TS Changes for atk.basic in azure and atk.oauth (#354)

skip-test-verification

1. Oauth in Typescript - verified in local and dev
2. Basic in typescript Dev env (switched from managed identity back to
client id and secret - single tenant)
For managed identity we would have had to update each template to use
azure identity
3.  Remove conversion of port to number as ports are strings in dev env

---------

Co-authored-by: Mehak Bindra <[email protected]>
Co-authored-by: heyitsaamir <[email protected]>

Author: 3 people

packages/cli/configs/atk/basic/python/.vscode/launch.json

@@ -49,6 +49,7 @@
         "name": "Start",
         "type": "debugpy",
         "request": "launch",
+        "python": "${workspaceFolder}/.venv/bin/python",
         "program": "${workspaceFolder}/src/main.py",
         "console": "integratedTerminal"
     },

packages/cli/configs/atk/basic/typescript/env/.env.dev

@@ -10,8 +10,10 @@ AZURE_RESOURCE_GROUP_NAME=
 RESOURCE_SUFFIX=
 
 # Generated during provision, you can also add your own variables.
-BOT_ID=
 TEAMS_APP_ID=
+TEAMS_APP_TENANT_ID=
+BOT_ID=
+AAD_APP_OBJECT_ID=
+AAD_APP_TENANT_ID=
 BOT_AZURE_APP_SERVICE_RESOURCE_ID=
 BOT_DOMAIN=
-BOT_TENANT_ID=

packages/cli/configs/atk/basic/typescript/infra/azure.bicep

@@ -3,21 +3,23 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
+@description('Required when create Azure Bot service')
+param botAadAppClientId string
+
+@secure()
+@description('Required by Bot Framework package in your bot project')
+param botAadAppClientSecret string
+
 param webAppSKU string
+param tenantId string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
-param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
-resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  location: location
-  name: identityName
-}
-
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
   kind: 'app'
@@ -41,7 +43,7 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
       appSettings: [
         {
           name: 'WEBSITE_RUN_FROM_PACKAGE'
-          value: '1' // Run Azure App Service from a package file
+          value: '1' // Run Azure APP Service from a package file
         }
         {
           name: 'WEBSITE_NODE_DEFAULT_VERSION'
@@ -53,43 +55,34 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
         }
         {
           name: 'CLIENT_ID'
-          value: identity.properties.clientId
+          value: botAadAppClientId
         }
         {
-          name: 'TENANT_ID'
-          value: identity.properties.tenantId
+          name: 'CLIENT_SECRET'
+          value: botAadAppClientSecret
         }
         {
-          name: 'BOT_TYPE'
-          value: 'UserAssignedMsi'
+          name: 'TENANT_ID'
+          value: tenantId
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${identity.id}': {}
-    }
-  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    identityClientId: identity.properties.clientId
-    identityResourceId: identity.id
-    identityTenantId: identity.properties.tenantId
+    botAadAppClientId: botAadAppClientId
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
+    tenantId: tenantId
   }
 }
 
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
-output BOT_ID string = identity.properties.clientId
-output BOT_TENANT_ID string = identity.properties.tenantId

packages/cli/configs/atk/basic/typescript/infra/azure.parameters.json.hbs

@@ -8,6 +8,15 @@
     "webAppSKU": {
       "value": "B1"
     },
+    "botAadAppClientId": {
+      "value": "$\{{BOT_ID}}"
+    },
+    "botAadAppClientSecret": {
+      "value": "$\{{SECRET_BOT_PASSWORD}}"
+    },
+    "tenantId": {
+      "value": "$\{{AAD_APP_TENANT_ID}}"
+    },
     "botDisplayName": {
       "value": "{{ toPascalCase name }}Infra"
     }

packages/cli/configs/atk/basic/typescript/infra/botRegistration/azurebot.bicep

@@ -8,10 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param identityResourceId string
-param identityClientId string
-param identityTenantId string
+param botAadAppClientId string
 param botAppDomain string
+param tenantId string
 
 // Register your web service as a bot with the Bot Framework
 resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
@@ -21,10 +20,9 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: identityClientId
-    msaAppMSIResourceId: identityResourceId
-    msaAppTenantId:identityTenantId
-    msaAppType:'UserAssignedMSI'
+    msaAppId: botAadAppClientId
+    msaAppType: 'SingleTenant'
+    msaAppTenantId: tenantId
   }
   sku: {
     name: botServiceSku

packages/cli/configs/atk/basic/typescript/teamsapp.yml.hbs

@@ -20,25 +20,52 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Automates the creation an Azure AD app registration which is required for a bot.
-  # The Bot ID (AAD app client ID) and Bot Password (AAD app client secret) are saved to an environment file.
-  - uses: botAadApp/create
+  # Creates a new Microsoft Entra app to authenticate users if
+  # the environment variable that stores clientId is empty
+  - uses: aadApp/create
     with:
       name: {{ toPascalCase name }}$\{{APP_NAME_SUFFIX}}
+      # Note: when you run aadApp/update, the Microsoft Entra app name will be updated
+      # based on the definition in manifest. If you don't want to change the
+      # name, make sure the name in Microsoft Entra manifest is the same with the name
+      # defined here.
+      # If the value is false, the driver will not generate client secret for you
+      generateClientSecret: true
+      # organization's Microsoft Entra tenant (for example, single tenant).
+      signInAudience: AzureADMultipleOrgs
+    # Write the information of created resources into environment file for the
+    # specified environment variable(s).
     writeToEnvironmentFile:
-      botId: BOT_ID
-      botPassword: SECRET_BOT_PASSWORD
+      clientId: BOT_ID
+      # Environment variable that starts with `SECRET_` will be stored to the
+      # .env.{envName}.user environment file
+      clientSecret: SECRET_BOT_PASSWORD
+      objectId: AAD_APP_OBJECT_ID
+      tenantId: AAD_APP_TENANT_ID
 
-  # Automates the creation of infrastructure defined in ARM templates to host the bot.
-  # The created resource IDs are saved to an environment file.
-  - uses: arm/deploy
+  - uses: arm/deploy # Deploy given ARM templates parallelly.
     with:
+      # AZURE_SUBSCRIPTION_ID is a built-in environment variable,
+      # if its value is empty, TeamsFx will prompt you to select a subscription.
+      # Referencing other environment variables with empty values
+      # will skip the subscription selection prompt.
       subscriptionId: $\{{AZURE_SUBSCRIPTION_ID}}
+      # AZURE_RESOURCE_GROUP_NAME is a built-in environment variable,
+      # if its value is empty, TeamsFx will prompt you to select or create one
+      # resource group.
+      # Referencing other environment variables with empty values
+      # will skip the resource group selection prompt.
       resourceGroupName: $\{{AZURE_RESOURCE_GROUP_NAME}}
       templates:
-        - path: ./infra/azure.bicep
+        - path: ./infra/azure.bicep # Relative path to this file
+          # Relative path to this yaml file.
+          # Placeholders will be replaced with corresponding environment
+          # variable before ARM deployment.
           parameters: ./infra/azure.parameters.json
-          deploymentName: Create-resources-for-tab
+          # Required when deploying ARM template
+          deploymentName: Create-resources-for-bot
+      # M365 Agents Toolkit will download this bicep CLI version from github for you,
+      # will use bicep CLI in PATH if you remove this config.
       bicepCliVersion: v0.9.1
 
   # Optional: Automates schema and error checking of the Teams app manifest and outputs the results in the console.

packages/cli/configs/atk/oauth/python/.vscode/launch.json

@@ -49,6 +49,7 @@
         "name": "Start",
         "type": "debugpy",
         "request": "launch",
+        "python": "${workspaceFolder}/.venv/bin/python",
         "program": "${workspaceFolder}/src/main.py",
         "console": "integratedTerminal"
     }

packages/cli/configs/atk/oauth/typescript/env/.env.dev

@@ -0,0 +1,16 @@
+# Built-in environment variables
+TEAMSFX_ENV=dev
+APP_NAME_SUFFIX=dev
+
+# Updating AZURE_SUBSCRIPTION_ID or AZURE_RESOURCE_GROUP_NAME after provision may also require an update to RESOURCE_SUFFIX, because some services require a globally unique name across subscriptions/resource groups.
+AZURE_SUBSCRIPTION_ID=
+AZURE_RESOURCE_GROUP_NAME=
+RESOURCE_SUFFIX=
+
+TEAMS_APP_ID=
+TEAMS_APP_TENANT_ID=
+BOT_ID=
+AAD_APP_OBJECT_ID=
+AAD_APP_TENANT_ID=
+BOT_AZURE_APP_SERVICE_RESOURCE_ID=
+BOT_DOMAIN=

packages/cli/configs/atk/oauth/typescript/infra/azure.bicep

@@ -3,21 +3,23 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
+@description('Required when create Azure Bot service')
+param botAadAppClientId string
+
+@secure()
+@description('Required by Bot Framework package in your bot project')
+param botAadAppClientSecret string
+
 param webAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
-param identityName string = resourceBaseName
 param location string = resourceGroup().location
 param oauthConnectionName string
-
-resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  location: location
-  name: identityName
-}
+param tenantId string
 
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
@@ -53,31 +55,21 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
           value: '1'
         }
         {
-          name: 'BOT_ID'
-          value: identity.properties.clientId
+          name: 'CLIENT_ID'
+          value: botAadAppClientId
         }
         {
-          name: 'BOT_TENANT_ID'
-          value: identity.properties.tenantId
-        }
-        { 
-          name: 'BOT_TYPE' 
-          value: 'UserAssignedMsi'
+          name: 'CLIENT_SECRET'
+          value: botAadAppClientSecret
         }
         {
-          name: 'OAUTH_CONNECTION_NAME'
-          value: oauthConnectionName
+          name: 'TENANT_ID'
+          value: tenantId
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${identity.id}': {}
-    }
-  }
 }
 
 // Register your web service as a bot with the Bot Framework
@@ -86,9 +78,11 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
   params: {
     resourceBaseName: resourceBaseName
     botAadAppClientId: botAadAppClientId
+    botAddAppClientSecret: botAadAppClientSecret
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
     oauthConnectionName: oauthConnectionName
+    tenantId: tenantId
   }
 }
 

packages/cli/configs/atk/oauth/typescript/infra/azure.local.bicep

@@ -15,6 +15,7 @@ param botDisplayName string
 
 param botAppDomain string
 param oauthConnectionName string
+param tenantId string
 
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
@@ -25,5 +26,6 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
     botDisplayName: botDisplayName
     botAddAppClientSecret: botAadAppClientSecret
     oauthConnectionName: oauthConnectionName
+    tenantId: tenantId
   }
 }