Launching a Legacy CoPo Partner

Step-by-step guide to launch a new legacy Consumer Portal (CoPo) partner.

Getting Started

Step 1: Complete the Setup Guide

Follow the setup guide to install the Zig toolchain, authenticate with Google Cloud, and verify group membership. If you’ve already done this, skip to Step 2.

Prerequisites

Before starting a launch, confirm the following:

• Partner number assigned (check partner index, auto-increment from last)
• Partner name confirmed

Phase 1: Provision New Infrastructure

Step 2: Generate Terraform Configuration

Run the provisioning script to generate Terraform configuration for both environments:

./zig/zig build scripts -- provision_partner_pd_infra

The script runs in interactive mode and will prompt for:

1. Partner number – numeric ID for the partner (e.g. 42)
2. Partner name – short identifier used in resource naming
3. Partner type – select consumer-portal

Confirm the expected files were created under infra/pd-infra/business_unit_1/ for both non-production and production.

Step 3: Create a PR and Deploy

1. Create a branch and commit the generated Terraform configuration
2. Open a PR targeting the plan branch
3. After PR approval, merge into plan
4. Deploy a release

Verify: Open Cloud Build History and confirm the apply completed successfully for each target environment.

Phase 2: Run Configuration Scripts

Prerequisite: The partner’s HA Admin Portal tenant must already be launched and provisioned. Phase 1 infrastructure must be fully applied before proceeding.

Step 4: Add Azure SQL Firewall Rule

Whitelist the new partner VM’s IP address on the Azure SQL Server so it can connect to the database.

./zig/zig build scripts -- add_az_sql_fw_rule -e <environment> -n <rule_name> -ip <ip_address>

Run for each environment:

./zig/zig build scripts -- add_az_sql_fw_rule -e staging -n GCP_P<number>_VM_IP -ip <staging_ip>
./zig/zig build scripts -- add_az_sql_fw_rule -e production -n GCP_P<number>_VM_IP -ip <production_ip>

The script is idempotent – if a rule with the same IP already exists, it skips creation.

Step 5: Create Database User

Build the mssql tool and create a database user for the Consumer Portal web application:

./zig/zig build mssql

Create the user in each environment:

./mssql user create hbcp_<partner_name>_web_user \
  --server <sql_server> \
  --database <database_name> \
  --environment staging \
  --permissions rwx

./mssql user create hbcp_<partner_name>_web_user \
  --server <sql_server> \
  --database <database_name> \
  --environment production \
  --permissions rwx

The tool generates a secure password and stores it in GCP Secret Manager automatically.

Verify: Confirm the user exists in the database and the password secret appears in GCP Secret Manager.

Phase 3: Application Configuration

Follow the CP New Tenant Spin-Up guide on Notion, which covers:

1. Auth0 – Create the application and API in both staging and production tenants
2. Consumer Portal – Run the setup_tenant_config script to generate env configs
3. CP-Config – Add the tenant to the dropdown and set up sanity test credentials
4. GCP Secrets – Configure secrets in GCP Secret Manager and seed eligibility data via launchbot