d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bf47efa2bace8530fab2e55aa219ec02329fd3c
the_order/docs/deployment/DEPLOYMENT_STEPS_SUMMARY.md
defiQUG 92cc41d26d Add Legal Office seal and complete Azure CDN deployment 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
2025-11-12 22:03:42 -08:00

152 lines
3.9 KiB
Markdown
Raw Blame History

# Deployment Steps Summary - UPDATED
## Phase 3: Entra ID Configuration 🔐 - **ENHANCED**
**Status**: ✅ Code Complete, ⏳ Configuration Pending
**Duration**: 1-2 days (with automation: 2-4 hours)
**Can Run In Parallel**: Yes (with Phase 2)
**Dependencies**: Phase 1
### Automated Setup (Recommended)
**NEW**: Automated setup script available:
```bash
./scripts/deploy/setup-entra-automated.sh
```
This script automates:
- ✅ Azure AD App Registration creation
- ✅ Service principal creation
- ✅ Client secret generation
- ✅ Key Vault secret storage
- ✅ Environment file generation
### 3.1 Azure AD App Registration
**Option A: Automated (Recommended)**
```bash
./scripts/deploy/create-entra-app.sh
```
**Option B: Manual**
43. Create App Registration in Azure Portal
44. Note Application (client) ID
45. Note Directory (tenant) ID
46. Configure API permissions (Verifiable Credentials Service)
47. Grant admin consent for permissions
48. Create client secret
49. Save client secret securely (only shown once)
50. Configure redirect URIs for portals
51. Configure logout URLs
### 3.2 Microsoft Entra VerifiedID
52. Enable Verified ID service in Azure Portal
53. Wait for service activation
54. Create credential manifest
55. Define credential type
56. Define claims schema
57. Note Manifest ID
58. Verify Issuer DID format
59. Test DID resolution
**NEW**: Support for multiple manifests:
- Configure `ENTRA_MANIFESTS` environment variable
- Use `manifestName` parameter in API calls
- See: `docs/integrations/MICROSOFT_ENTRA_VERIFIEDID.md`
### 3.3 Enhanced Features (NEW)
**Retry Logic**: ✅ Implemented
- Automatic retry on transient failures (429, 500, 502, 503, 504)
- Configurable exponential backoff
- See: `packages/auth/src/entra-verifiedid-enhanced.ts`
**Webhook Support**: ✅ Implemented
- Automatic webhook processing at `/vc/entra/webhook`
- Status updates and database synchronization
- See: `services/identity/src/entra-webhooks.ts`
**Rate Limiting**: ✅ Implemented
- Entra-specific rate limits
- Configurable via environment variables
- See: `packages/shared/src/rate-limit-entra.ts`
**Monitoring**: ✅ Implemented
- Comprehensive Prometheus metrics
- Grafana dashboard configuration
- Alert rules
- See: `packages/monitoring/src/entra-metrics.ts`
### 3.4 Environment Configuration
**NEW**: Automated environment setup:
```bash
./scripts/deploy/configure-env-dev.sh
```
60. Create databases (dev, stage, prod)
61. Create database users
62. Grant privileges
63. Configure firewall rules for AKS
64. Test database connection
### Testing
**NEW**: Automated test script:
```bash
./scripts/test/test-entra-integration.sh
```
Tests include:
- ✅ Unit tests
- ✅ Integration tests
- ✅ API endpoint tests
- ✅ Feature tests (retry, rate limiting, multi-manifest)
### Monitoring Setup
**NEW**: Pre-configured monitoring:
- Prometheus config: `infra/monitoring/prometheus-entra-config.yml`
- Grafana dashboard: `infra/monitoring/grafana-entra-dashboard.json`
- Alert rules included
### Documentation
**NEW**: Comprehensive documentation:
- ✅ Deployment Checklist: `docs/deployment/ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md`
- ✅ Operational Runbook: `docs/operations/ENTRA_VERIFIEDID_RUNBOOK.md`
- ✅ Next Steps: `docs/deployment/ENTRA_VERIFIEDID_NEXT_STEPS.md`
- ✅ Integration Guide: `docs/integrations/MICROSOFT_ENTRA_VERIFIEDID.md`
---
## Quick Start for Entra VerifiedID
1. **Run automated setup**:
```bash
./scripts/deploy/setup-entra-automated.sh
```
2. **Configure environment**:
```bash
./scripts/deploy/configure-env-dev.sh
```
3. **Run tests**:
```bash
./scripts/test/test-entra-integration.sh
```
4. **Deploy monitoring**:
- Apply Prometheus config
- Import Grafana dashboard
5. **Follow detailed checklist**:
- See: `docs/deployment/ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md`
---
**Last Updated**: [Current Date]
**Status**: ✅ Code Complete, Automation Ready, Documentation Complete
Reference in New Issue View Git Blame Copy Permalink