#!/bin/bash
# Configure ACR Authentication using Admin Credentials
# Use this when you don't have permissions to create role assignments on shared ACR

set -e

# Configuration
RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
ACR_NAME="zdlasacr"
BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"

echo "🔐 Configuring ACR Authentication using Admin Credentials..."
echo ""

# Step 1: Enable ACR admin (if not already enabled)
echo "📋 Step 1: Enabling ACR admin..."
az acr update --name $ACR_NAME --admin-enabled true

# Step 2: Get ACR credentials
echo ""
echo "🔑 Step 2: Getting ACR credentials..."
ACR_USERNAME=$(az acr credential show --name $ACR_NAME --query username -o tsv)
ACR_PASSWORD=$(az acr credential show --name $ACR_NAME --query passwords[0].value -o tsv)

if [ -z "$ACR_USERNAME" ] || [ -z "$ACR_PASSWORD" ]; then
  echo "❌ Failed to get ACR credentials"
  exit 1
fi

echo "✅ ACR credentials retrieved"
echo "   Username: $ACR_USERNAME"
echo ""

# Step 3: Configure backend web app
echo "🐳 Step 3: Configuring backend web app..."
az webapp config container set \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
  --docker-registry-server-user $ACR_USERNAME \
  --docker-registry-server-password $ACR_PASSWORD

echo "✅ Backend configured"

# Step 4: Configure frontend web app
echo ""
echo "🐳 Step 4: Configuring frontend web app..."
az webapp config container set \
  --name $FRONTEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --docker-registry-server-url https://${ACR_NAME}.azurecr.io \
  --docker-registry-server-user $ACR_USERNAME \
  --docker-registry-server-password $ACR_PASSWORD

echo "✅ Frontend configured"

echo ""
echo "✅ ACR authentication configured successfully!"
echo ""
echo "⚠️  Note: Using admin credentials is simpler but less secure than Managed Identity."
echo "   For production, consider asking an admin to grant AcrPull role via Managed Identity."
echo ""