRONTEND_URL"
echo ""
echo "⚠️  Next Steps:"
echo "   1. Configure environment variables (see docs/AZURE-APP-SERVICE-DEPLOYMENT.md)"
echo "   2. Set up Azure Key Vault for secrets (recommended)"
echo "   3. Configure custom domain and SSL certificate"
echo "   4. Test the deployment:"
echo "      curl $BACKEND_URL/api/health"
echo "      curl $FRONTEND_URL"
echo ""