refactor: update js bot templates (#11789)

templates/js/default-bot-message-extension/infra/azure.bicep

@@ -3,22 +3,21 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param webAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  location: location
+  name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
   kind: 'app'
@@ -54,24 +53,36 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
         }
         {
           name: 'BOT_ID'
-          value: botAadAppClientId
+          value: identity.properties.clientId
         }
         {
-          name: 'BOT_PASSWORD'
-          value: botAadAppClientSecret
+          name: 'BOT_TENANT_ID'
+          value: identity.properties.tenantId
+        }
+        { 
+          name: 'BOT_TYPE' 
+          value: 'UserAssignedMsi'
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${identity.id}': {}
+    }
+  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    botAadAppClientId: botAadAppClientId
+    identityClientId: identity.properties.clientId
+    identityResourceId: identity.id
+    identityTenantId: identity.properties.tenantId
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
   }
@@ -80,3 +91,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId

templates/js/default-bot-message-extension/infra/azure.parameters.json.tpl

@@ -5,12 +5,6 @@
     "resourceBaseName": {
       "value": "bot${{RESOURCE_SUFFIX}}"
     },
-    "botAadAppClientId": {
-      "value": "${{BOT_ID}}"
-    },
-    "botAadAppClientSecret": {
-      "value": "${{SECRET_BOT_PASSWORD}}"
-    },
     "webAppSKU": {
       "value": "B1"
     },

templates/js/default-bot-message-extension/infra/botRegistration/azurebot.bicep

@@ -8,7 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param botAadAppClientId string
+param identityResourceId string
+param identityClientId string
+param identityTenantId string
 param botAppDomain string
 
 // Register your web service as a bot with the Bot Framework
@@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: botAadAppClientId
+    msaAppId: identityClientId
+    msaAppMSIResourceId: identityResourceId
+    msaAppTenantId:identityTenantId
+    msaAppType:'UserAssignedMSI'
   }
   sku: {
     name: botServiceSku

templates/js/default-bot-message-extension/src/config.js

@@ -1,6 +1,8 @@
 const config = {
-  botId: process.env.BOT_ID,
-  botPassword: process.env.BOT_PASSWORD,
+  MicrosoftAppId: process.env.BOT_ID,
+  MicrosoftAppType: process.env.BOT_TYPE,
+  MicrosoftAppTenantId: process.env.BOT_TENANT_ID,
+  MicrosoftAppPassword: process.env.BOT_PASSWORD,
 };
 
 module.exports = config;

templates/js/default-bot-message-extension/src/index.js

@@ -15,11 +15,7 @@ const config = require("./config");
 
 // Create adapter.
 // See https://aka.ms/about-bot-adapter to learn more about adapters.
-const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
-  MicrosoftAppId: config.botId,
-  MicrosoftAppPassword: config.botPassword,
-  MicrosoftAppType: "MultiTenant",
-});
+const credentialsFactory = new ConfigurationServiceClientCredentialFactory(config);
 
 const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication(
   {},

templates/js/default-bot-message-extension/teamsapp.local.yml.tpl

@@ -77,3 +77,4 @@ deploy:
       envs:
         BOT_ID: ${{BOT_ID}}
         BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}}
+        BOT_TYPE: 'MultiTenant'

templates/js/default-bot-message-extension/teamsapp.yml.tpl

@@ -17,21 +17,6 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Create or reuse an existing Microsoft Entra application for bot.
-  - uses: aadApp/create
-    with:
-      # The Microsoft Entra application's display name
-      name: {{appName}}${{APP_NAME_SUFFIX}}
-      generateClientSecret: true
-      signInAudience: AzureADMultipleOrgs
-    writeToEnvironmentFile:
-      # The Microsoft Entra application's client id created for bot.
-      clientId: BOT_ID
-      # The Microsoft Entra application's client secret created for bot.
-      clientSecret: SECRET_BOT_PASSWORD
-      # The Microsoft Entra application's object id created for bot.
-      objectId: BOT_OBJECT_ID
-
   - uses: arm/deploy  # Deploy given ARM templates parallelly.
     with:
       # AZURE_SUBSCRIPTION_ID is a built-in environment variable,

templates/js/default-bot/config.js

@@ -1,6 +1,8 @@
 const config = {
-  botId: process.env.BOT_ID,
-  botPassword: process.env.BOT_PASSWORD,
+  MicrosoftAppId: process.env.BOT_ID,
+  MicrosoftAppType: process.env.BOT_TYPE,
+  MicrosoftAppTenantId: process.env.BOT_TENANT_ID,
+  MicrosoftAppPassword: process.env.BOT_PASSWORD,
 };
 
 module.exports = config;

templates/js/default-bot/index.js

@@ -15,11 +15,7 @@ const config = require("./config");
 
 // Create adapter.
 // See https://aka.ms/about-bot-adapter to learn more about adapters.
-const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
-  MicrosoftAppId: config.botId,
-  MicrosoftAppPassword: config.botPassword,
-  MicrosoftAppType: "MultiTenant",
-});
+const credentialsFactory = new ConfigurationServiceClientCredentialFactory(config);
 
 const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication(
   {},

templates/js/default-bot/infra/azure.bicep

@@ -3,22 +3,21 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param webAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  location: location
+  name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
   kind: 'app'
@@ -54,24 +53,36 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
         }
         {
           name: 'BOT_ID'
-          value: botAadAppClientId
+          value: identity.properties.clientId
         }
         {
-          name: 'BOT_PASSWORD'
-          value: botAadAppClientSecret
+          name: 'BOT_TENANT_ID'
+          value: identity.properties.tenantId
+        }
+        { 
+          name: 'BOT_TYPE'
+          value: 'UserAssignedMsi' 
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${identity.id}': {}
+    }
+  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    botAadAppClientId: botAadAppClientId
+    identityClientId: identity.properties.clientId
+    identityResourceId: identity.id
+    identityTenantId: identity.properties.tenantId
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
   }
@@ -80,3 +91,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId

templates/js/default-bot/infra/azure.parameters.json.tpl

@@ -5,12 +5,6 @@
     "resourceBaseName": {
       "value": "bot${{RESOURCE_SUFFIX}}"
     },
-    "botAadAppClientId": {
-      "value": "${{BOT_ID}}"
-    },
-    "botAadAppClientSecret": {
-      "value": "${{SECRET_BOT_PASSWORD}}"
-    },
     "webAppSKU": {
       "value": "B1"
     },

templates/js/default-bot/infra/botRegistration/azurebot.bicep

@@ -8,7 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param botAadAppClientId string
+param identityResourceId string
+param identityClientId string
+param identityTenantId string
 param botAppDomain string
 
 // Register your web service as a bot with the Bot Framework
@@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: botAadAppClientId
+    msaAppId: identityClientId
+    msaAppMSIResourceId: identityResourceId
+    msaAppTenantId:identityTenantId
+    msaAppType:'UserAssignedMSI'
   }
   sku: {
     name: botServiceSku

templates/js/default-bot/teamsapp.local.yml.tpl

@@ -77,3 +77,4 @@ deploy:
       envs:
         BOT_ID: ${{BOT_ID}}
         BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}}
+        BOT_TYPE: 'MultiTenant'

templates/js/default-bot/teamsapp.yml.tpl

@@ -17,21 +17,6 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Create or reuse an existing Microsoft Entra application for bot.
-  - uses: aadApp/create
-    with:
-      # The Microsoft Entra application's display name
-      name: {{appName}}${{APP_NAME_SUFFIX}}
-      generateClientSecret: true
-      signInAudience: AzureADMultipleOrgs
-    writeToEnvironmentFile:
-      # The Microsoft Entra application's client id created for bot.
-      clientId: BOT_ID
-      # The Microsoft Entra application's client secret created for bot.
-      clientSecret: SECRET_BOT_PASSWORD
-      # The Microsoft Entra application's object id created for bot.
-      objectId: BOT_OBJECT_ID
-
   - uses: arm/deploy  # Deploy given ARM templates parallelly.
     with:
       # AZURE_SUBSCRIPTION_ID is a built-in environment variable,