Added missing parameters: appType, UMSIName, UMSIResourceGroupName, and tenantId to the ARM template for Python bot deployment. (#2191)

Author: gandiddi

generators/app/templates/core/{{cookiecutter.bot_name}}/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json

@@ -14,8 +14,20 @@
         "botEndpoint": {
             "value": ""
         },
+        "appType": {
+          "value": "MultiTenant"
+        },
         "appId": {
             "value": ""
+        },
+        "UMSIName": {
+            "value": ""
+        },
+        "UMSIResourceGroupName": {
+            "value": ""
+        },
+        "tenantId": {
+          "value": ""
         }
     }
 }

generators/app/templates/core/{{cookiecutter.bot_name}}/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json

@@ -15,7 +15,7 @@
             "value": ""
         },
         "newAppServicePlanLocation": {
-            "value": ""
+            "value": "West US"
         },
         "newAppServicePlanSku": {
             "value": {
@@ -26,11 +26,23 @@
                 "capacity": 1
             }
         },
+        "appType": {
+            "value": "MultiTenant"
+        },
         "appId": {
             "value": ""
         },
         "appSecret": {
             "value": ""
+        },
+        "tenantId": {
+            "value": ""
+        },
+        "UMSIName": {
+            "value": ""
+        },
+        "UMSIResourceGroupName": {
+            "value": ""
         }
     }
 }

generators/app/templates/core/{{cookiecutter.bot_name}}/deploymentTemplates/deployUseExistResourceGroup/readme.md

@@ -1,28 +1,48 @@
-Need deploy BotAppService before AzureBot
----
-az login
-az deployment group create --resource-group <group-name> --template-file <template-file> --parameters @<parameters-file>
----
+# Usage
+BotApp must be deployed prior to AzureBot.
+
+### Command line:
+`az login`<br>
+`az deployment group create --resource-group <group-name> --template-file <template-file> --parameters @<parameters-file>`
 
 # parameters-for-template-BotApp-with-rg:
 
-**appServiceName**:(required)   The Name of the Bot App Service.
+- **appServiceName**:(required)   The Name of the Bot App Service.
+
+- (choose an existingAppServicePlan or create a new AppServicePlan)
+  - **existingAppServicePlanName**:     The name of the App Service Plan.
+  - **existingAppServicePlanLocation**: The location of the App Service Plan.
+  - **newAppServicePlanName**:          The name of the App Service Plan.
+  - **newAppServicePlanLocation**:      The location of the App Service Plan.
+  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+
+- **appId**:(required)                                        Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appSecret**:(required for MultiTenant and SingleTenant)   Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+
+- **UMSIName**:(required for UserAssignedMSI)                 The User-Assigned Managed Identity Resource used for the Bot's Authentication.
+
+- **UMSIResourceGroupName**:(required for UserAssignedMSI)    The User-Assigned Managed Identity Resource Group used for the Bot's Authentication.
+
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+MoreInfo: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
 
-(choose an existingAppServicePlan or create a new AppServicePlan)
-**existingAppServicePlanName**:     The name of the App Service Plan.
-**existingAppServicePlanLocation**: The location of the App Service Plan.
-**newAppServicePlanName**:          The name of the App Service Plan.
-**newAppServicePlanLocation**:      The location of the App Service Plan.
-**newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
 
-**appId**:(required)                                        Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
-**appSecret**:(required)   Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
 
 # parameters-for-template-AzureBot-with-rg:
 
-**azureBotId**:(required)           The globally unique and immutable bot ID.
-**azureBotSku**:                    The pricing tier of the Bot Service Registration. **Allowed values are: F0, S1(default)**.
-**azureBotRegion**:                 Specifies the location of the new AzureBot. **Allowed values are: global(default), westeurope**.
-**botEndpoint**:                    Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages.
+- **azureBotId**:(required)           The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. **Allowed values are: F0, S1(default)**.
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. **Allowed values are: global(default), westeurope**.
+- **botEndpoint**:                    Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**:(required)                                        Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **UMSIName**:(required for UserAssignedMSI)                 The User-Assigned Managed Identity Resource used for the Bot's Authentication.
+- **UMSIResourceGroupName**:(required for UserAssignedMSI)    The User-Assigned Managed Identity Resource Group used for the Bot's Authentication.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
 
-**appId**:(required)                                        Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+MoreInfo: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource

generators/app/templates/core/{{cookiecutter.bot_name}}/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json

@@ -9,8 +9,8 @@
             }
         },
         "azureBotSku": {
-            "defaultValue": "S1",
             "type": "string",
+            "defaultValue": "S1",
             "metadata": {
                 "description": "The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default)."
             }
@@ -24,15 +24,72 @@
         },
         "botEndpoint": {
             "type": "string",
+            "defaultValue": "",
             "metadata": {
                 "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
             }
         },
+        "appType": {
+            "type": "string",
+            "defaultValue": "MultiTenant",
+            "allowedValues": [
+                "MultiTenant",
+                "SingleTenant",
+                "UserAssignedMSI"
+            ],
+            "metadata": {
+                "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+            }
+        },
         "appId": {
             "type": "string",
             "metadata": {
                 "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
             }
+        },
+        "UMSIName": {
+            "type": "string",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The User-Assigned Managed Identity Resource used for the Bot's Authentication."
+            }
+        },
+        "UMSIResourceGroupName": {
+            "type": "string",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The User-Assigned Managed Identity Resource Group used for the Bot's Authentication."
+            }
+        },
+        "tenantId": {
+            "type": "string",
+            "defaultValue": "[subscription().tenantId]",
+            "metadata": {
+                "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+            }
+        }
+    },
+    "variables": {
+        "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+        "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+        "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+        "appTypeDef": {
+            "MultiTenant": {
+              "tenantId": "",
+              "msiResourceId": ""
+            },
+            "SingleTenant": {
+              "tenantId": "[variables('tenantId')]",
+              "msiResourceId": ""
+            },
+            "UserAssignedMSI": {
+              "tenantId": "[variables('tenantId')]",
+              "msiResourceId": "[variables('msiResourceId')]"
+            }
+        },
+        "appType": {
+            "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+            "msiResourceId": "[variables('appTypeDef')[parameters('appType')].msiResourceId]"
         }
     },
     "resources": [
@@ -49,8 +106,11 @@
                 "name": "[parameters('azureBotId')]",
                 "displayName": "[parameters('azureBotId')]",
                 "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
-                "endpoint": "[parameters('botEndpoint')]",
+                "endpoint": "[variables('botEndpoint')]",
                 "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppMSIResourceId": "[variables('appType').msiResourceId]",
+                "msaAppType": "[parameters('appType')]",
                 "luisAppIds": [],
                 "schemaTransformationVersion": "1.3",
                 "isCmekEnabled": false,

generators/app/templates/core/{{cookiecutter.bot_name}}/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json

@@ -4,7 +4,6 @@
     "parameters": {
         "appServiceName": {
             "type": "string",
-            "defaultValue": "",
             "metadata": {
                 "description": "The globally unique name of the Web App."
             }
@@ -18,18 +17,21 @@
         },
         "existingAppServicePlanLocation": {
             "type": "string",
+            "defaultValue": "",
             "metadata": {
                 "description": "The location of the App Service Plan."
             }
         },
         "newAppServicePlanName": {
             "type": "string",
+            "defaultValue": "",
             "metadata": {
                 "description": "The name of the new App Service Plan."
             }
         },
         "newAppServicePlanLocation": {
             "type": "string",
+            "defaultValue": "",
             "metadata": {
                 "description": "The location of the App Service Plan."
             }
@@ -47,6 +49,18 @@
                 "description": "The SKU of the App Service Plan. Defaults to Standard values."
             }
         },
+        "appType": {
+            "type": "string",
+            "defaultValue": "MultiTenant",
+            "allowedValues": [
+                "MultiTenant",
+                "SingleTenant",
+                "UserAssignedMSI"
+            ],
+            "metadata": {
+                "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+            }
+        },
         "appId": {
             "type": "string",
             "metadata": {
@@ -59,13 +73,58 @@
             "metadata": {
                 "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
             }
+        },
+        "UMSIName": {
+            "type": "string",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The User-Assigned Managed Identity Resource used for the Bot's Authentication. Defaults to \"\"."
+            }
+        },
+        "UMSIResourceGroupName": {
+            "type": "string",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The User-Assigned Managed Identity Resource Group used for the Bot's Authentication. Defaults to \"\"."
+            }
+        },
+        "tenantId": {
+            "type": "string",
+            "defaultValue": "[subscription().tenantId]",
+            "metadata": {
+                "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+            }
         }
     },
     "variables": {
-        "defaultAppServicePlanName": "[if(empty(parameters('existingAppServicePlanName')), 'createNewAppServicePlan', parameters('existingAppServicePlanName'))]",
-        "useExistingServicePlan": "[not(equals(variables('defaultAppServicePlanName'), 'createNewAppServicePlan'))]",
+        "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+        "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
         "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-        "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+        "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+        "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+        "appTypeDef": {
+            "MultiTenant": {
+              "tenantId": "",
+              "identity": { "type": "None" }
+            },
+            "SingleTenant": {
+              "tenantId": "[variables('tenantId')]",
+              "identity": { "type": "None" }
+            },
+            "UserAssignedMSI": {
+              "tenantId": "[variables('tenantId')]",
+              "identity": {
+                "type": "UserAssigned",
+                "userAssignedIdentities": {
+                  "[variables('msiResourceId')]": {}
+                }
+              }
+            }
+        },
+        "appType": {
+            "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+            "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+        }
     },
     "resources": [
         {
@@ -89,13 +148,15 @@
             "comments": "Create a Web App using an App Service Plan",
             "type": "Microsoft.Web/sites",
             "apiVersion": "2015-08-01",
-            "name": "[parameters('appServiceName')]",
             "location": "[variables('servicePlanLocation')]",
             "kind": "app,linux",
             "dependsOn": [
-                "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
+              "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
             ],
+            "name": "[parameters('appServiceName')]",
+            "identity": "[variables('appType').identity]",
             "properties": {
+                "name": "[parameters('appServiceName')]",
                 "enabled": true,
                 "hostNameSslStates": [
                     {
@@ -124,13 +185,21 @@
                             "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
                             "value": "true"
                         },
+                        {
+                            "name": "MicrosoftAppType",
+                            "value": "[parameters('appType')]"
+                        },
                         {
                             "name": "MicrosoftAppId",
                             "value": "[parameters('appId')]"
                         },
                         {
                             "name": "MicrosoftAppPassword",
                             "value": "[parameters('appSecret')]"
+                        },
+                        {
+                            "name": "MicrosoftAppTenantId",
+                            "value": "[variables('appType').tenantId]"
                         }
                     ],
                     "cors": {
@@ -167,7 +236,7 @@
                 "phpVersion": "",
                 "pythonVersion": "",
                 "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                 "requestTracingEnabled": false,
                 "remoteDebuggingEnabled": false,
                 "remoteDebuggingVersion": "VS2017",
@@ -201,7 +270,7 @@
                 "autoHealEnabled": false,
                 "vnetName": "",
                 "minTlsVersion": "1.2",
-                "ftpsState": "AllAllowed",
+                "ftpsState": "Disabled",
                 "reservedInstanceCount": 0
             }
         }