[Solved] Bot Cloning in Azure

Question

So it is possible to solve this programatically. I went about it using Powershell scripts, specifically Azure CLI and Azure Powershell. However, I believe that the standard is via Terraform (aka TF) or Pulumi and if I had to do this again I would probably use one of those IaaS tools. Especially since these tools do not depend on order of configuration (at least TF does not), whereas the Powershell scripting does.

Regarding the scripting, you can configure a resource group, an application registration and its settings (service principal and app credential), and the azure bot service and its settings.

I had to somewhat reverse engineer this process, so I personally would recommend starting with the Get-AzBotService command to see what you need to duplicate from your bot (note that you may prefer the Azure CLI version of this command: az bot show).

I also recommend using the Azure CLI to set up the bot service as it offers more fine control than Azure Powershell.

Note that I will just be using variable name holders for each field in the Powershell commands. I realize this might not result in the clearest explanation, but my use case had more configuration details than what I believe the average use case had and MS does have documentation on each field under each of the Powershell commands. However, if a future reader would like even more details, comment below and I’ll happily supplement whatever MS docs are not clear.

You will need to start by logging into both Azure CLI and Azure Powershell. I recommend using these code blocks so you don’t always have the login tab open in your browser:

$loginStatus = Get-AzContext
if ( -not ($loginStatus) ) {
    Connect-AzAccount
    $subscription_id = Get-AzSubscription
    Set-AzContext -SubscriptionId ($subscription_id)
}

and

$loginStatusAz = az account show
if ( -not ($loginStatusAz) ) {
    az login
}

I first recommend creating the resource group for your bot:
New-AzResourceGroup -Location $location -Name $resourceGroupName

Next, I would create the application registration for your application:

$appInfo = New-AzAdApplication `
    -DisplayName $registrationName `
    -Web $webConfig`
    -ReplyUrl $replyUrls `
    -IdentifierUri $identifierUris `
    -Api $api `
    -SignInAudience $signInAudience

One note here – make sure your configuration of the -SignInAudience flag results in your application being multi-tenant. I found that my use case had issues otherwise. Also, depending on how you configure this, you may need to use Update-AzADApplication after creating a basic application registration with New-AzAdApplication. So in my case I would create the application registration with just the -DisplayName and -Web flags configured and then update it with the rest of the information.

You can configure other settings if you would like – I had to for my use case, but I won’t go into too much more detail here. If something more complicated is needed I would recommend using TF at this point, as it is easier to determine how to configure more complex settings of an application registration that way compared to using Powershell scripting.

Creating the service principal and application credentials:

New-AzAdServicePrincipal -ApplicationId $appInfo.AppId

$secretInfo = New-AzADAppCredential -ObjectId $appInfo.Id

Note: I would save the secret creds for future use.

To create the bot:

az bot create `
    --app-type $appType `
    --appid $appInfo.AppId `
    --name $botName `
    --resource-group $resourceGroupName `
    --endpoint $messagingEndpoint `
    --sku $sku

To add channel configurations to the bot:

az bot msteams create `
    --name $botName `
    --resource-group $resourceGroupName

You may need a different command – this is specific to the MS teams channel, but the az bot command should have more documentation for it.

To add authsetting to the bot:

az bot authsetting create `
    --client-id $appInfo.AppId `
    --client-secret $secretInfo.SecretText `
    --name $botName `
    --provider-scope-string $providerScopeString `
    --resource-group $resourceGroupName `
    --service $serviceName `
    --setting-name $connectionName `
    --parameters "tenantId=$($tenantId)" "tokenExchangeUrl=$($tokenExchangeUrl)"

You may need to change your parameters depeninding on what type of auth connection service you use – I was using oauth.

That’s more or less it from a high level. Again, if more questions/details are needed, happy to update, but I believe this is a really good starting point for anyone who needs to create/duplicate a bot in Azure programatically.

Here are the docs for the commands I used and some that may be useful:

New-AzResourceGroup
New-AzAdApplication
Update-AzADApplication (might be useful)
New-AzAdServicePrincipal
New-AzADAppCredential
az bot

Accepted Answer

So it is possible to solve this programatically. I went about it using Powershell scripts, specifically Azure CLI and Azure Powershell. However, I believe that the standard is via Terraform (aka TF) or Pulumi and if I had to do this again I would probably use one of those IaaS tools. Especially since these tools do not depend on order of configuration (at least TF does not), whereas the Powershell scripting does.

Regarding the scripting, you can configure a resource group, an application registration and its settings (service principal and app credential), and the azure bot service and its settings.

I had to somewhat reverse engineer this process, so I personally would recommend starting with the Get-AzBotService command to see what you need to duplicate from your bot (note that you may prefer the Azure CLI version of this command: az bot show).

I also recommend using the Azure CLI to set up the bot service as it offers more fine control than Azure Powershell.

Note that I will just be using variable name holders for each field in the Powershell commands. I realize this might not result in the clearest explanation, but my use case had more configuration details than what I believe the average use case had and MS does have documentation on each field under each of the Powershell commands. However, if a future reader would like even more details, comment below and I’ll happily supplement whatever MS docs are not clear.

You will need to start by logging into both Azure CLI and Azure Powershell. I recommend using these code blocks so you don’t always have the login tab open in your browser:

$loginStatus = Get-AzContext
if ( -not ($loginStatus) ) {
    Connect-AzAccount
    $subscription_id = Get-AzSubscription
    Set-AzContext -SubscriptionId ($subscription_id)
}

and

$loginStatusAz = az account show
if ( -not ($loginStatusAz) ) {
    az login
}

I first recommend creating the resource group for your bot:
New-AzResourceGroup -Location $location -Name $resourceGroupName

Next, I would create the application registration for your application:

$appInfo = New-AzAdApplication `
    -DisplayName $registrationName `
    -Web $webConfig`
    -ReplyUrl $replyUrls `
    -IdentifierUri $identifierUris `
    -Api $api `
    -SignInAudience $signInAudience

One note here – make sure your configuration of the -SignInAudience flag results in your application being multi-tenant. I found that my use case had issues otherwise. Also, depending on how you configure this, you may need to use Update-AzADApplication after creating a basic application registration with New-AzAdApplication. So in my case I would create the application registration with just the -DisplayName and -Web flags configured and then update it with the rest of the information.

You can configure other settings if you would like – I had to for my use case, but I won’t go into too much more detail here. If something more complicated is needed I would recommend using TF at this point, as it is easier to determine how to configure more complex settings of an application registration that way compared to using Powershell scripting.

Creating the service principal and application credentials:

New-AzAdServicePrincipal -ApplicationId $appInfo.AppId

$secretInfo = New-AzADAppCredential -ObjectId $appInfo.Id

Note: I would save the secret creds for future use.

To create the bot:

az bot create `
    --app-type $appType `
    --appid $appInfo.AppId `
    --name $botName `
    --resource-group $resourceGroupName `
    --endpoint $messagingEndpoint `
    --sku $sku

To add channel configurations to the bot:

az bot msteams create `
    --name $botName `
    --resource-group $resourceGroupName

You may need a different command – this is specific to the MS teams channel, but the az bot command should have more documentation for it.

To add authsetting to the bot:

az bot authsetting create `
    --client-id $appInfo.AppId `
    --client-secret $secretInfo.SecretText `
    --name $botName `
    --provider-scope-string $providerScopeString `
    --resource-group $resourceGroupName `
    --service $serviceName `
    --setting-name $connectionName `
    --parameters "tenantId=$($tenantId)" "tokenExchangeUrl=$($tokenExchangeUrl)"

You may need to change your parameters depeninding on what type of auth connection service you use – I was using oauth.

That’s more or less it from a high level. Again, if more questions/details are needed, happy to update, but I believe this is a really good starting point for anyone who needs to create/duplicate a bot in Azure programatically.

Here are the docs for the commands I used and some that may be useful:

New-AzResourceGroup
New-AzAdApplication
Update-AzADApplication (might be useful)
New-AzAdServicePrincipal
New-AzADAppCredential
az bot