Search code examples
oauthazure-ad-msalazure-automationazure-authenticationbot-framework-composer

how tu run azure runbooks from a bot?

I need to run an azure automation runbook then get the results through a Bot Framework Composer built bot.

I will have to use HTTP call to the Azure Automation REST api endpoint from the bot context.

I can't find how to get the azure token for my bot? The only examples that I found are explaining how to get Oauth token on behalf of the user. However, the bot will NOT act on behalf of the user as the runbook is on limited access and should be run by the bot and not the user.

Edit: I ran accross this which seems good to my needs: https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-authentication?view=azure-bot-service-4.0

Solution

  • I am going to post the solution I used.

    1. create a service principal with Azure Cli (download it here https://aka.ms/installazurecliwindows)

    2. with Azure cli:

      az login

      az ad sp create-for-rbac --name "ServicePrincipalAccountName"

    --> this return AppId, Password & Tenant ID.

    1. Authenticate with this account. In Powershell it is:

      Add-Type -AssemblyName System.Web $clientId = "app id" $AppSecret = [System.Web.HttpUtility]::UrlEncode("password") $tenantId = "tenant id" $resource=[System.Web.HttpUtility]::UrlEncode(https://management.azure.com) $body = "client_id=${clientId}&client_secret=${appSecret}&grant_type=client_credentials&resource=${ressource}" $token = Invoke-RestMethod -Method POST -uri https://login.microsoftonline.com/${tenantId}/oauth2/token?api-version=1.0 -body $body -ContentType "application/x-www-form-urlencoded"

    If this works, you can simply use it in Bot Framework like this:

    bot framework composer auth