cmdb-insight/scripts/configure-app-settings-direct.sh

#!/bin/bash
# Configure App Service App Settings Directly (Without Key Vault)
# This is a simpler alternative that works without Key Vault permissions

set -e

# Configuration
RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"

echo "⚙️  Configuring App Service App Settings (Direct - No Key Vault)..."
echo ""

# Generate session secret
SESSION_SECRET=$(openssl rand -hex 32)
echo "✅ Generated session secret"

# Get app URLs
BACKEND_URL="https://${BACKEND_APP_NAME}.azurewebsites.net"
FRONTEND_URL="https://${FRONTEND_APP_NAME}.azurewebsites.net"

echo ""
echo "📝 Configure these values:"
echo "   JIRA_PAT: (your Jira Personal Access Token)"
echo "   Or JIRA_OAUTH_CLIENT_ID and JIRA_OAUTH_CLIENT_SECRET"
echo ""

# Prompt for values (or set them as environment variables)
read -p "Enter JIRA_PAT (or press Enter to skip): " JIRA_PAT
read -p "Enter JIRA_OAUTH_CLIENT_ID (or press Enter to skip): " JIRA_OAUTH_CLIENT_ID
read -p "Enter JIRA_OAUTH_CLIENT_SECRET (or press Enter to skip): " JIRA_OAUTH_CLIENT_SECRET

echo ""
echo "🔧 Configuring backend app settings..."

# Build settings string
SETTINGS="NODE_ENV=production PORT=3001 JIRA_BASE_URL=https://jira.zuyderland.nl SESSION_SECRET=${SESSION_SECRET} FRONTEND_URL=${FRONTEND_URL}"

if [ -n "$JIRA_PAT" ]; then
  SETTINGS="${SETTINGS} JIRA_PAT=${JIRA_PAT}"
fi

if [ -n "$JIRA_OAUTH_CLIENT_ID" ]; then
  SETTINGS="${SETTINGS} JIRA_OAUTH_CLIENT_ID=${JIRA_OAUTH_CLIENT_ID}"
fi

if [ -n "$JIRA_OAUTH_CLIENT_SECRET" ]; then
  SETTINGS="${SETTINGS} JIRA_OAUTH_CLIENT_SECRET=${JIRA_OAUTH_CLIENT_SECRET}"
fi

# Configure backend
az webapp config appsettings set \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --settings $SETTINGS \
  --output none

echo "✅ Backend configured"

# Configure frontend
echo ""
echo "🔧 Configuring frontend app settings..."
az webapp config appsettings set \
  --name $FRONTEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --settings "VITE_API_URL=${BACKEND_URL}/api" \
  --output none

echo "✅ Frontend configured"

echo ""
echo "✅ App settings configured successfully!"
echo ""
echo "⚠️  Note: Secrets are stored in App Service app settings (encrypted at rest)."
echo "   For production, consider migrating to Key Vault later when permissions are available."
echo ""
echo "📋 Configured URLs:"
echo "   Backend:  $BACKEND_URL"
echo "   Frontend: $FRONTEND_URL"
echo ""