Add Legal Office seal and complete Azure CDN deployment

- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll) - Create legal-office-manifest-template.json for Legal Office credentials - Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation - Complete Azure CDN infrastructure deployment: - Resource group, storage account, and container created - 17 PNG seal files uploaded to Azure Blob Storage - All manifest templates updated with Azure URLs - Configuration files generated (azure-cdn-config.env) - Add comprehensive Azure CDN setup scripts and documentation - Fix manifest URL generation to prevent double slashes - Verify all seals accessible via HTTPS
2025-11-12 22:03:42 -08:00
parent 8649ad4124
commit 92cc41d26d
258 changed files with 16021 additions and 1260 deletions
--- a/scripts/deploy/configure-api-permissions.sh
+++ b/scripts/deploy/configure-api-permissions.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+# Configure API Permissions for Entra VerifiedID App Registration
+# This script helps automate permission configuration
+
+set -euo pipefail
+
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
+log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
+log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
+
+# Check Azure CLI
+if ! command -v az &> /dev/null; then
+    log_warning "Azure CLI not found"
+    exit 1
+fi
+
+if ! az account show &> /dev/null; then
+    log_warning "Not logged in to Azure"
+    exit 1
+fi
+
+log_info "Configuring API Permissions for Entra VerifiedID..."
+
+# Get app ID
+read -p "Enter Application (Client) ID: " APP_ID
+
+if [ -z "${APP_ID}" ]; then
+    log_warning "App ID is required"
+    exit 1
+fi
+
+# Verifiable Credentials Service App ID
+VC_SERVICE_APP_ID="3db474b9-7a6d-4f50-afdc-70940ce1df8f"
+
+log_info "Adding Verifiable Credentials Service permissions..."
+
+# Note: Azure CLI doesn't support adding API permissions directly for Verifiable Credentials Service
+# This requires manual steps in Azure Portal, but we can provide the exact steps
+
+log_warning "API permissions must be configured manually in Azure Portal"
+log_info "Follow these steps:"
+echo ""
+echo "1. Go to: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/CallAnAPI/appId/${APP_ID}"
+echo "2. Click 'API permissions'"
+echo "3. Click 'Add a permission'"
+echo "4. Select 'APIs my organization uses'"
+echo "5. Search for: 'Verifiable Credentials Service' or use App ID: ${VC_SERVICE_APP_ID}"
+echo "6. Select 'Application permissions'"
+echo "7. Check the following permissions:"
+echo "   - VerifiableCredential.Create.All"
+echo "   - VerifiableCredential.Verify.All"
+echo "8. Click 'Add permissions'"
+echo "9. Click 'Grant admin consent for [Your Organization]'"
+echo "10. Verify consent status shows 'Granted'"
+echo ""
+
+# Try to grant admin consent if possible
+log_info "Attempting to grant admin consent..."
+if az ad app permission admin-consent --id "${APP_ID}" 2>/dev/null; then
+    log_success "Admin consent granted via CLI"
+else
+    log_warning "Admin consent must be granted manually in Azure Portal"
+    log_info "Go to: API permissions → Grant admin consent"
+fi
+
+log_success "Permission configuration guide provided"
+log_info "After completing manual steps, verify permissions:"
+echo "az ad app permission list --id ${APP_ID}"
+