microsoft
/
BotBuilder-Samples
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Added wip\85.bot-authentication-sni

This commit is contained in:
Tracy Boehrer 2024-07-09 14:04:38 -05:00
Родитель 369186d80a
Коммит 1b26a73672
16 изменённых файлов: 1303 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

73
samples/python/wip/85.bot-authentication-sni/README.md Normal file
Просмотреть файл

@ -0,0 +1,73 @@
# bot-authentication-sni
Bot Framework v4 echo bot sample.
This bot has been created using [Bot Framework](https://dev.botframework.com), it shows how to create a simple bot that accepts input from the user and echoes it back.
## To try this sample
- Install [NGrok](https://learn.microsoft.com/en-us/azure/bot-service/bot-service-debug-channel-ngrok?view=azure-bot-service-4.0)
- From a command prompt start ngrok
```
ngrok http 3978 --host-header rewrite
```
- Record the Ngrok forwarding URL. For example: "https://8078-68-227-112-63.ngrok-free.app"
- In a terminal, navigate to `botbuilder-samples\samples\python\85.bot-authentication-sni` folder
- Activate your desired virtual environment
- In the terminal, type `pip install -r requirements.txt`
- Create an SSL/TLS certificate using KeyVault
1. Create a KeyVault resource and assign _the KeyVault Administrator_ role to have permission to create a new certificate.
2. Under the Certificates section, hit on Generate/Import, complete the form, and create the certificate in PKCS format.
- This sample assume a OneCert domain has been onboarded at setup as a provider in KeyVault
- The Subject name is: "CN={your-onecert-domain}"
- Create Azure App and Bot
1. Create App Registration
- This can be either Single or Multi tenant
- Record the Application ID
- Add this to the Manifest
"trustedCertificateSubjects": [
{
"authorityId": "00000000-0000-0000-0000-000000000001",
"subjectName": "certificate_subject_name",
"revokedCertificateIdentifiers": []
}
]
2. Create an Azure Bot in the desired resource group. Use the App Registration from the previous step.
- Set the messaging enpoint to: {ngrok-forwarding-url}/api/messages
- Set config.py variables
- MicrosoftAppType: {SingTenant | MultiTenant}
- MicrosoftAppId: {appId}
- MicrosoftAppTenantId: {tenantId-if-single-tenant}
- MicrosoftAppKeyVaultName: Name of the KeyVault containing the certificate.
- MicrosoftAppCertificateName: Name of the certificate in the KeyVault.
- MicrosoftAppCertificateThumbprint: Thumbprint of the certificate
- Run your bot with `python app.py`
## Interacting with the bot
Use "Test in WebChat" from the Azure Bot created above.
## Deploy the bot to Azure
To learn more about deploying a bot to Azure, see [Deploy your bot to Azure](https://aka.ms/azuredeployment) for a complete list of deployment instructions.
## Further reading
- [Bot Framework Documentation](https://docs.botframework.com)
- [Bot Basics](https://docs.microsoft.com/azure/bot-service/bot-builder-basics?view=azure-bot-service-4.0)
- [Activity processing](https://docs.microsoft.com/en-us/azure/bot-service/bot-builder-concept-activity-processing?view=azure-bot-service-4.0)
- [Azure Bot Service Introduction](https://docs.microsoft.com/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-4.0)
- [Azure Bot Service Documentation](https://docs.microsoft.com/azure/bot-service/?view=azure-bot-service-4.0)
- [Azure CLI](https://docs.microsoft.com/cli/azure/?view=azure-cli-latest)
- [Azure Portal](https://portal.azure.com)
- [Channels and Bot Connector Service](https://docs.microsoft.com/en-us/azure/bot-service/bot-concepts?view=azure-bot-service-4.0)

110
samples/python/wip/85.bot-authentication-sni/app.py Normal file
Просмотреть файл

@ -0,0 +1,110 @@
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
import sys
import traceback
from datetime import datetime
import base64
from aiohttp import web
from aiohttp.web import Request, Response, json_response
from azure.keyvault.certificates import CertificateClient
from azure.keyvault.secrets import SecretClient
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.serialization import Encoding, NoEncryption, pkcs12, PrivateFormat
from azure.identity import DefaultAzureCredential
from botbuilder.core import (
TurnContext,
)
from botbuilder.core.integration import aiohttp_error_middleware
from botbuilder.integration.aiohttp import CloudAdapter, ConfigurationBotFrameworkAuthentication
from botbuilder.schema import Activity, ActivityTypes
from botframework.connector.auth import CertificateServiceClientCredentialsFactory
from bots import EchoBot
from config import DefaultConfig
CONFIG = DefaultConfig()
# See: https://learn.microsoft.com/en-us/python/api/overview/azure/keyvault-certificates-readme?view=azure-python
KVUri = f"https://{CONFIG.APP_KEYVAULTNAME}.vault.azure.net"
credential = DefaultAzureCredential()
secret_client = SecretClient(vault_url=KVUri, credential=credential)
certificate_secret = secret_client.get_secret(CONFIG.APP_CERTIFICATENAME)
# This needs work. Basically get a certificate from KeyVault and translate to PEM strings for the CertificateServiceClientCredentialsFactory
# See: https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L101-L123
cert_bytes = base64.b64decode(certificate_secret.value)
private_key, public_certificate, additional_certificates = pkcs12.load_key_and_certificates(
data=cert_bytes,
password=None
)
key_bytes = private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption())
pem_sections = [key_bytes] + [c.public_bytes(Encoding.PEM) for c in [public_certificate] + additional_certificates]
pem_bytes = b"".join(pem_sections)
#fingerprint = public_certificate.fingerprint(hashes.SHA1()) # nosec
pem_str = pem_bytes.decode("utf-8")
public_certificate_str = public_certificate.public_bytes(Encoding.PEM).decode("utf-8")
# Create adapter with CertificateServiceClientCredentialsFactory
# See https://aka.ms/about-bot-adapter to learn more about how bots work.
CREDENTIAL_FACTORY = CertificateServiceClientCredentialsFactory(
certificate_thumbprint=CONFIG.APP_CERTIFICATETHUMBPRINT,
certificate_private_key=pem_str,
app_id=CONFIG.APP_ID,
tenant_id=CONFIG.APP_TENANTID,
certificate_public=public_certificate_str
)
ADAPTER = CloudAdapter(ConfigurationBotFrameworkAuthentication(CONFIG, credentials_factory=CREDENTIAL_FACTORY))
# Catch-all for errors.
async def on_error(context: TurnContext, error: Exception):
# This check writes out errors to console log .vs. app insights.
# NOTE: In production environment, you should consider logging this to Azure
# application insights.
print(f"\n [on_turn_error] unhandled error: {error}", file=sys.stderr)
traceback.print_exc()
# Send a message to the user
await context.send_activity("The bot encountered an error or bug.")
await context.send_activity(
"To continue to run this bot, please fix the bot source code."
)
# Send a trace activity if we're talking to the Bot Framework Emulator
if context.activity.channel_id == "emulator":
# Create a trace activity that contains the error object
trace_activity = Activity(
label="TurnError",
name="on_turn_error Trace",
timestamp=datetime.utcnow(),
type=ActivityTypes.trace,
value=f"{error}",
value_type="https://www.botframework.com/schemas/error",
)
# Send a trace activity, which will be displayed in Bot Framework Emulator
await context.send_activity(trace_activity)
ADAPTER.on_turn_error = on_error
# Create the Bot
BOT = EchoBot()
# Listen for incoming requests on /api/messages
async def messages(req: Request) -> Response:
return await ADAPTER.process(req, BOT)
APP = web.Application(middlewares=[aiohttp_error_middleware])
APP.router.add_post("/api/messages", messages)
if __name__ == "__main__":
try:
web.run_app(APP, host="localhost", port=CONFIG.PORT)
except Exception as error:
raise error

6
samples/python/wip/85.bot-authentication-sni/bots/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,6 @@
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
from .echo_bot import EchoBot
__all__ = ["EchoBot"]

19
samples/python/wip/85.bot-authentication-sni/bots/echo_bot.py Normal file
Просмотреть файл

@ -0,0 +1,19 @@
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
from botbuilder.core import ActivityHandler, MessageFactory, TurnContext
from botbuilder.schema import ChannelAccount
class EchoBot(ActivityHandler):
async def on_members_added_activity(
self, members_added: [ChannelAccount], turn_context: TurnContext
):
for member in members_added:
if member.id != turn_context.activity.recipient.id:
await turn_context.send_activity("Hello and welcome!")
async def on_message_activity(self, turn_context: TurnContext):
return await turn_context.send_activity(
MessageFactory.text(f"Echo: {turn_context.activity.text}")
)

20
samples/python/wip/85.bot-authentication-sni/config.py Normal file
Просмотреть файл

@ -0,0 +1,20 @@
#!/usr/bin/env python3
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
import os
""" Bot Configuration """
class DefaultConfig:
""" Bot Configuration """
PORT = 3978
APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
APP_ID = os.environ.get("MicrosoftAppId", "")
APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
APP_KEYVAULTNAME = os.environ.get("MicrosoftAppKeyVaultName", "")
APP_CERTIFICATENAME = os.environ.get("MicrosoftAppCertificateName", "")
APP_CERTIFICATETHUMBPRINT = os.environ.get("MicrosoftAppCertificateThumbprint", "")

33
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBotId": {
"value": ""
},
"azureBotSku": {
"value": "S1"
},
"azureBotRegion": {
"value": "global"
},
"botEndpoint": {
"value": ""
},
"appType": {
"value": "MultiTenant"
},
"appId": {
"value": ""
},
"UMSIName": {
"value": ""
},
"UMSIResourceGroupName": {
"value": ""
},
"tenantId": {
"value": ""
}
}
}

48
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServiceName": {
"value": ""
},
"existingAppServicePlanName": {
"value": ""
},
"existingAppServicePlanLocation": {
"value": ""
},
"newAppServicePlanName": {
"value": ""
},
"newAppServicePlanLocation": {
"value": "West US"
},
"newAppServicePlanSku": {
"value": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
}
},
"appType": {
"value": "MultiTenant"
},
"appId": {
"value": ""
},
"appSecret": {
"value": ""
},
"tenantId": {
"value": ""
},
"UMSIName": {
"value": ""
},
"UMSIResourceGroupName": {
"value": ""
}
}
}

30
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployUseExistResourceGroup/readme.md Normal file
Просмотреть файл

@ -0,0 +1,30 @@
# Usage
BotApp must be deployed prior to AzureBot.
### Command line:
`az login`<br>
`az deployment group create --resource-group <group-name> --template-file <template-file> --parameters @<parameters-file>`
## Parameters for template-BotApp-with-rg.json:
- **appServiceName**: (required) The Name of the Bot App Service.
- (Pick an existing App Service Plan or create a new App Service Plan.)
- **existingAppServicePlanName**: The name of the App Service Plan.
- **existingAppServicePlanLocation**: The location of the App Service Plan.
- **newAppServicePlanName**: The name of the App Service Plan.
- **newAppServicePlanLocation**: The location of the App Service Plan.
- **newAppServicePlanSku**: The SKU of the App Service Plan. Defaults to Standard values.
- **appType**: Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
- **appId**: (required) Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required for MultiTenant and SingleTenant) Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
- **tenantId**: The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
## Parameters for template-AzureBot-with-rg.json:
- **azureBotId**: (required) The globally unique and immutable bot ID.
- **azureBotSku**: The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**: Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**: Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appType**: Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
- **appId**: (required) Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **tenantId**: The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

121
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json Normal file
Просмотреть файл

@ -0,0 +1,121 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBotId": {
"type": "string",
"metadata": {
"description": "The globally unique and immutable bot ID."
}
},
"azureBotSku": {
"type": "string",
"defaultValue": "S1",
"metadata": {
"description": "The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default)."
}
},
"azureBotRegion": {
"type": "string",
"defaultValue": "global",
"metadata": {
"description": "Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope."
}
},
"botEndpoint": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
}
},
"appType": {
"type": "string",
"defaultValue": "MultiTenant",
"allowedValues": [
"MultiTenant",
"SingleTenant",
"UserAssignedMSI"
],
"metadata": {
"description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
}
},
"appId": {
"type": "string",
"metadata": {
"description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
}
},
"UMSIName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The User-Assigned Managed Identity Resource used for the Bot's Authentication."
}
},
"UMSIResourceGroupName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The User-Assigned Managed Identity Resource Group used for the Bot's Authentication."
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
}
}
},
"variables": {
"botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
"tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
"msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
"appTypeDef": {
"MultiTenant": {
"tenantId": "",
"msiResourceId": ""
},
"SingleTenant": {
"tenantId": "[variables('tenantId')]",
"msiResourceId": ""
},
"UserAssignedMSI": {
"tenantId": "[variables('tenantId')]",
"msiResourceId": "[variables('msiResourceId')]"
}
},
"appType": {
"tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
"msiResourceId": "[variables('appTypeDef')[parameters('appType')].msiResourceId]"
}
},
"resources": [
{
"apiVersion": "2021-05-01-preview",
"type": "Microsoft.BotService/botServices",
"name": "[parameters('azureBotId')]",
"location": "[parameters('azureBotRegion')]",
"kind": "azurebot",
"sku": {
"name": "[parameters('azureBotSku')]"
},
"properties": {
"name": "[parameters('azureBotId')]",
"displayName": "[parameters('azureBotId')]",
"iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
"endpoint": "[variables('botEndpoint')]",
"msaAppId": "[parameters('appId')]",
"msaAppTenantId": "[variables('appType').tenantId]",
"msaAppMSIResourceId": "[variables('appType').msiResourceId]",
"msaAppType": "[parameters('appType')]",
"luisAppIds": [],
"schemaTransformationVersion": "1.3",
"isCmekEnabled": false,
"isIsolated": false
}
}
]
}

278
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json Normal file
Просмотреть файл

@ -0,0 +1,278 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServiceName": {
"type": "string",
"metadata": {
"description": "The globally unique name of the Web App."
}
},
"existingAppServicePlanName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Name of the existing App Service Plan used to create the Web App for the bot."
}
},
"existingAppServicePlanLocation": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The location of the App Service Plan."
}
},
"newAppServicePlanName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The name of the new App Service Plan."
}
},
"newAppServicePlanLocation": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The location of the App Service Plan."
}
},
"newAppServicePlanSku": {
"type": "object",
"defaultValue": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"metadata": {
"description": "The SKU of the App Service Plan. Defaults to Standard values."
}
},
"appType": {
"type": "string",
"defaultValue": "MultiTenant",
"allowedValues": [
"MultiTenant",
"SingleTenant",
"UserAssignedMSI"
],
"metadata": {
"description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
}
},
"appId": {
"type": "string",
"metadata": {
"description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
}
},
"appSecret": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
}
},
"UMSIName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The User-Assigned Managed Identity Resource used for the Bot's Authentication. Defaults to \"\"."
}
},
"UMSIResourceGroupName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The User-Assigned Managed Identity Resource Group used for the Bot's Authentication. Defaults to \"\"."
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
}
}
},
"variables": {
"tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
"useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
"servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
"servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
"msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
"appTypeDef": {
"MultiTenant": {
"tenantId": "",
"identity": { "type": "None" }
},
"SingleTenant": {
"tenantId": "[variables('tenantId')]",
"identity": { "type": "None" }
},
"UserAssignedMSI": {
"tenantId": "[variables('tenantId')]",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[variables('msiResourceId')]": {}
}
}
}
},
"appType": {
"tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
"identity": "[variables('appTypeDef')[parameters('appType')].identity]"
}
},
"resources": [
{
"comments": "Create a new App Service Plan if no existing App Service Plan name was passed in.",
"type": "Microsoft.Web/serverfarms",
"condition": "[not(variables('useExistingServicePlan'))]",
"name": "[variables('servicePlanName')]",
"apiVersion": "2018-02-01",
"location": "[parameters('newAppServicePlanLocation')]",
"sku": "[parameters('newAppServicePlanSku')]",
"kind": "linux",
"properties": {
"name": "[variables('servicePlanName')]",
"perSiteScaling": false,
"reserved": true,
"targetWorkerCount": 0,
"targetWorkerSizeId": 0
}
},
{
"comments": "Create a Web App using an App Service Plan",
"type": "Microsoft.Web/sites",
"apiVersion": "2015-08-01",
"location": "[variables('servicePlanLocation')]",
"kind": "app,linux",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
],
"name": "[parameters('appServiceName')]",
"identity": "[variables('appType').identity]",
"properties": {
"name": "[parameters('appServiceName')]",
"enabled": true,
"hostNameSslStates": [
{
"name": "[concat(parameters('appServiceName'), '.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name": "[concat(parameters('appServiceName'), '.scm.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]",
"reserved": true,
"scmSiteAlsoStopped": false,
"clientAffinityEnabled": false,
"clientCertEnabled": false,
"hostNamesDisabled": false,
"containerSize": 0,
"dailyMemoryTimeQuota": 0,
"httpsOnly": false,
"siteConfig": {
"appSettings": [
{
"name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
"value": "true"
},
{
"name": "MicrosoftAppType",
"value": "[parameters('appType')]"
},
{
"name": "MicrosoftAppId",
"value": "[parameters('appId')]"
},
{
"name": "MicrosoftAppPassword",
"value": "[parameters('appSecret')]"
},
{
"name": "MicrosoftAppTenantId",
"value": "[variables('appType').tenantId]"
}
],
"cors": {
"allowedOrigins": [
"https://botservice.hosting.portal.azure.net",
"https://hosting.onecloud.azure-test.net/"
]
}
}
}
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2016-08-01",
"name": "[concat(parameters('appServiceName'), '/web')]",
"location": "[variables('servicePlanLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('appServiceName'))]"
],
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [
"Default.htm",
"Default.html",
"Default.asp",
"index.htm",
"index.html",
"iisstart.htm",
"default.aspx",
"index.php",
"hostingstart.html"
],
"netFrameworkVersion": "v4.0",
"phpVersion": "",
"pythonVersion": "",
"nodeVersion": "",
"linuxFxVersion": "PYTHON|3.9",
"requestTracingEnabled": false,
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "VS2017",
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": false,
"publishingUsername": "[concat('$', parameters('appServiceName'))]",
"scmType": "None",
"use32BitWorkerProcess": true,
"webSocketsEnabled": false,
"alwaysOn": false,
"appCommandLine": "gunicorn --bind 0.0.0.0 --worker-class aiohttp.worker.GunicornWebWorker --timeout 600 app:APP",
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": false,
"virtualDirectories": null
}
],
"winAuthAdminState": 0,
"winAuthTenantState": 0,
"customAppPoolIdentityAdminState": false,
"customAppPoolIdentityTenantState": false,
"loadBalancing": "LeastRequests",
"routingRules": [],
"experiments": {
"rampUpRules": []
},
"autoHealEnabled": false,
"vnetName": "",
"minTlsVersion": "1.2",
"ftpsState": "Disabled",
"reservedInstanceCount": 0
}
}
]
}

39
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json Normal file
Просмотреть файл

@ -0,0 +1,39 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"groupName": {
"value": ""
},
"groupLocation": {
"value": ""
},
"azureBotId": {
"value": ""
},
"azureBotSku": {
"value": "S1"
},
"azureBotRegion": {
"value": "global"
},
"botEndpoint": {
"value": ""
},
"appType": {
"value": "MultiTenant"
},
"appId": {
"value": ""
},
"UMSIName": {
"value": ""
},
"UMSIResourceGroupName": {
"value": ""
},
"tenantId": {
"value": ""
}
}
}

48
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"groupName": {
"value": ""
},
"groupLocation": {
"value": ""
},
"appServiceName": {
"value": ""
},
"appServicePlanName": {
"value": ""
},
"appServicePlanLocation": {
"value": ""
},
"appServicePlanSku": {
"value": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
}
},
"appType": {
"value": "MultiTenant"
},
"appId": {
"value": ""
},
"appSecret": {
"value": ""
},
"tenantId": {
"value": ""
},
"UMSIName": {
"value": ""
},
"UMSIResourceGroupName": {
"value": ""
}
}
}

41
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployWithNewResourceGroup/readme.md Normal file
Просмотреть файл

@ -0,0 +1,41 @@
# Usage
BotApp must be deployed prior to AzureBot.
### Command line:
`az login`<br>
`az deployment sub create --template-file <template-file> --location <bot-region> --parameters @<parameters-file>`
## Parameters for template-BotApp-new-rg.json:
- **groupName**: (required) The name of the new Resource Group.
- **groupLocation**: (required) The location of the new Resource Group.
- **appServiceName**: (required) The location of the App Service Plan.
- **appServicePlanName**: (required) The name of the App Service Plan.
- **appServicePlanLocation**: The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**: The SKU of the App Service Plan. Defaults to Standard values.
- **appType**: Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
- **appId**: (required) Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required for MultiTenant and SingleTenant) Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
- **tenantId**: The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
## Parameters for template-AzureBot-new-rg.json:
- **groupName**: (required) The name of the new Resource Group.
- **groupLocation**: (required) The location of the new Resource Group.
- **azureBotId**: (required) The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
- **azureBotSku**: The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**: Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**: Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appType**: Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
- **appId**: (required) Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **tenantId**: The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource

139
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json Normal file
Просмотреть файл

@ -0,0 +1,139 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"groupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Resource Group."
}
},
"groupLocation": {
"type": "string",
"metadata": {
"description": "Specifies the location of the Resource Group."
}
},
"azureBotId": {
"type": "string",
"metadata": {
"description": "The globally unique and immutable bot ID."
}
},
"azureBotSku": {
"type": "string",
"defaultValue": "S1",
"metadata": {
"description": "The pricing tier of the Bot Service Registration. Acceptable values are F0 and S1."
}
},
"azureBotRegion": {
"type": "string",
"defaultValue": "global",
"metadata": {
"description": ""
}
},
"botEndpoint": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
}
},
"appType": {
"type": "string",
"defaultValue": "MultiTenant",
"allowedValues": [
"MultiTenant",
"SingleTenant"
],
"metadata": {
"description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
}
},
"appId": {
"type": "string",
"metadata": {
"description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
}
}
},
"variables": {
"botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
"tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
"msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
"appTypeDef": {
"MultiTenant": {
"tenantId": "",
"msiResourceId": ""
},
"SingleTenant": {
"tenantId": "[variables('tenantId')]",
"msiResourceId": ""
}
},
"appType": {
"tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
}
},
"resources": [
{
"name": "[parameters('groupName')]",
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('groupLocation')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "storageDeployment",
"resourceGroup": "[parameters('groupName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('groupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2021-03-01",
"type": "Microsoft.BotService/botServices",
"name": "[parameters('azureBotId')]",
"location": "[parameters('azureBotRegion')]",
"kind": "azurebot",
"sku": {
"name": "[parameters('azureBotSku')]"
},
"properties": {
"name": "[parameters('azureBotId')]",
"displayName": "[parameters('azureBotId')]",
"iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
"endpoint": "[variables('botEndpoint')]",
"msaAppId": "[parameters('appId')]",
"msaAppTenantId": "[variables('appType').tenantId]",
"msaAppType": "[parameters('appType')]",
"luisAppIds": [],
"schemaTransformationVersion": "1.3",
"isCmekEnabled": false,
"isIsolated": false
}
}
]
}
}
}
]
}

294
samples/python/wip/85.bot-authentication-sni/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json Normal file
Просмотреть файл

@ -0,0 +1,294 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"groupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Resource Group."
}
},
"groupLocation": {
"type": "string",
"metadata": {
"description": "Specifies the location of the Resource Group."
}
},
"appServiceName": {
"type": "string",
"metadata": {
"description": "The globally unique name of the Web App."
}
},
"appServicePlanName": {
"type": "string",
"metadata": {
"description": "The name of the App Service Plan."
}
},
"appServicePlanLocation": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The location of the App Service Plan."
}
},
"appServicePlanSku": {
"type": "object",
"defaultValue": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"metadata": {
"description": "The SKU of the App Service Plan. Defaults to Standard values."
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
}
},
"appType": {
"type": "string",
"defaultValue": "MultiTenant",
"allowedValues": [
"MultiTenant",
"SingleTenant",
"UserAssignedMSI"
],
"metadata": {
"description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
}
},
"appId": {
"type": "string",
"metadata": {
"description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
}
},
"appSecret": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
}
},
"UMSIName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The User-Assigned Managed Identity Resource used for the Bot's Authentication. Defaults to \"\"."
}
},
"UMSIResourceGroupName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The User-Assigned Managed Identity Resource Group used for the Bot's Authentication. Defaults to \"\"."
}
}
},
"variables": {
"tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
"appServicePlanName": "[parameters('appServicePlanName')]",
"resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
"appServiceName": "[parameters('appServiceName')]",
"resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
"msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
"appTypeDef": {
"MultiTenant": {
"tenantId": "",
"identity": { "type": "None" }
},
"SingleTenant": {
"tenantId": "[variables('tenantId')]",
"identity": { "type": "None" }
},
"UserAssignedMSI": {
"tenantId": "[variables('tenantId')]",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[variables('msiResourceId')]": {}
}
}
}
},
"appType": {
"tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
"identity": "[variables('appTypeDef')[parameters('appType')].identity]"
}
},
"resources": [
{
"name": "[parameters('groupName')]",
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('groupLocation')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "storageDeployment",
"resourceGroup": "[parameters('groupName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('groupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"comments": "Create a new App Service Plan",
"type": "Microsoft.Web/serverfarms",
"name": "[variables('appServicePlanName')]",
"apiVersion": "2018-02-01",
"location": "[variables('resourcesLocation')]",
"sku": "[parameters('appServicePlanSku')]",
"kind": "linux",
"properties": {
"name": "[variables('appServicePlanName')]",
"perSiteScaling": false,
"reserved": true,
"targetWorkerCount": 0,
"targetWorkerSizeId": 0
}
},
{
"comments": "Create a Web App using the new App Service Plan",
"type": "Microsoft.Web/sites",
"apiVersion": "2015-08-01",
"location": "[variables('resourcesLocation')]",
"kind": "app,linux",
"dependsOn": [
"[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
],
"name": "[variables('appServiceName')]",
"identity": "[variables('appType').identity]",
"properties": {
"name": "[variables('appServiceName')]",
"hostNameSslStates": [
{
"name": "[concat(parameters('appServiceName'), '.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name": "[concat(parameters('appServiceName'), '.scm.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[variables('appServicePlanName')]",
"siteConfig": {
"appSettings": [
{
"name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
"value": "true"
},
{
"name": "MicrosoftAppType",
"value": "[parameters('appType')]"
}, {
"name": "MicrosoftAppId",
"value": "[parameters('appId')]"
},
{
"name": "MicrosoftAppPassword",
"value": "[parameters('appSecret')]"
},
{
"name": "MicrosoftAppTenantId",
"value": "[variables('appType').tenantId]"
}
],
"cors": {
"allowedOrigins": [
"https://botservice.hosting.portal.azure.net",
"https://hosting.onecloud.azure-test.net/"
]
},
"webSocketsEnabled": true
}
}
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2016-08-01",
"name": "[concat(parameters('appServiceName'), '/web')]",
"location": "[variables('resourcesLocation')]",
"dependsOn": [
"[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/sites/', parameters('appServiceName'))]"
],
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [
"Default.htm",
"Default.html",
"Default.asp",
"index.htm",
"index.html",
"iisstart.htm",
"default.aspx",
"index.php",
"hostingstart.html"
],
"netFrameworkVersion": "v4.0",
"phpVersion": "",
"pythonVersion": "",
"nodeVersion": "",
"linuxFxVersion": "PYTHON|3.9",
"requestTracingEnabled": false,
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "VS2017",
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": false,
"publishingUsername": "[concat('$', parameters('appServiceName'))]",
"scmType": "None",
"use32BitWorkerProcess": true,
"webSocketsEnabled": false,
"alwaysOn": false,
"appCommandLine": "gunicorn --bind 0.0.0.0 --worker-class aiohttp.worker.GunicornWebWorker --timeout 600 app:APP",
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": false,
"virtualDirectories": null
}
],
"winAuthAdminState": 0,
"winAuthTenantState": 0,
"customAppPoolIdentityAdminState": false,
"customAppPoolIdentityTenantState": false,
"loadBalancing": "LeastRequests",
"routingRules": [],
"experiments": {
"rampUpRules": []
},
"autoHealEnabled": false,
"vnetName": "",
"minTlsVersion": "1.2",
"ftpsState": "Disabled",
"reservedInstanceCount": 0
}
}
],
"outputs": {}
}
}
}
]
}

4
samples/python/wip/85.bot-authentication-sni/requirements.txt Normal file
Просмотреть файл

@ -0,0 +1,4 @@
botbuilder-integration-aiohttp>=4.16.1
azure-identity==1.17.1
azure-keyvault-certificates==4.8.0
azure-keyvault-secrets==4.8.0