Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

85.bot-authentication-sni for Python works with tunneling, but fails when you deploy in Azure using template-BotApp-with-rg.json due to missing variables necessary for SN+I certfiicate #4031

Open
journeyman-msft opened this issue Jan 15, 2025 · 0 comments
Open

85.bot-authentication-sni for Python works with tunneling, but fails when you deploy in Azure using template-BotApp-with-rg.json due to missing variables necessary for SN+I certfiicate #4031

journeyman-msft opened this issue Jan 15, 2025 · 0 comments
Assignees
@tracyboehrer
Labels
bug Indicates an unexpected problem or an unintended behavior. needs-triage The issue has just been created and it has not been reviewed by the team.

Comments

@journeyman-msft
Copy link

journeyman-msft commented Jan 15, 2025
edited
Loading

Github issues for C# /JS / Java/ Python should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.

Sample information

  1. Sample type: [\samples\ or \solutions] samples
  2. Sample language: [dotnetcore or webapi or es6 or nodejs or typescript] python
  3. Sample name: 85.bot-authentication-sni (https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/python/wip/85.bot-authentication-sni)

Describe the bug

Need to add additional variables in template-BotApp-with-rg.json for the keyvault to retrieve certificate.

        {
          "name": "MicrosoftAppKeyVaultName",
          "value": "[parameters('keyVaultName')]"
        },
        {
          "name": "MicrosoftAppCertificateName",
          "value": "[parameters('certificateName')]"
        },
        {
          "name": "MicrosoftAppCertificateThumbprint",
          "value": "[parameters('certificateThumbprint')]"
        },

In parameters-for-template-BotApp-with-rg.json you also need to make sure to map it

    "keyVaultName": {
        "value": "<INSERT>"
    },
    "certificateName": {
        "value": "<INSERT>"
    },
    "certificateThumbprint": {
        "value": "<INSERT>"
    },

Azure CLI fails when running

az deployment group create --resource-group <> --template-file template-BotApp-with-rg.json --parameters parameters-for-template-BotApp-with-rg.json

To Reproduce

Steps to reproduce the behavior:

  1. https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/python/wip/85.bot-authentication-sni
  2. create an Entra app and add necessary info into manifest for certificate
  3. Create keyvault and add certificate
  4. enter variables into parameters-for-template-BotApp-with-rg.json
  5. az deployment group create --resource-group <> --template-file template-BotApp-with-rg.json --parameters parameters-for-template-BotApp-with-rg.json
  6. enter variables into parameters for template-AzureBot-with-rg.json
  7. notice failure
  8. update parameters to include KeyVaultName, certificateName, certificateThumbprint
  9. az deployment group create --resource-group <> --template-file template-AzureBot-with-rg.json --parameters parameters-for-template-AzureBot-with-rg.json
  10. az webapp deploy --resource-group <> --name <> --src <>
  11. test in webchat of Azure bot

Expected behavior

I expect the CLI to say deployment was successful. Furthermore, I expect this to work from the test in webapp when deployed to Azure.

{"code": "InvalidTemplate", "message": "Deployment template validation failed: 'The following parameters were supplied, but do not correspond to any parameters defined in the template: 'UMSIName, UMSIResourceGroupName'. The parameters defined in the template are: 'groupName, groupLocation, azureBotId, azureBotSku, azureBotRegion, botEndpoint, appType, appId, tenantId'. Please see https://aka.ms/arm-pass-parameter-values for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 0, "linePosition": 0, "path": ""}}]}

If applicable, add screenshots to help explain your problem.

Additional context

I got rid of UMSIName, UMSIResourceGroupName and added keyVaultName, certficateName, and certficateThumbprint in the parameters. The Azure CLI deployment is successful after that, however, the webapp still fails to respond and appears to fail to start up due to the following from the log stream from Azure webapp

DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
@journeyman-msft journeyman-msft added bug Indicates an unexpected problem or an unintended behavior. needs-triage The issue has just been created and it has not been reviewed by the team. labels Jan 15, 2025
@tracyboehrer tracyboehrer self-assigned this Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tracyboehrer tracyboehrer

Labels
bug Indicates an unexpected problem or an unintended behavior. needs-triage The issue has just been created and it has not been reviewed by the team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tracyboehrer @journeyman-msft