Update nodejs-typescript-food-catalog with Azure deployment workflow (#…

…64)

* WIP

* Add support for provisioning and deploying to Azure, and publishing to TAC

* Add support for provisioning and deploying to Azure, and publishing to Teams Admin Center

* Refactor env.js script

* Update sample.json with new updateDateTime value

* Update recommended extensions

* Change app registration audience to single tenant

* Update sample metadata and readme

* Update entra app registration with multi tenant audience

samples/nodejs-typescript-food-catalog/.funcignore

@@ -1,10 +1,16 @@
-*.js.map
-*.ts
 .git*
+_storage_emulator
+.tours
 .vscode
+appPackage
+assets
+env
+infra
+scripts
+*.ts
+*.js.map
 local.settings.json
-test
-getting_started.md
-node_modules/@types/
-node_modules/azure-functions-core-tools/
-node_modules/typescript/
+readme.md
+teamsapp.local.yml
+teamsapp.yml
+tsconfig.json

samples/nodejs-typescript-food-catalog/.tours/ttk.tour

@@ -103,17 +103,17 @@
         "line": 35
       },
       {
-        "file": "aad.manifest.json",
+        "file": "infra/entra/entra.manifest.json",
         "description": "This file represents the Microsoft Entra app registration used by the connector.",
         "line": 1
       },
       {
-        "file": "aad.manifest.json",
+        "file": "infra/entra/entra.manifest.json",
         "description": "The `requiredResourceAccess` array contains the permission scopes that are configured on the app registration.\r\n\r\nTo create a connection and ingest items, you'll need:\r\n\r\n- `ExternalConnection.ReadWrite.OwnedBy`\r\n- `ExternalItem.ReadWrite.OwnedBy`",
         "line": 7
       },
       {
-        "file": "aad.manifest.json",
+        "file": "infra/entra/entra.manifest.json",
         "description": "The `identifierUris` array represents the Application URI of the Microsoft Entra app registration and is used in the Teams app manifest.",
         "line": 22
       },

samples/nodejs-typescript-food-catalog/.vscode/extensions.json

@@ -1,5 +1,7 @@
 {
   "recommendations": [
-    "ms-azuretools.vscode-azurefunctions"
+    "ms-azuretools.vscode-azurefunctions",
+    "ms-azuretools.vscode-bicep",
+    "TeamsDevApp.ms-teams-vscode-extension"
   ]
 }

samples/nodejs-typescript-food-catalog/appPackage/manifest.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",
-  "version": "1.0.18",
+  "version": "1.0.25",
   "manifestVersion": "1.16",
   "id": "cda3f6a2-4b7e-4f9c-8c0a-3b5b7a9f1d0c",
   "packageName": "com.package.name",
@@ -24,11 +24,11 @@
   },
   "accentColor": "#FFFFFF",
   "validDomains": [
-    "${{NOTIFICATION_ENDPOINT}}"
+    "${{NOTIFICATION_DOMAIN}}"
   ],
   "webApplicationInfo": {
-    "id": "${{AAD_APP_CLIENT_ID}}",
-    "resource": "api://${{AAD_APP_CLIENT_ID}}"
+    "id": "${{ENTRA_APP_CLIENT_ID}}",
+    "resource": "api://${{ENTRA_APP_CLIENT_ID}}"
   },
   "graphConnector": {
     "notificationUrl": "${{NOTIFICATION_ENDPOINT}}/api/notification"

samples/nodejs-typescript-food-catalog/assets/sample.json

@@ -10,7 +10,7 @@
       "This sample project uses Teams Toolkit for Visual Studio Code to simplify the process of creating a Microsoft Graph connector that ingests data from a custom API to Microsoft Graph. It provides an end to end example of creating the connector, ingesting content and refreshing the ingested content on a schedule. It also includes the simplified admin experience which means that admins can toggle the connector on and off from the Microsoft Teams admin center."
     ],
     "creationDateTime": "2023-11-02",
-    "updateDateTime": "2024-09-02",
+    "updateDateTime": "2024-10-01",
     "products": [
       "Microsoft Graph connectors",
       "Microsoft Graph",

samples/nodejs-typescript-food-catalog/infra/azure.bicep

@@ -1,17 +1,132 @@
 param resourceBaseName string
 param location string = resourceGroup().location
 
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
+param appClientId string
+@secure()
+param appClientSecret string
+param appTenantId string
+
+// create storage account to store table data
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   name: resourceBaseName
   location: location
-  kind: 'StorageV2'
   sku: {
     name: 'Standard_LRS'
   }
+  kind: 'StorageV2'
+  properties: {
+    supportsHttpsTrafficOnly: true
+    defaultToOAuthAuthentication: true
+  }
+}
+
+// create app service plan for function app
+resource hostingPlan 'Microsoft.Web/serverfarms@2021-03-01' = {
+  name: resourceBaseName
+  location: location
+  sku: {
+    name: 'Y1'
+    tier: 'Dynamic'
+  }
+  properties: {}
+}
+
+// create function app
+resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
+  name: resourceBaseName
+  location: location
+  kind: 'functionapp'
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    serverFarmId: hostingPlan.id
+    siteConfig: {
+      ftpsState: 'FtpsOnly'
+      minTlsVersion: '1.2'
+    }
+    httpsOnly: true
+  }
+}
+
+
+// create azure key vault
+resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
+  name: resourceBaseName
+  location: location
+  properties: {
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: subscription().tenantId
+    accessPolicies: [
+      {
+        tenantId: subscription().tenantId
+        objectId: functionApp.identity.principalId
+        permissions: {
+          secrets: ['get', 'list']
+        }
+      }
+    ]
+  }
+}
+
+// add client secret to key vault
+resource appClientSecretVault 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' = {
+  parent: keyVault
+  name: 'clientSecret'
+  properties: {
+    value: appClientSecret
+  }
+}
+
+// add storage account connection string to key vault
+resource storageAccountConnectionStringVault 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' = {
+  parent: keyVault
+  name: 'storageAccountConnectionString'
+  properties: {
+    value: storageAccountConnectionString
+  }
+}
+
+// set app settings on the function app
+resource siteConfig 'Microsoft.Web/sites/config@2021-02-01' = {
+  name: 'appsettings'
+  parent: functionApp
+    properties: {
+      AzureWebJobsStorage: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=storageAccountConnectionString)'
+      WEBSITE_CONTENTAZUREFILECONNECTIONSTRING: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=storageAccountConnectionString)'
+      WEBSITE_CONTENTSHARE: toLower(resourceBaseName)
+      FUNCTIONS_EXTENSION_VERSION: '~4'
+      WEBSITE_NODE_DEFAULT_VERSION: '~18'
+      APPINSIGHTS_INSTRUMENTATIONKEY: applicationInsights.properties.InstrumentationKey
+      FUNCTIONS_WORKER_RUNTIME: 'node'
+      WEBSITE_RUN_FROM_PACKAGE: '1'
+      ENTRA_APP_CLIENT_ID: appClientId
+      ENTRA_APP_CLIENT_SECRET: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=clientSecret)'
+      ENTRA_APP_TENANT_ID: appTenantId
+      NOTIFICATION_ENDPOINT: notificationEndpoint
+      GRAPH_SCHEMA_STATUS_INTERVAL: '10'
+    }
+}
+
+// create application insights resource
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceBaseName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    Request_Source: 'rest'
+  }
 }
 
-// create a storage account connection string
 var storageAccountConnectionString = 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}'
+var notificationEndpoint = 'https://${functionApp.properties.defaultHostName}'
 
-// write the storage account connection string to environment file
+// output values to env.dev so they can be used by other actions
+output NOTIFICATION_FUNCTION_RESOURCE_ID string = functionApp.id
 output SECRET_STORAGE_ACCOUNT_CONNECTION_STRING string = storageAccountConnectionString
+output NOTIFICATION_ENDPOINT string = notificationEndpoint
+output NOTIFICATION_DOMAIN string = functionApp.properties.defaultHostName

samples/nodejs-typescript-food-catalog/infra/azure.parameters.json

@@ -1,9 +1,18 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-      "resourceBaseName": {
-        "value": "connector${{RESOURCE_SUFFIX}}"
-      }
+  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "resourceBaseName": {
+      "value": "connector${{RESOURCE_SUFFIX}}"
+    },
+    "appClientId": {
+      "value": "${{ENTRA_APP_CLIENT_ID}}"
+    },
+    "appClientSecret": {
+      "value": "${{SECRET_ENTRA_APP_CLIENT_SECRET}}"
+    },
+    "appTenantId": {
+      "value": "${{ENTRA_APP_TENANT_ID}}"
     }
-  }
+  }
+}

samples/nodejs-typescript-food-catalog/aad.manifest.json → samples/nodejs-typescript-food-catalog/infra/entra/entra.manifest.json

@@ -1,9 +1,9 @@
 {
-  "id": "${{AAD_APP_OBJECT_ID}}",
-  "appId": "${{AAD_APP_CLIENT_ID}}",
+  "id": "${{ENTRA_APP_OBJECT_ID}}",
+  "appId": "${{ENTRA_APP_CLIENT_ID}}",
   "name": "${{APP_NAME}}-${{TEAMSFX_ENV}}",
   "accessTokenAcceptedVersion": 2,
-  "signInAudience": "AzureADMultipleOrgs",
+  "signInAudience": "AzureADMyOrg",
   "requiredResourceAccess": [
     {
       "resourceAppId": "Microsoft Graph",
@@ -19,6 +19,6 @@
       ]
     }
   ],
-  "identifierUris": ["api://${{AAD_APP_CLIENT_ID}}"],
+  "identifierUris": ["api://${{ENTRA_APP_CLIENT_ID}}"],
   "replyUrlsWithType": []
 }