[JS] feat: update teamschef bot sample to use msi for remote (#1909)

## Linked issues #minor # (issue number) ## Details Update this sample to use managed identity for remote to avoid creating secret for bot. #### Change details > Describe your changes, with screenshots and code snippets as appropriate **code snippets**: **screenshots**: ## Attestation Checklist - [x] My code follows the style guidelines of this project - I have checked for/fixed spelling, linting, and other errors - I have commented my code for clarity - I have made corresponding changes to the documentation (updating the doc strings in the code is sufficient) - My changes generate no new warnings - I have added tests that validates my changes, and provides sufficient test coverage. I have tested with: - Local testing - E2E testing in Teams - New and existing unit tests pass locally with my changes ### Additional information > Feel free to add other relevant information below
microsoft · Sep 5, 2024 · 7fc1b05 · 7fc1b05
1 parent effc86c
commit 7fc1b05
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 31 deletions.
diff --git a/js/samples/04.ai-apps/a.teamsChefBot/env/.env.dev.user b/js/samples/04.ai-apps/a.teamsChefBot/env/.env.dev.user
@@ -1,4 +1,3 @@
-SECRET_BOT_PASSWORD=
 SECRET_OPENAI_KEY=
 #SECRET_AZURE_OPENAI_KEY=
 #SECRET_AZURE_OPENAI_ENDPOINT=
diff --git a/js/samples/04.ai-apps/a.teamsChefBot/infra/azure.bicep b/js/samples/04.ai-apps/a.teamsChefBot/infra/azure.bicep
@@ -3,13 +3,6 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param webAppSKU string
 
 @maxLength(42)
@@ -26,8 +19,14 @@ param azureOpenAIEndpoint string = ''
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  location: location
+  name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
   kind: 'app'
@@ -63,11 +62,15 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
         }
         {
           name: 'BOT_ID'
-          value: botAadAppClientId
+          value: identity.properties.clientId
+        }
+        {
+          name: 'BOT_TENANT_ID'
+          value: identity.properties.tenantId
         }
         {
-          name: 'BOT_PASSWORD'
-          value: botAadAppClientSecret
+          name: 'BOT_TYPE'
+          value: 'UserAssignedMsi'
         }
         {
           name: 'OPENAI_KEY'
@@ -85,14 +88,22 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
       ftpsState: 'FtpsOnly'
     }
   }
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${identity.id}': {}
+    }
+  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    botAadAppClientId: botAadAppClientId
+    identityClientId: identity.properties.clientId
+    identityResourceId: identity.id
+    identityTenantId: identity.properties.tenantId
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
   }
@@ -101,3 +112,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId
diff --git a/js/samples/04.ai-apps/a.teamsChefBot/infra/azure.parameters.json b/js/samples/04.ai-apps/a.teamsChefBot/infra/azure.parameters.json
@@ -5,12 +5,6 @@
       "resourceBaseName": {
         "value": "teamschefbot${{RESOURCE_SUFFIX}}"
       },
-      "botAadAppClientId": {
-        "value": "${{BOT_ID}}"
-      },
-      "botAadAppClientSecret": {
-        "value": "${{SECRET_BOT_PASSWORD}}"
-      },
       "webAppSKU": {
         "value": "B1"
       },

diff --git a/js/samples/04.ai-apps/a.teamsChefBot/infra/botRegistration/azurebot.bicep b/js/samples/04.ai-apps/a.teamsChefBot/infra/botRegistration/azurebot.bicep
@@ -8,7 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param botAadAppClientId string
+param identityResourceId string
+param identityClientId string
+param identityTenantId string
 param botAppDomain string
 
 // Register your web service as a bot with the Bot Framework
@@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: botAadAppClientId
+    msaAppId: identityClientId
+    msaAppMSIResourceId: identityResourceId
+    msaAppTenantId:identityTenantId
+    msaAppType:'UserAssignedMSI'
   }
   sku: {
     name: botServiceSku

diff --git a/js/samples/04.ai-apps/a.teamsChefBot/src/index.ts b/js/samples/04.ai-apps/a.teamsChefBot/src/index.ts
@@ -32,9 +32,10 @@ config({ path: ENV_FILE });
 const adapter = new TeamsAdapter(
     {},
     new ConfigurationServiceClientCredentialFactory({
+        MicrosoftAppType: process.env.BOT_TYPE,
         MicrosoftAppId: process.env.BOT_ID,
         MicrosoftAppPassword: process.env.BOT_PASSWORD,
-        MicrosoftAppType: 'MultiTenant'
+        MicrosoftAppTenantId: process.env.BOT_TENANT_ID
     })
 );
 

diff --git a/js/samples/04.ai-apps/a.teamsChefBot/teamsapp.local.yml b/js/samples/04.ai-apps/a.teamsChefBot/teamsapp.local.yml
@@ -54,6 +54,7 @@ deploy:
           envs:
               BOT_ID: ${{BOT_ID}}
               BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}}
+              BOT_TYPE: 'MultiTenant'
               OPENAI_KEY: ${{SECRET_OPENAI_KEY}}
               #AZURE_OPENAI_KEY: ${{SECRET_AZURE_OPENAI_KEY}}
               #AZURE_OPENAI_ENDPOINT: ${{SECRET_AZURE_OPENAI_ENDPOINT}}
diff --git a/js/samples/04.ai-apps/a.teamsChefBot/teamsapp.yml b/js/samples/04.ai-apps/a.teamsChefBot/teamsapp.yml
@@ -20,15 +20,6 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Automates the creation an Azure AD app registration which is required for a bot.
-  # The Bot ID (AAD app client ID) and Bot Password (AAD app client secret) are saved to an environment file.
-  - uses: botAadApp/create
-    with:
-      name: TeamsChef${{APP_NAME_SUFFIX}}
-    writeToEnvironmentFile:
-      botId: BOT_ID
-      botPassword: SECRET_BOT_PASSWORD
-
   # Automates the creation of infrastructure defined in ARM templates to host the bot.
   # The created resource IDs are saved to an environment file.
   - uses: arm/deploy
@@ -38,7 +29,7 @@ provision:
       templates:
         - path: ./infra/azure.bicep
           parameters: ./infra/azure.parameters.json
-          deploymentName: Create-resources-for-tab
+          deploymentName: Create-resources-for-bot
       bicepCliVersion: v0.9.1
 
   # Optional: Automates schema and error checking of the Teams app manifest and outputs the results in the console.