diff --git a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/Startup.cs b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/Startup.cs index 679a06f4..04db4182 100644 --- a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/Startup.cs +++ b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/Startup.cs @@ -24,9 +24,10 @@ public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder bu var configuration = builder.ConfigurationBuilder.Build(); builder.ConfigurationBuilder.AddInMemoryCollection(new Dictionary() { - { "MicrosoftAppType", "MultiTenant" }, + { "MicrosoftAppType", configuration.GetSection("BOT_TYPE")?.Value ?? string.Empty}, { "MicrosoftAppId", configuration.GetSection("BOT_ID")?.Value ?? string.Empty }, { "MicrosoftAppPassword", configuration.GetSection("BOT_PASSWORD")?.Value ?? string.Empty }, + { "MicrosoftAppTenantId", configuration.GetSection("BOT_TENANT_ID")?.Value ?? string.Empty} }); } diff --git a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.bicep b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.bicep index 2a49ce22..88a99b18 100644 --- a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.bicep +++ b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.bicep @@ -3,13 +3,6 @@ @description('Used to generate names for all resources in this file') param resourceBaseName string -@description('Required when create Azure Bot service') -param botAadAppClientId string - -@secure() -@description('Required by Bot Framework package in your bot project') -param botAadAppClientSecret string - param functionAppSKU string @maxLength(42) @@ -17,8 +10,15 @@ param botDisplayName string param serverfarmsName string = resourceBaseName param functionAppName string = resourceBaseName +param identityName string = resourceBaseName param location string = resourceGroup().location + +resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + location: location + name: identityName +} + // Compute resources for your Web App resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = { kind: 'functionapp' @@ -63,16 +63,26 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = { } { name: 'BOT_ID' - value: botAadAppClientId + value: identity.properties.clientId } { - name: 'BOT_PASSWORD' - value: botAadAppClientSecret + name: 'BOT_TENANT_ID' + value: identity.properties.tenantId + } + { + name: 'BOT_TYPE' + value: 'UserAssignedMsi' } ] ftpsState: 'FtpsOnly' } } + identity: { + type: 'UserAssigned' + userAssignedIdentities: { + '${identity.id}': {} + } + } } // Register your web service as a bot with the Bot Framework @@ -80,7 +90,9 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = { name: 'Azure-Bot-registration' params: { resourceBaseName: resourceBaseName - botAadAppClientId: botAadAppClientId + identityClientId: identity.properties.clientId + identityResourceId: identity.id + identityTenantId: identity.properties.tenantId botAppDomain: functionApp.properties.defaultHostName botDisplayName: botDisplayName } @@ -89,4 +101,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = { output BOT_DOMAIN string = functionApp.properties.defaultHostName output BOT_AZURE_FUNCTION_APP_RESOURCE_ID string = functionApp.id output BOT_FUNCTION_ENDPOINT string = 'https://${functionApp.properties.defaultHostName}' - +output BOT_ID string = identity.properties.clientId +output BOT_TENANT_ID string = identity.properties.tenantId diff --git a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.parameters.json b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.parameters.json index 9adf35af..4d46e41b 100644 --- a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.parameters.json +++ b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.parameters.json @@ -5,12 +5,6 @@ "resourceBaseName": { "value": "notification${{RESOURCE_SUFFIX}}" }, - "botAadAppClientId": { - "value": "${{BOT_ID}}" - }, - "botAadAppClientSecret": { - "value": "${{SECRET_BOT_PASSWORD}}" - }, "functionAppSKU": { "value": "B1" }, diff --git a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/botRegistration/azurebot.bicep b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/botRegistration/azurebot.bicep index ab67c7a5..a5a27b8f 100644 --- a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/botRegistration/azurebot.bicep +++ b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/botRegistration/azurebot.bicep @@ -8,7 +8,9 @@ param botDisplayName string param botServiceName string = resourceBaseName param botServiceSku string = 'F0' -param botAadAppClientId string +param identityResourceId string +param identityClientId string +param identityTenantId string param botAppDomain string // Register your web service as a bot with the Bot Framework @@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = { properties: { displayName: botDisplayName endpoint: 'https://${botAppDomain}/api/messages' - msaAppId: botAadAppClientId + msaAppId: identityClientId + msaAppMSIResourceId: identityResourceId + msaAppTenantId:identityTenantId + msaAppType:'UserAssignedMSI' } sku: { name: botServiceSku diff --git a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.local.yml b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.local.yml index c82efad5..32107d72 100644 --- a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.local.yml +++ b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.local.yml @@ -33,6 +33,7 @@ provision: with: target: ./appsettings.Development.json appsettings: + BOT_TYPE: 'MultiTenant' BOT_ID: ${{BOT_ID}} BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}} diff --git a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.yml b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.yml index 5b2aee04..85a8dbce 100644 --- a/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.yml +++ b/stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.yml @@ -19,17 +19,6 @@ provision: writeToEnvironmentFile: teamsAppId: TEAMS_APP_ID - # Create or reuse an existing Azure Active Directory application for bot. - - uses: botAadApp/create - with: - # The Azure Active Directory application's display name - name: stocks-update-notif-bot${{APP_NAME_SUFFIX}} - writeToEnvironmentFile: - # The Azure Active Directory application's client id created for bot. - botId: BOT_ID - # The Azure Active Directory application's client secret created for bot. - botPassword: SECRET_BOT_PASSWORD - - uses: arm/deploy # Deploy given ARM templates parallelly. with: subscriptionId: ${{AZURE_SUBSCRIPTION_ID}} # The AZURE_SUBSCRIPTION_ID is a built-in environment variable. TeamsFx will ask you select one subscription if its value is empty. You're free to reference other environment varialbe here, but TeamsFx will not ask you to select subscription if it's empty in this case.