This repository was archived by the owner on Jul 9, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 375
fix: get microsoftAppPassword from profile appPasswordHint #6471
Merged
Merged
Changes from 10 commits
Commits
Show all changes
35 commits
Select commit
Hold shift + click to select a range
8279a27
add key valut token get
VanyLaw 74e9e37
add auth before doing kv update
VanyLaw 30b9550
Merge remote-tracking branch 'origin/main' into wenyluo/kv
VanyLaw b657efa
refactor the get alias and generate profile code
VanyLaw e88b616
add azure key vault logic and set policy process
8b0607c
Merge remote-tracking branch 'origin/main' into wenyluo/kv
VanyLaw 5233813
fix generated profile not work
VanyLaw 71a08d2
Merge remote-tracking branch 'origin/main' into wenyluo/kv
VanyLaw c111827
fix build
VanyLaw 6c8d54d
Merge branch 'main' into wenyluo/kv
luhan2017 5aa5029
Merge branch 'main' into wenyluo/kv
luhan2017 1bd9bcc
Merge branch 'main' into wenyluo/kv
luhan2017 f174450
add exception handling
b710e8b
fix conflict
VanyLaw ae3d1d5
fix comments
VanyLaw 5046984
Merge branch 'main' into wenyluo/kv
cwhitten 6b1ab1a
fix ut
VanyLaw 85aefee
Merge branch 'wenyluo/kv' of https://github.com/microsoft/BotFramewor…
VanyLaw 90ed899
Merge branch 'main' into wenyluo/kv
cwhitten b23b8cf
Fix lint, comment-out unusued imports
cwhitten 4356c9a
Merge branch 'main' into wenyluo/kv
luhan2017 8f79355
open modal refactor
alanlong9278 92d63a2
Merge branch 'main' into wenyluo/kv
luhan2017 a1d0702
alias & profile for open bot
alanlong9278 c9f068a
api
alanlong9278 b8065d7
fix lint
VanyLaw df11d27
alias
alanlong9278 07d1e2d
set alias
alanlong9278 f97204e
Merge branch 'wenyluo/kv' of https://github.com/microsoft/BotFramewor…
alanlong9278 8c92548
Fix lint
cwhitten 7f561b0
Merge branch 'main' into wenyluo/kv
cwhitten 995466c
Merge branch 'main' into wenyluo/kv
boydc2014 1fa075e
ut
alanlong9278 d17bbbc
publish notification
alanlong9278 3d2c68b
Merge branch 'main' into wenyluo/kv
luhan2017 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
158 changes: 158 additions & 0 deletions
158
Composer/packages/server/src/externalContentProvider/azureBotServiceProvider.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,158 @@ | ||
| // Copyright (c) Microsoft Corporation. | ||
| // Licensed under the MIT License. | ||
| import { PublishTarget } from '@bfc/shared'; | ||
| import * as axios from 'axios'; | ||
| import jwtDecode from 'jwt-decode'; | ||
|
|
||
| import { authService } from '../services/auth/auth'; | ||
|
|
||
| import { IContentProviderMetadata, ExternalContentProvider, BotContentInfo } from './externalContentProvider'; | ||
|
|
||
| export type AzureBotServiceMetadata = IContentProviderMetadata & { | ||
| resourceId: string; | ||
| botName: string; | ||
| appId?: string; | ||
| appPasswordHint?: string; | ||
| subscriptionId?: string; | ||
| resourceGroup?: string; | ||
| armEndpoint?: string; | ||
| tenantId: string; | ||
| }; | ||
|
|
||
| export class AzureBotServiceProvider extends ExternalContentProvider<AzureBotServiceMetadata> { | ||
| constructor(metadata: AzureBotServiceMetadata) { | ||
| super(metadata); | ||
| } | ||
| public async downloadBotContent(): Promise<BotContentInfo> { | ||
| throw new Error('ABS Not support'); | ||
| } | ||
| public async cleanUp(): Promise<void> { | ||
| throw new Error('Method not implemented.'); | ||
| } | ||
| public async getAlias(): Promise<string> { | ||
| const alias = `abs-${this.metadata.botName}-${this.metadata.appId}`; | ||
| return alias; | ||
| } | ||
|
|
||
| public async authenticate(): Promise<string> { | ||
| return this.getVaultAccessToken(); | ||
| } | ||
|
|
||
| public async generateProfile(): Promise<PublishTarget> { | ||
| const appId = this.metadata.appId; | ||
| // parse subscriptionId ... from this.metadata | ||
| const temp = { ...this.metadata }; | ||
| const subs = this.metadata.resourceId.match(/subscriptions\/([\w-]*)\//); | ||
| const groups = this.metadata.resourceId.match(/resourceGroups\/([^/]*)/); | ||
| const names = this.metadata.resourceId.match(/botServices\/([^/]*)/); | ||
| temp.subscriptionId = (subs && subs.length > 0 && subs[1]) || ''; | ||
| temp.resourceGroup = (groups && groups.length > 0 && groups[1]) || ''; | ||
| temp.botName = (names && names.length > 0 && names[1]) || ''; | ||
| delete temp.appId; | ||
|
|
||
| // transform key vault token hint to microsoft app password | ||
| const hint = this.metadata.appPasswordHint || ''; | ||
| delete temp.appPasswordHint; | ||
| const vaultNames = hint.match(/vaults\/([^/]*)/); | ||
| const secretNames = hint.match(/secrets\/([^/]*)/); | ||
| const resourceGroupNames = hint.match(/resourceGroups\/([^/]*)/); | ||
| const vaultName = (vaultNames && vaultNames.length > 0 && vaultNames[1]) || ''; | ||
| const secretName = (secretNames && secretNames.length > 0 && secretNames[1]) || ''; | ||
| const resourceGroupName = (resourceGroupNames && resourceGroupNames.length > 0 && resourceGroupNames[1]) || ''; | ||
| const tenantId = this.metadata.tenantId; | ||
|
|
||
| // get token | ||
| const armToken = await this.getArmAccessToken(tenantId); | ||
|
VanyLaw marked this conversation as resolved.
|
||
| const vaultToken = await this.getVaultAccessToken(); | ||
| const decoded = jwtDecode<{ oid: string }>(armToken); | ||
|
|
||
| // set key vault policy | ||
| await this.keyVaultUpdatePolicy(armToken, temp.subscriptionId, resourceGroupName, vaultName, tenantId, decoded.oid); | ||
| const appPwd = await this.keyVaultGetSecretValue(vaultToken, vaultName, secretName); | ||
| return { | ||
| name: `abs-${this.metadata.botName}`, | ||
| type: 'azurePublish', | ||
| configuration: JSON.stringify({ | ||
| hostname: '', | ||
| runtimeIdentifier: 'win-x64', | ||
| settings: { | ||
| MicrosoftAppId: appId, | ||
| MicrosoftAppPassword: appPwd, | ||
| }, | ||
| ...temp, | ||
| }), | ||
| }; | ||
| } | ||
|
|
||
| private async keyVaultUpdatePolicy( | ||
| token: string, | ||
| subscriptionId: string, | ||
| resourceGroupName: string, | ||
| vaultName: string, | ||
| tenantId: string, | ||
| objectId: string | ||
| ) { | ||
| const operationKind = 'add'; | ||
| const url = `https://management.azure.com/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.KeyVault/vaults/${vaultName}/accessPolicies/${operationKind}?api-version=2019-09-01`; | ||
| const result = await axios.default.put( | ||
| url, | ||
| { | ||
| properties: { | ||
| accessPolicies: [ | ||
| { | ||
| tenantId: tenantId, | ||
| objectId: objectId, | ||
| permissions: { | ||
| secrets: ['get', 'list'], | ||
| }, | ||
| }, | ||
| ], | ||
| }, | ||
| }, | ||
| { | ||
| headers: { | ||
| Authorization: `Bearer ${token}`, | ||
| 'Content-Type': 'application/json', | ||
| }, | ||
| } | ||
| ); | ||
| return result; | ||
| } | ||
|
|
||
| private async keyVaultGetSecretValue(token: string, vaultName: string, secretName: string) { | ||
| const vaultUri = `https://${vaultName}.vault.azure.net/secrets/${secretName}?api-version=7.1`; | ||
| const result = await axios.default.get(vaultUri, { | ||
| headers: { Authorization: `Bearer ${token}` }, | ||
| }); | ||
| return result.data.value; | ||
| } | ||
|
|
||
| private async getVaultAccessToken(): Promise<string> { | ||
| try { | ||
| // get an kv token | ||
| const authCredentials = { | ||
| scopes: ['https://vault.azure.net/user_impersonation'], | ||
| targetResource: 'https://vault.azure.net', | ||
| }; | ||
| const accessToken = await authService.getAccessToken(authCredentials); | ||
| if (accessToken === '') { | ||
| throw 'User cancelled login flow.'; | ||
| } | ||
| return accessToken; | ||
| } catch (e) { | ||
| throw `Error while trying to get a key vault token: ${e.toString()}`; | ||
| } | ||
| } | ||
|
|
||
| private async getArmAccessToken(tenantId: string): Promise<string> { | ||
| try { | ||
| const accessToken = await authService.getArmAccessToken(tenantId); | ||
| if (accessToken === '') { | ||
| throw 'User cancelled login flow.'; | ||
| } | ||
| return accessToken; | ||
| } catch (e) { | ||
| throw `Error while trying to get a key vault token: ${e.toString()}`; | ||
| } | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this part.