# Azure and Cloudflare Environment Setup Guide

**Last Updated**: 2025-01-27  
**Status**: Active  
**Purpose**: Azure and Cloudflare environment variable configuration

This guide helps you populate your `.env` file with values from Azure and Cloudflare.

> **Related Documentation**:
> - [Network Configuration Guide](NETWORK_CONFIGURATION_GUIDE.md) - For Besu network configuration
> - [Contract Deployment Environment Setup](CONTRACT_DEPLOYMENT_ENV_SETUP.md) - For contract deployment environment variables

## Quick Start

### Option 1: Interactive Script (Recommended)

Run the interactive script that will automatically populate your `.env` file:

```bash
./scripts/deployment/populate-env.sh
```

This script will:
- ✅ Retrieve Azure Subscription ID and Tenant ID from Azure CLI
- ✅ Get or create Terraform backend storage account
- ✅ Prompt for Cloudflare Zone ID and API Token
- ✅ Update your `.env` file automatically

### Option 2: View Values First

If you want to see what values will be populated before updating:

```bash
# View all retrievable values
./scripts/deployment/get-env-values.sh

# Or save to a file for review
./scripts/deployment/get-env-values.sh > env-values.txt
cat env-values.txt
```

Then manually copy the values to your `.env` file.

## Prerequisites

Before running the scripts:

1. **Azure CLI installed and logged in:**
   ```bash
   az login
   az account show  # Verify login
   ```

2. **Cloudflare credentials ready:**
   - Zone ID: Found in Cloudflare Dashboard > Your Domain > Overview > Zone ID
   - API Token: Create in Cloudflare Dashboard > My Profile > API Tokens

## Examples

### Example: Complete .env File

```bash
# Azure Configuration
AZURE_SUBSCRIPTION_ID=12345678-1234-1234-1234-123456789012
AZURE_TENANT_ID=87654321-4321-4321-4321-210987654321
AZURE_RESOURCE_GROUP=az-p-wst-rg-comp-001
AZURE_LOCATION=westeurope

# Terraform Backend
TF_STATE_STORAGE_ACCOUNT=azpwesttfstate001
TF_STATE_RESOURCE_GROUP=az-p-wst-rg-tfstate-001
TF_STATE_CONTAINER=tfstate

# Cloudflare
CLOUDFLARE_ZONE_ID=abc123def456ghi789
CLOUDFLARE_API_TOKEN=your-api-token-here

# RPC Configuration
RPC_URL=https://rpc.d-bis.org
CHAIN_ID=138
```

### Example: Retrieving Values

```bash
# Get Azure subscription ID
az account show --query id -o tsv

# Get Cloudflare zone ID
# Found in Cloudflare Dashboard > Your Domain > Overview > Zone ID
```

## Environment Variables

### Azure Configuration (Auto-retrieved)

These are automatically retrieved from Azure CLI:

- `AZURE_SUBSCRIPTION_ID` - Your Azure subscription ID
- `AZURE_TENANT_ID` - Your Azure tenant ID
- `AZURE_RESOURCE_GROUP` - Resource group name (default: `defi-oracle-mainnet-rg`)
- `AZURE_LOCATION` - Azure region (default: `eastus`)

### Terraform Backend (Auto-created or retrieved)

- `ARM_RESOURCE_GROUP_NAME` - Resource group for Terraform state (default: `tfstate-rg`)
- `ARM_STORAGE_ACCOUNT_NAME` - Storage account name (auto-generated or existing)
- `ARM_CONTAINER_NAME` - Container name (default: `tfstate`)
- `ARM_ACCESS_KEY` - Storage account access key

### Cloudflare Configuration (Manual input required)

- `CLOUDFLARE_ZONE_ID` - Your Cloudflare Zone ID
- `CLOUDFLARE_API_TOKEN` - Your Cloudflare API Token

### Optional Variables

These can be set later:

- `AZURE_CLIENT_ID` - Service principal app ID (for CI/CD)
- `AZURE_CLIENT_SECRET` - Service principal secret (for CI/CD)
- `RPC_URL` - RPC endpoint URL (set after deployment)
- `EXPLORER_URL` - Explorer URL (set after deployment)
- `PRIVATE_KEY` - Private key for contract deployment

## Manual Setup

If you prefer to set values manually:

### 1. Get Azure Values

```bash
# Subscription ID
az account show --query id -o tsv

# Tenant ID
az account show --query tenantId -o tsv

# Current location
az account show --query location -o tsv
```

### 2. Create Terraform Backend Storage

```bash
# Set variables
RESOURCE_GROUP="tfstate-rg"
STORAGE_ACCOUNT="tfstate$(openssl rand -hex 4)"
LOCATION="eastus"

# Create resource group
az group create --name $RESOURCE_GROUP --location $LOCATION

# Create storage account
az storage account create \
  --resource-group $RESOURCE_GROUP \
  --name $STORAGE_ACCOUNT \
  --sku Standard_LRS \
  --kind StorageV2 \
  --location $LOCATION

# Create container
az storage container create \
  --name "tfstate" \
  --account-name $STORAGE_ACCOUNT

# Get access key
az storage account keys list \
  --resource-group $RESOURCE_GROUP \
  --account-name $STORAGE_ACCOUNT \
  --query "[0].value" -o tsv
```

### 3. Get Cloudflare Values

1. **Zone ID:**
   - Go to Cloudflare Dashboard
   - Select your domain
   - Overview page shows Zone ID

2. **API Token:**
   - Go to Cloudflare Dashboard > My Profile > API Tokens
   - Click "Create Token"
   - Use "Edit zone DNS" template or create custom token with:
     - Zone: DNS:Edit
     - Zone: Zone:Read

## Verify Setup

After populating your `.env` file, verify the values:

```bash
# Check Azure authentication
az account show

# Verify resource group exists (if already created)
az group show --name defi-oracle-mainnet-rg

# Test Cloudflare API (if token is set)
curl -X GET "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}" \
  -H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
  -H "Content-Type: application/json"
```

## Troubleshooting

### Azure CLI Not Found

```bash
# Install Azure CLI
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

# Or on macOS
brew install azure-cli
```

### Not Logged In to Azure

```bash
# Login interactively
az login

# Or use the helper script
./scripts/deployment/azure-login.sh
```

### Storage Account Creation Fails

- Check you have permissions to create resources
- Verify subscription has available quota
- Try a different storage account name (must be globally unique)

### Cloudflare API Token Issues

- Ensure token has correct permissions (Zone:Read, DNS:Edit)
- Verify token hasn't expired
- Check Zone ID is correct for your domain

## Next Steps

After setting up your `.env` file:

1. **Deploy Infrastructure:**
   ```bash
   cd terraform
   terraform init
   terraform plan
   terraform apply
   ```

2. **Configure DNS:**
   ```bash
   ./scripts/deployment/cloudflare-dns.sh \
     --zone-id $CLOUDFLARE_ZONE_ID \
     --api-token $CLOUDFLARE_API_TOKEN \
     --ip $(./scripts/deployment/get-app-gateway-ip.sh)
   ```

3. **Deploy Kubernetes Resources:**
   ```bash
   ./scripts/deployment/deploy-all.sh
   ```

## See Also

- [Deployment Guide](DEPLOYMENT.md)
- [Terraform Backend Setup](TERRAFORM_BACKEND_SETUP.md)
- [Next Steps List](NEXT_STEPS_LIST.md)