update samples to use msi for remote

NPM-search-connector-M365/env/.env.dev.user

@@ -1,4 +1,3 @@
 # This file includes environment variables that will not be committed to git by default. You can set these environment variables in your CI/CD system for your project.
 
 # If you're adding a secret value, add SECRET_ prefix to the name so Teams Toolkit can handle them properly
-SECRET_BOT_PASSWORD=

NPM-search-connector-M365/index.js

@@ -16,8 +16,9 @@ const { MessageExtensionBot } = require("./messageExtensionBot.js");
 // See https://aka.ms/about-bot-adapter to learn more about adapters.
 const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
  MicrosoftAppId: process.env.BOT_ID,
+ MicrosoftAppType: process.env.BOT_TYPE,
+ MicrosoftAppTenantId: process.env.BOT_TENANT_ID,
  MicrosoftAppPassword: process.env.BOT_PASSWORD,
- MicrosoftAppType: "MultiTenant",
 });
 
 const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication(

NPM-search-connector-M365/infra/azure.bicep

@@ -3,22 +3,21 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param webAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+ location: location
+ name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
  kind: 'app'
@@ -54,24 +53,36 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
  }
  {
  name: 'BOT_ID'
- value: botAadAppClientId
+ value: identity.properties.clientId
  }
  {
- name: 'BOT_PASSWORD'
- value: botAadAppClientSecret
+ name: 'BOT_TENANT_ID'
+ value: identity.properties.tenantId
+ }
+ {
+ name: 'BOT_TYPE'
+ value: 'UserAssignedMsi'
  }
  ]
  ftpsState: 'FtpsOnly'
  }
  }
+ identity: {
+ type: 'UserAssigned'
+ userAssignedIdentities: {
+ '${identity.id}': {}
+ }
+ }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
  name: 'Azure-Bot-registration'
  params: {
  resourceBaseName: resourceBaseName
- botAadAppClientId: botAadAppClientId
+ identityClientId: identity.properties.clientId
+ identityResourceId: identity.id
+ identityTenantId: identity.properties.tenantId
  botAppDomain: webApp.properties.defaultHostName
  botDisplayName: botDisplayName
  }
@@ -80,3 +91,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId

NPM-search-connector-M365/infra/azure.parameters.json

@@ -5,12 +5,6 @@
  "resourceBaseName": {
  "value": "ME${{RESOURCE_SUFFIX}}"
  },
- "botAadAppClientId": {
- "value": "${{BOT_ID}}"
- },
- "botAadAppClientSecret": {
- "value": "${{SECRET_BOT_PASSWORD}}"
- },
  "webAppSKU": {
  "value": "B1"
  },

NPM-search-connector-M365/infra/botRegistration/azurebot.bicep

@@ -8,7 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param botAadAppClientId string
+param identityResourceId string
+param identityClientId string
+param identityTenantId string
 param botAppDomain string
 
 // Register your web service as a bot with the Bot Framework
@@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
  properties: {
  displayName: botDisplayName
  endpoint: 'https://${botAppDomain}/api/messages'
- msaAppId: botAadAppClientId
+ msaAppId: identityClientId
+ msaAppMSIResourceId: identityResourceId
+ msaAppTenantId:identityTenantId
+ msaAppType:'UserAssignedMSI'
  }
  sku: {
  name: botServiceSku

NPM-search-connector-M365/teamsapp.local.yml

@@ -88,3 +88,4 @@ deploy:
  envs:
  BOT_ID: ${{BOT_ID}}
  BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}}
+ BOT_TYPE: 'MultiTenant'

NPM-search-connector-M365/teamsapp.yml

@@ -17,17 +17,6 @@ provision:
  writeToEnvironmentFile:
  teamsAppId: TEAMS_APP_ID
 
- # Create or reuse an existing Azure Active Directory application for bot.
- - uses: botAadApp/create
- with:
- # The Azure Active Directory application's display name
- name: npmSearchConnector${{APP_NAME_SUFFIX}}
- writeToEnvironmentFile:
- # The Azure Active Directory application's client id created for bot.
- botId: BOT_ID
- # The Azure Active Directory application's client secret created for bot.
- botPassword: SECRET_BOT_PASSWORD
-
  - uses: arm/deploy # Deploy given ARM templates parallelly.
  with:
  subscriptionId: ${{AZURE_SUBSCRIPTION_ID}} # The AZURE_SUBSCRIPTION_ID is a built-in environment variable. TeamsFx will ask you select one subscription if its value is empty. You're free to reference other environment varialbe here, but TeamsFx will not ask you to select subscription if it's empty in this case.

NPM-search-message-extension-codespaces/config.js

@@ -1,6 +1,8 @@
 const config = {
- botId: process.env.BOT_ID,
- botPassword: process.env.BOT_PASSWORD,
+ MicrosoftAppId: process.env.BOT_ID,
+ MicrosoftAppType: process.env.BOT_TYPE,
+ MicrosoftAppTenantId: process.env.BOT_TENANT_ID,
+ MicrosoftAppPassword: process.env.BOT_PASSWORD,
 };
 
 module.exports = config;

NPM-search-message-extension-codespaces/index.js

@@ -15,11 +15,7 @@ const config = require("./config");
 
 // Create adapter.
 // See https://aka.ms/about-bot-adapter to learn more about adapters.
-const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
- MicrosoftAppId: config.botId,
- MicrosoftAppPassword: config.botPassword,
- MicrosoftAppType: "MultiTenant",
-});
+const credentialsFactory = new ConfigurationServiceClientCredentialFactory(config);
 
 const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication(
  {},

NPM-search-message-extension-codespaces/infra/azure.bicep

@@ -3,22 +3,21 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param webAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+ location: location
+ name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
  kind: 'app'
@@ -54,24 +53,36 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
  }
  {
  name: 'BOT_ID'
- value: botAadAppClientId
+ value: identity.properties.clientId
  }
  {
- name: 'BOT_PASSWORD'
- value: botAadAppClientSecret
+ name: 'BOT_TENANT_ID'
+ value: identity.properties.tenantId
+ }
+ {
+ name: 'BOT_TYPE'
+ value: 'UserAssignedMsi'
  }
  ]
  ftpsState: 'FtpsOnly'
  }
  }
+ identity: {
+ type: 'UserAssigned'
+ userAssignedIdentities: {
+ '${identity.id}': {}
+ }
+ }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
  name: 'Azure-Bot-registration'
  params: {
  resourceBaseName: resourceBaseName
- botAadAppClientId: botAadAppClientId
+ identityClientId: identity.properties.clientId
+ identityResourceId: identity.id
+ identityTenantId: identity.properties.tenantId
  botAppDomain: webApp.properties.defaultHostName
  botDisplayName: botDisplayName
  }
@@ -80,3 +91,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId

NPM-search-message-extension-codespaces/infra/azure.parameters.json

@@ -5,12 +5,6 @@
  "resourceBaseName": {
  "value": "ME${{RESOURCE_SUFFIX}}"
  },
- "botAadAppClientId": {
- "value": "${{BOT_ID}}"
- },
- "botAadAppClientSecret": {
- "value": "${{SECRET_BOT_PASSWORD}}"
- },
  "webAppSKU": {
  "value": "B1"
  },

NPM-search-message-extension-codespaces/infra/botRegistration/azurebot.bicep

@@ -8,7 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param botAadAppClientId string
+param identityResourceId string
+param identityClientId string
+param identityTenantId string
 param botAppDomain string
 
 // Register your web service as a bot with the Bot Framework
@@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
  properties: {
  displayName: botDisplayName
  endpoint: 'https://${botAppDomain}/api/messages'
- msaAppId: botAadAppClientId
+ msaAppId: identityClientId
+ msaAppMSIResourceId: identityResourceId
+ msaAppTenantId:identityTenantId
+ msaAppType:'UserAssignedMSI'
  }
  sku: {
  name: botServiceSku

NPM-search-message-extension-codespaces/teamsapp.local.yml

@@ -78,3 +78,4 @@ deploy:
  envs:
  BOT_ID: ${{BOT_ID}}
  BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}}
+ BOT_TYPE: 'MultiTenant'

NPM-search-message-extension-codespaces/teamsapp.yml

@@ -19,17 +19,6 @@ provision:
  # Write the information of created resources into environment file for the specified environment variable(s).
  teamsAppId: TEAMS_APP_ID
 
- # Create or reuse an existing Azure Active Directory application for bot.
- - uses: botAadApp/create
- with:
- # The Azure Active Directory application's display name
- name: npm-search-msgext${{APP_NAME_SUFFIX}}
- writeToEnvironmentFile:
- # The Azure Active Directory application's client id created for bot.
- botId: BOT_ID
- # The Azure Active Directory application's client secret created for bot.
- botPassword: SECRET_BOT_PASSWORD
-
  - uses: arm/deploy # Deploy given ARM templates parallelly.
  with:
  subscriptionId: ${{AZURE_SUBSCRIPTION_ID}} # The AZURE_SUBSCRIPTION_ID is a built-in environment variable. TeamsFx will ask you select one subscription if its value is empty. You're free to reference other environment varialbe here, but TeamsFx will not ask you to select subscription if it's empty in this case.

adaptive-card-notification/env/.env.dev.user

@@ -1,4 +1,3 @@
 # This file includes environment variables that will not be committed to git by default. You can set these environment variables in your CI/CD system for your project.
 
 # If you're adding a secret value, add SECRET_ prefix to the name so Teams Toolkit can handle them properly
-SECRET_BOT_PASSWORD=

adaptive-card-notification/infra/azure.bicep

@@ -3,22 +3,21 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param functionAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param functionAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+ location: location
+ name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
  kind: 'functionapp'
@@ -59,11 +58,15 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
  }
  {
  name: 'BOT_ID'
- value: botAadAppClientId
+ value: identity.properties.clientId
  }
  {
- name: 'BOT_PASSWORD'
- value: botAadAppClientSecret
+ name: 'BOT_TENANT_ID'
+ value: identity.properties.tenantId
+ }
+ {
+ name: 'BOT_TYPE'
+ value: 'UserAssignedMsi'
  }
  {
  name: 'RUNNING_ON_AZURE'
@@ -77,14 +80,22 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
  ftpsState: 'FtpsOnly'
  }
  }
+ identity: {
+ type: 'UserAssigned'
+ userAssignedIdentities: {
+ '${identity.id}': {}
+ }
+ }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
  name: 'Azure-Bot-registration'
  params: {
  resourceBaseName: resourceBaseName
- botAadAppClientId: botAadAppClientId
+ identityClientId: identity.properties.clientId
+ identityResourceId: identity.id
+ identityTenantId: identity.properties.tenantId
  botAppDomain: functionApp.properties.defaultHostName
  botDisplayName: botDisplayName
  }
@@ -93,3 +104,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 output BOT_DOMAIN string = functionApp.properties.defaultHostName
 output BOT_AZURE_FUNCTION_APP_RESOURCE_ID string = functionApp.id
 output BOT_FUNCTION_ENDPOINT string = 'https://${functionApp.properties.defaultHostName}'
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId