Refactored Version Beta complete - limited docs (#12)

Signed-off-by: Florian Wagner <[email protected]>

Author: Florian Wagner

Deploy/.gitignore

@@ -2,3 +2,5 @@
 body.json
 # Ignore zip file for publish
 botnotselfcontained.zip
+# Ignore Terraform tfvars
+*.tfvars.*

Deploy/ActivateSSL.ps1

@@ -0,0 +1,73 @@
+###
+#
+# Activate Custom Domain Name SSL Certificate and activate TrafficManager Endpoints
+#
+# This script will do following steps:
+#
+# 1. Import information from previous Terraform runs
+# 2. Terraform execution to activate certificate and map TrafficManager endpoints
+# 3. Update Bot Endpoint
+#
+# After the script is successfully executed the bot should be in a usable from WebChat
+#
+###
+# Parameters
+param(
+    # Only needed in Issuing Mode
+    [Parameter(HelpMessage="The domain (CN) name for the SSL certificate")]
+    [string] $YOUR_DOMAIN,
+
+    [Parameter(HelpMessage="Terraform and SSL creation Automation Flag. `$False -> Interactive, Approval `$True -> Automatic Approval")]
+    [bool] $AUTOAPPROVE = $False,
+
+    [Parameter(HelpMessage="KeyVault certificate name")]
+    [string] $KEYVAULT_CERT_NAME = "SSLcert"
+)
+# Helper var
+$success = $True
+$webAppsVariableFile = "webAppVariable.tfvars.json"
+# Tell who you are
+Write-Host "`n`n# Executing $($MyInvocation.MyCommand.Name)"
+
+# 1. Read values from Terraform IaC run (Bot deployment scripts)
+Write-Host "## 1. Read values from Terraform IaC run (Bot deployment scripts)"
+$content = '{ "azure_webApps" : ' + $(terraform output -state=".\IaC\terraform.tfstate" -json webAppAccounts) + '}'
+Set-Content -Path ".\SSLActivation\$webAppsVariableFile" -Value $content
+$KeyVault = terraform output -state=".\IaC\terraform.tfstate" -json keyVault | ConvertFrom-Json
+$TrafficManager = terraform output -state=".\IaC\terraform.tfstate" -json trafficManager | ConvertFrom-Json
+$Bot = terraform output -state=".\IaC\terraform.tfstate" -json bot | ConvertFrom-Json
+
+# 2. Terraform execution to activate certificate and map TrafficManager endpoints
+Write-Host "## 2. Terraform execution to activate certificate and map TrafficManager endpoints"
+if ($AUTOAPPROVE -eq $True)
+{
+    $AUTOFLAG = "-auto-approve"
+} else {
+    $AUTOFLAG = ""
+}
+
+if ($YOUR_DOMAIN -eq "")
+{
+    $YOUR_DOMAIN = $TrafficManager.fqdn
+}
+
+Set-Location SSLActivation
+terraform init
+terraform apply -var "keyVault_name=$($KeyVault.name)" -var "keyVault_rg=$($KeyVault.resource_group)" `
+-var "your_domain=$YOUR_DOMAIN" `
+-var "trafficmanager_name=$($TrafficManager.name)"  -var "trafficmanager_rg=$($TrafficManager.resource_group)" `
+-var-file="$webAppsVariableFile" `
+-var "keyVault_cert_name=$KEYVAULT_CERT_NAME" $AUTOFLAG
+$success = $success -and $?
+Set-Location ..
+
+# CleanUp
+Remove-Item -Path ".\SSLActivation\$webAppsVariableFile"
+
+# 3. Update Bot Endpoint
+Write-Host "## 3. Update Bot Endpoint"
+az bot update --resource-group $Bot.resource_group --name $Bot.name --endpoint "https://$YOUR_DOMAIN/api/messages"
+$success = $success -and $?
+
+# Return execution status
+exit $success

Deploy/CheckExistingSSL.ps1

@@ -0,0 +1,35 @@
+###
+#
+# Check if already a SSL certificate was imported to KeyVault
+#
+# This script will do following steps:
+#
+# 1. Read values from Terraform IaC run (Bot deployment scripts)
+# 2. Check if certificate exists in Key Vault
+#
+# Returns $True if certificate already exists
+#
+###
+# Parameters
+param(
+    [Parameter(HelpMessage="KeyVault certificate name")]
+    [string] $KEYVAULT_CERT_NAME = "SSLcert"
+)
+# Tell who you are
+Write-Host "`n`n# Executing $($MyInvocation.MyCommand.Name)"
+
+# 1. Read values from Terraform IaC run (Bot deployment scripts)
+Write-Host "## 1. Read values from Terraform IaC run (Bot deployment scripts)"
+$KeyVault = terraform output -state=".\IaC\terraform.tfstate" -json keyVault | ConvertFrom-Json
+
+# 2. Check if certificate exists in Key Vault
+Write-Host "## 2. Check if certificate exists in Key Vault"
+az keyvault certificate show --vault-name $KeyVault.name --name $KEYVAULT_CERT_NAME > $null 2> $1
+if ($? -eq $True)
+{
+    Write-Host "### Existing Certificate found"
+    return $True
+} else {
+    Write-Host "### No existing Certificate found"
+    return $False
+}

Deploy/CheckServiceAvailability.ps1

@@ -0,0 +1,24 @@
+###
+#
+# Check for availability of DNS
+# returns $False if service is already
+#
+###
+# Parameters
+param(
+    [Parameter(HelpMessage="Service Name")]
+    [string] $Service,
+
+    # Only needed in Issuing Mode
+    [Parameter(HelpMessage="Full Qualified Domain Name to check")]
+    [string] $FQDN
+)
+
+Resolve-DnsName -Name $FQDN -DnsOnly > $null 2> $1
+if ($?)
+{
+    Write-Host "### ERROR, $Service with name '$FQDN' already exists. Please try another Bot Name."
+    return $False
+} else {
+    return $True
+}

Deploy/CreateOrImportSSL.ps1

@@ -0,0 +1,106 @@
+###
+#
+# Import existing or create/issue new SSL certificate
+#
+# This script will do following steps:
+#
+#   In Import Mode
+#   1. Execute Import script
+#
+#   In Issuing Mode
+#   1. Execute Issuing script
+#
+# 2. Terraform execution to activate certificate
+#
+# After the script is successfully executed the Bot should be in a usable from within Bot Framework Service (WebChat) and Emulator
+#
+###
+# Parameters
+param(
+    # Only needed in Issuing Mode
+    [Parameter(HelpMessage="Mail to be associated with Let's Encrypt certificate")]
+    [string] $YOUR_CERTIFICATE_EMAIL,
+
+    # Only needed in Issuing Mode
+    [Parameter(HelpMessage="The domain (CN) name for the SSL certificate")]
+    [string] $YOUR_DOMAIN,
+
+    [Parameter(HelpMessage="SSL CERT (PFX Format) file location")]
+    [string] $PFX_FILE_LOCATION,
+    
+    [Parameter(HelpMessage="SSL CERT (PFX Format) file password")]
+    [string] $PFX_FILE_PASSWORD,
+
+    [Parameter(HelpMessage="KeyVault certificate name")]
+    [string] $KEYVAULT_CERT_NAME = "SSLcert",
+
+    [Parameter(HelpMessage="Terraform and SSL creation Automation Flag. `$False -> Interactive, Approval `$True -> Automatic Approval")]
+    [bool] $AUTOAPPROVE = $False,
+
+    [Parameter(HelpMessage="Flag to determine if run from within OneClickDeploy.ps1")]
+    [bool] $ALREADYCONFIRMED = $False,
+
+    [Parameter(HelpMessage="Force Reimport or Reissuing if certificate already exists")]
+    [bool] $FORCE = $False,
+
+    [Parameter(HelpMessage="To change existing infrastructure, e.g. skips DNS check. `$False -> first run/no infrastructure, `$True -> subsequent run, existing infrastructure")]
+    [bool] $RERUN = $False
+)
+# Tell who you are
+Write-Host "`n`n# Executing $($MyInvocation.MyCommand.Name)"
+
+# Helper Variable
+$success = $True
+$sslexists = $False
+
+# Validate Input parameter combination
+$validationresult = .\ValidateParameter.ps1 -YOUR_CERTIFICATE_EMAIL $YOUR_CERTIFICATE_EMAIL -YOUR_DOMAIN $YOUR_DOMAIN -PFX_FILE_LOCATION $PFX_FILE_LOCATION -PFX_FILE_PASSWORD $PFX_FILE_PASSWORD -AUTOAPPROVE $AUTOAPPROVE -ALREADYCONFIRMED $ALREADYCONFIRMED
+
+# Check if SSL Certificate exists
+if ($FORCE -eq $False) 
+{
+    $sslexists = .\CheckExistingSSL.ps1 -KEYVAULT_CERT_NAME $KEYVAULT_CERT_NAME
+}
+
+if ($validationresult -and (-not $sslexists))
+{
+    # 0. Deactivate SSL Endpoints (needed if you want to change the SSL for a <yourbot>.trafficmanager.net domain - not needed for custom domain)
+    if ($FORCE -eq $True)
+    {
+        Write-Host "## 0. Deactivate SSL Endpoints"
+        .\DeactivateSSL.ps1
+        $success = $success -and $LASTEXITCODE
+    }
+
+    # 1. Import SSL Certificate to KeyVault
+    Write-Host "## 1. Import SSL Certificate to KeyVault"
+    if (Test-Path -Path $PFX_FILE_LOCATION)
+    {
+        # Import Mode
+        Write-Host "### Import Mode, load local PFX file"
+        # Execute Import Script
+        .\ImportSSL.ps1 -PFX_FILE_LOCATION $PFX_FILE_LOCATION -PFX_FILE_PASSWORD $PFX_FILE_PASSWORD -KEYVAULT_CERT_NAME $KEYVAULT_CERT_NAME
+        $success = $success -and $LASTEXITCODE
+    }
+    else {
+        # Issuing Mode
+        Write-Host "### Issuing Mode, issue new certificate and directly upload it to KeyVault from within a container"
+        .\CreateSSL.ps1 -YOUR_CERTIFICATE_EMAIL $YOUR_CERTIFICATE_EMAIL -YOUR_DOMAIN $YOUR_DOMAIN -KEYVAULT_CERT_NAME $KEYVAULT_CERT_NAME -AUTOAPPROVE $AUTOAPPROVE
+        $success = $success -and $LASTEXITCODE
+    }
+    
+}
+elseif ($sslexists -eq $True) {
+    Write-Host "### WARNING, SSL Certificate with KeyVault name-key '$KEYVAULT_CERT_NAME' already exists.`n### If you want to recreate/upload a new one please use -FORCE `$True parameter."
+}
+
+if ((($success -eq $True) -and ($validationresult -eq $True)) -or ($RERUN -eq $True))
+{
+    # 2. Activate SSL Endpoint
+    Write-Host "## 2. Activate SSL Endpoints"
+    .\ActivateSSL.ps1 -YOUR_DOMAIN $YOUR_DOMAIN -AUTOAPPROVE $AUTOAPPROVE
+    $success = $success -and $LASTEXITCODE
+}
+
+# Return execution status
+exit $success

Deploy/CreateRegionVariableFile.ps1

@@ -0,0 +1,39 @@
+###
+#
+# Create Region Variable File for Terraform
+#
+# This script will do following steps:
+#
+# 1.  Create content for variable file
+#
+###
+# Parameters
+param(
+    [Parameter(Mandatory=$True, HelpMessage="Filename to use")]
+    [string] $FILENAME,
+
+    [Parameter(HelpMessage="Regions to deploy the Bot to")]
+    [string[]] $BOT_REGIONS = @("koreacentral", "southeastasia")
+)
+# Helper var
+$success = $True
+$priority = 0
+
+# Tell who you are
+Write-Host "`n`n# Executing $($MyInvocation.MyCommand.Name)"
+
+# 1.  Create content for variable file
+Write-Host "## 1.  Create content for variable file"
+
+# See IaC/variables.tf format for azure_bot_regions (here in json format)
+$content = '{ "azure_bot_regions" : [' + $BOT_REGIONS.ForEach({ 
+    "{ `"name`" : `"$_`", `"priority`" : $priority }," 
+    $priority++
+    })
+$content = $content.TrimEnd(",") + ']}'
+
+Set-Content -Path $azureBotRegions -Value $content
+$success = $success -and $?
+
+# Check successful execution
+exit $success