feat: update stock update bot dotnet to msi (#1312)

stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/Startup.cs

@@ -24,9 +24,10 @@ public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder bu
             var configuration = builder.ConfigurationBuilder.Build();
             builder.ConfigurationBuilder.AddInMemoryCollection(new Dictionary<string, string>()
             {
-                { "MicrosoftAppType", "MultiTenant" },
+                { "MicrosoftAppType", configuration.GetSection("BOT_TYPE")?.Value ?? string.Empty},
                 { "MicrosoftAppId", configuration.GetSection("BOT_ID")?.Value ?? string.Empty },
                 { "MicrosoftAppPassword", configuration.GetSection("BOT_PASSWORD")?.Value ?? string.Empty },
+                { "MicrosoftAppTenantId", configuration.GetSection("BOT_TENANT_ID")?.Value ?? string.Empty}
             });
         }
 

stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.bicep

@@ -3,22 +3,22 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-@description('Required when create Azure Bot service')
-param botAadAppClientId string
-
-@secure()
-@description('Required by Bot Framework package in your bot project')
-param botAadAppClientSecret string
-
 param functionAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param functionAppName string = resourceBaseName
+param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
+
+resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  location: location
+  name: identityName
+}
+
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
   kind: 'functionapp'
@@ -63,24 +63,36 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
         }
         {
           name: 'BOT_ID'
-          value: botAadAppClientId
+          value: identity.properties.clientId
         }
         {
-          name: 'BOT_PASSWORD'
-          value: botAadAppClientSecret
+          name: 'BOT_TENANT_ID'
+          value: identity.properties.tenantId
+        }
+        {
+          name: 'BOT_TYPE'
+          value: 'UserAssignedMsi'
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${identity.id}': {}
+    }
+  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    botAadAppClientId: botAadAppClientId
+    identityClientId: identity.properties.clientId
+    identityResourceId: identity.id
+    identityTenantId: identity.properties.tenantId
     botAppDomain: functionApp.properties.defaultHostName
     botDisplayName: botDisplayName
   }
@@ -89,4 +101,5 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
 output BOT_DOMAIN string = functionApp.properties.defaultHostName
 output BOT_AZURE_FUNCTION_APP_RESOURCE_ID string = functionApp.id
 output BOT_FUNCTION_ENDPOINT string = 'https://${functionApp.properties.defaultHostName}'
-
+output BOT_ID string = identity.properties.clientId
+output BOT_TENANT_ID string = identity.properties.tenantId

stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/azure.parameters.json

@@ -5,12 +5,6 @@
       "resourceBaseName": {
         "value": "notification${{RESOURCE_SUFFIX}}"
       },
-      "botAadAppClientId": {
-        "value": "${{BOT_ID}}"
-      },
-      "botAadAppClientSecret": {
-        "value": "${{SECRET_BOT_PASSWORD}}"
-      },
       "functionAppSKU": {
         "value": "B1"
       },

stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/infra/botRegistration/azurebot.bicep

@@ -8,7 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param botAadAppClientId string
+param identityResourceId string
+param identityClientId string
+param identityTenantId string
 param botAppDomain string
 
 // Register your web service as a bot with the Bot Framework
@@ -19,7 +21,10 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: botAadAppClientId
+    msaAppId: identityClientId
+    msaAppMSIResourceId: identityResourceId
+    msaAppTenantId:identityTenantId
+    msaAppType:'UserAssignedMSI'
   }
   sku: {
     name: botServiceSku

stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.local.yml

@@ -33,6 +33,7 @@ provision:
     with:
       target: ./appsettings.Development.json
       appsettings:
+        BOT_TYPE: 'MultiTenant'
         BOT_ID: ${{BOT_ID}}
         BOT_PASSWORD: ${{SECRET_BOT_PASSWORD}}
 

stocks-update-notification-bot-dotnet/StocksUpdateNotificationBot/teamsapp.yml

@@ -19,17 +19,6 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Create or reuse an existing Azure Active Directory application for bot.
-  - uses: botAadApp/create
-    with:
-      # The Azure Active Directory application's display name
-      name: stocks-update-notif-bot${{APP_NAME_SUFFIX}}
-    writeToEnvironmentFile:
-      # The Azure Active Directory application's client id created for bot.
-      botId: BOT_ID
-      # The Azure Active Directory application's client secret created for bot.
-      botPassword: SECRET_BOT_PASSWORD
-
   - uses: arm/deploy # Deploy given ARM templates parallelly.
     with:
       subscriptionId: ${{AZURE_SUBSCRIPTION_ID}} # The AZURE_SUBSCRIPTION_ID is a built-in environment variable. TeamsFx will ask you select one subscription if its value is empty. You're free to reference other environment varialbe here, but TeamsFx will not ask you to select subscription if it's empty in this case.