d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dea584aa2cbee0f382a03ec9f6d2daf3aa8ddd59
the_order/docs/deployment/DEPLOYMENT_STEPS_SUMMARY.md
defiQUG 92cc41d26d Add Legal Office seal and complete Azure CDN deployment 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
2025-11-12 22:03:42 -08:00

3.9 KiB
Raw Blame History

Deployment Steps Summary - UPDATED

Phase 3: Entra ID Configuration 🔐 - ENHANCED

Status: Code Complete, Configuration Pending
Duration: 1-2 days (with automation: 2-4 hours)
Can Run In Parallel: Yes (with Phase 2)
Dependencies: Phase 1

Automated Setup (Recommended)

NEW: Automated setup script available:

./scripts/deploy/setup-entra-automated.sh

This script automates:

  • Azure AD App Registration creation
  • Service principal creation
  • Client secret generation
  • Key Vault secret storage
  • Environment file generation

3.1 Azure AD App Registration

Option A: Automated (Recommended)

./scripts/deploy/create-entra-app.sh

Option B: Manual 43. Create App Registration in Azure Portal 44. Note Application (client) ID 45. Note Directory (tenant) ID 46. Configure API permissions (Verifiable Credentials Service) 47. Grant admin consent for permissions 48. Create client secret 49. Save client secret securely (only shown once) 50. Configure redirect URIs for portals 51. Configure logout URLs

3.2 Microsoft Entra VerifiedID

  1. Enable Verified ID service in Azure Portal
  2. Wait for service activation
  3. Create credential manifest
  4. Define credential type
  5. Define claims schema
  6. Note Manifest ID
  7. Verify Issuer DID format
  8. Test DID resolution

NEW: Support for multiple manifests:

  • Configure ENTRA_MANIFESTS environment variable
  • Use manifestName parameter in API calls
  • See: docs/integrations/MICROSOFT_ENTRA_VERIFIEDID.md

3.3 Enhanced Features (NEW)

Retry Logic: Implemented

  • Automatic retry on transient failures (429, 500, 502, 503, 504)
  • Configurable exponential backoff
  • See: packages/auth/src/entra-verifiedid-enhanced.ts

Webhook Support: Implemented

  • Automatic webhook processing at /vc/entra/webhook
  • Status updates and database synchronization
  • See: services/identity/src/entra-webhooks.ts

Rate Limiting: Implemented

  • Entra-specific rate limits
  • Configurable via environment variables
  • See: packages/shared/src/rate-limit-entra.ts

Monitoring: Implemented

  • Comprehensive Prometheus metrics
  • Grafana dashboard configuration
  • Alert rules
  • See: packages/monitoring/src/entra-metrics.ts

3.4 Environment Configuration

NEW: Automated environment setup:

./scripts/deploy/configure-env-dev.sh
  1. Create databases (dev, stage, prod)
  2. Create database users
  3. Grant privileges
  4. Configure firewall rules for AKS
  5. Test database connection

Testing

NEW: Automated test script:

./scripts/test/test-entra-integration.sh

Tests include:

  • Unit tests
  • Integration tests
  • API endpoint tests
  • Feature tests (retry, rate limiting, multi-manifest)

Monitoring Setup

NEW: Pre-configured monitoring:

  • Prometheus config: infra/monitoring/prometheus-entra-config.yml
  • Grafana dashboard: infra/monitoring/grafana-entra-dashboard.json
  • Alert rules included

Documentation

NEW: Comprehensive documentation:

  • Deployment Checklist: docs/deployment/ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md
  • Operational Runbook: docs/operations/ENTRA_VERIFIEDID_RUNBOOK.md
  • Next Steps: docs/deployment/ENTRA_VERIFIEDID_NEXT_STEPS.md
  • Integration Guide: docs/integrations/MICROSOFT_ENTRA_VERIFIEDID.md

Quick Start for Entra VerifiedID

  1. Run automated setup:

    ./scripts/deploy/setup-entra-automated.sh

  2. Configure environment:

    ./scripts/deploy/configure-env-dev.sh

  3. Run tests:

    ./scripts/test/test-entra-integration.sh

  4. Deploy monitoring:

    • Apply Prometheus config
    • Import Grafana dashboard

  5. Follow detailed checklist:

    • See: docs/deployment/ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md

Last Updated: [Current Date]
Status: Code Complete, Automation Ready, Documentation Complete

Reference in New Issue View Git Blame Copy Permalink