85.bot-authentication-sni for Python works with tunneling, but fails when you deploy in Azure using template-BotApp-with-rg.json due to missing variables necessary for SN+I certfiicate #4031
Description
Github issues for C# /JS / Java/ Python should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.
Sample information
- Sample type: [\samples\ or \solutions] samples
- Sample language: [dotnetcore or webapi or es6 or nodejs or typescript] python
- Sample name: 85.bot-authentication-sni (https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/python/wip/85.bot-authentication-sni)
Describe the bug
Need to add additional variables in template-BotApp-with-rg.json for the keyvault to retrieve certificate.
{
"name": "MicrosoftAppKeyVaultName",
"value": "[parameters('keyVaultName')]"
},
{
"name": "MicrosoftAppCertificateName",
"value": "[parameters('certificateName')]"
},
{
"name": "MicrosoftAppCertificateThumbprint",
"value": "[parameters('certificateThumbprint')]"
},
In parameters-for-template-BotApp-with-rg.json you also need to make sure to map it
"keyVaultName": {
"value": "<INSERT>"
},
"certificateName": {
"value": "<INSERT>"
},
"certificateThumbprint": {
"value": "<INSERT>"
},
Azure CLI fails when running
az deployment group create --resource-group <> --template-file template-BotApp-with-rg.json --parameters parameters-for-template-BotApp-with-rg.json
To Reproduce
Steps to reproduce the behavior:
- https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/python/wip/85.bot-authentication-sni
- create an Entra app and add necessary info into manifest for certificate
- Create keyvault and add certificate
- enter variables into parameters-for-template-BotApp-with-rg.json
- az deployment group create --resource-group <> --template-file template-BotApp-with-rg.json --parameters parameters-for-template-BotApp-with-rg.json
- enter variables into parameters for template-AzureBot-with-rg.json
- notice failure
- update parameters to include KeyVaultName, certificateName, certificateThumbprint
- az deployment group create --resource-group <> --template-file template-AzureBot-with-rg.json --parameters parameters-for-template-AzureBot-with-rg.json
- az webapp deploy --resource-group <> --name <> --src <>
- test in webchat of Azure bot
Expected behavior
I expect the CLI to say deployment was successful. Furthermore, I expect this to work from the test in webapp when deployed to Azure.
{"code": "InvalidTemplate", "message": "Deployment template validation failed: 'The following parameters were supplied, but do not correspond to any parameters defined in the template: 'UMSIName, UMSIResourceGroupName'. The parameters defined in the template are: 'groupName, groupLocation, azureBotId, azureBotSku, azureBotRegion, botEndpoint, appType, appId, tenantId'. Please see https://aka.ms/arm-pass-parameter-values for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 0, "linePosition": 0, "path": ""}}]}
If applicable, add screenshots to help explain your problem.
Additional context
I got rid of UMSIName, UMSIResourceGroupName and added keyVaultName, certficateName, and certficateThumbprint in the parameters. The Azure CLI deployment is successful after that, however, the webapp still fails to respond and appears to fail to start up due to the following from the log stream from Azure webapp
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.