Added support to import / publish flows for PVA GCC High env (microso…

…ft#8554)

Composer/packages/electron-server/src/auth/oneAuthService.ts

@@ -146,7 +146,7 @@ export class OneAuthInstance extends OneAuthBase {
       // use the signed in account to acquire a token
       const reqParams = new this.oneAuth.AuthParameters(
         DEFAULT_AUTH_SCHEME,
-        DEFAULT_AUTH_AUTHORITY,
+        params.authority || DEFAULT_AUTH_AUTHORITY,
         params.targetResource,
         this.signedInAccount.realm,
         ''
@@ -168,7 +168,7 @@ export class OneAuthInstance extends OneAuthBase {
         // use the signed in account to acquire a token
         const reqParams = new this.oneAuth.AuthParameters(
           DEFAULT_AUTH_SCHEME,
-          DEFAULT_AUTH_AUTHORITY,
+          params.authority || DEFAULT_AUTH_AUTHORITY,
           params.targetResource,
           this.signedInAccount.realm,
           ''
@@ -341,7 +341,7 @@ export class OneAuthInstance extends OneAuthBase {
       // sign-in every time with auth parameters to get a token
       const reqParams = new this.oneAuth.AuthParameters(
         DEFAULT_AUTH_SCHEME,
-        DEFAULT_AUTH_AUTHORITY,
+        params.authority || DEFAULT_AUTH_AUTHORITY,
         params.targetResource,
         '',
         ''

Composer/packages/server/src/externalContentProvider/__tests__/powerVirtualAgentsProvider.test.ts

@@ -5,6 +5,7 @@ import { join } from 'path';
 
 import {
   PowerVirtualAgentsProvider,
+  PVA_GCC_HIGH_APP_ID,
   PVA_GOV_APP_ID,
   PVA_PROD_APP_ID,
   PVA_TEST_APP_ID,
@@ -208,4 +209,17 @@ describe('Power Virtual Agents provider', () => {
     expect(credentials.targetResource).toBe(PVA_GOV_APP_ID);
     expect(accessToken).toBe('accessToken');
   });
+
+  it('should authenticate with credentials for the GCC High / gov environment', async () => {
+    provider = new PowerVirtualAgentsProvider({
+      ...metadata,
+      baseUrl: 'https://high.api.powerva.microsoft.us/api/botmanagement/v1',
+    });
+    const accessToken = await provider.authenticate();
+
+    const args = mockGetAccessToken.mock.calls[0];
+    const credentials = args[0];
+    expect(credentials.targetResource).toBe(PVA_GCC_HIGH_APP_ID);
+    expect(accessToken).toBe('accessToken');
+  });
 });

Composer/packages/server/src/externalContentProvider/powerVirtualAgentsProvider.ts

@@ -19,6 +19,7 @@ const COMPOSER_1P_APP_ID = 'ce48853e-0605-4f77-8746-d70ac63cc6bc';
 export const PVA_TEST_APP_ID = 'a522f059-bb65-47c0-8934-7db6e5286414';
 export const PVA_PROD_APP_ID = '96ff4394-9197-43aa-b393-6a41652e21f8';
 export const PVA_GOV_APP_ID = '9315aedd-209b-43b3-b149-2abff6a95d59';
+export const PVA_GCC_HIGH_APP_ID = '69c6e40c-465f-4154-987d-da5cba10734e';
 
 export type PowerVirtualAgentsMetadata = IContentProviderMetadata & {
   baseUrl: string;
@@ -30,7 +31,7 @@ export type PowerVirtualAgentsMetadata = IContentProviderMetadata & {
   triggerId?: string;
 };
 
-const getAuthCredentials = (baseUrl: string) => {
+const getAuthCredentials = (baseUrl: string, metadata: PowerVirtualAgentsMetadata) => {
   const url = new URL(baseUrl);
   if (url.hostname.includes('.int.') || url.hostname.includes('.ppe.')) {
     log('Using INT / PPE auth credentials.');
@@ -46,6 +47,14 @@ const getAuthCredentials = (baseUrl: string) => {
       scopes: [`${PVA_GOV_APP_ID}/.default`],
       targetResource: PVA_GOV_APP_ID,
     };
+  } else if (url.hostname.includes('high.api.powerva.microsoft.us')) {
+    log('Using GCC High auth credentials.');
+    return {
+      authority: `https://login.microsoftonline.us/${metadata.tenantId}`,
+      clientId: COMPOSER_1P_APP_ID,
+      scopes: [`${PVA_GCC_HIGH_APP_ID}/.default`],
+      targetResource: PVA_GCC_HIGH_APP_ID,
+    };
   }
   log('Using PROD auth credentials.');
   return {
@@ -82,6 +91,12 @@ const getBaseUrl = () => {
       return url;
     }
 
+    case 'gcc-high': {
+      const url = 'https://high.api.powerva.microsoft.us/api/botmanagement/v1';
+      log('GCC High env detected, grabbing PVA content from %s', url);
+      return url;
+    }
+
     default: {
       const url = 'https://bots.int.customercareintelligence.net/api/botmanagement/v1';
       log('No env flag detected, grabbing PVA content from %s', url);
@@ -162,7 +177,7 @@ export class PowerVirtualAgentsProvider extends ExternalContentProvider<PowerVir
     try {
       // login to the 1P app and get an access token
       const { baseUrl } = this.metadata;
-      const authCredentials = getAuthCredentials(baseUrl || getBaseUrl());
+      const authCredentials = getAuthCredentials(baseUrl || getBaseUrl(), this.metadata);
       const accessToken = await authService.getAccessToken(authCredentials);
       if (accessToken === '') {
         throw 'User cancelled login flow.';

Composer/packages/types/src/auth.ts

@@ -2,6 +2,12 @@
 // Licensed under the MIT License.
 
 export type AuthParameters = {
+  /** What login endpoint to use
+   *
+   * ex: https://login.microsoftonline.com/common
+   */
+  authority?: string;
+
   /** (Web) Client ID of the AAD app that the user is authenticating against. */
   clientId?: string;
   /** (Web) List of OAuth scopes that will be granted once the user has authenticated. */
@@ -16,6 +22,12 @@ export type AuthParameters = {
 };
 
 export type ElectronAuthParameters = {
+  /** What login endpoint to use
+   *
+   * ex: https://login.microsoftonline.com/common
+   */
+  authority?: string;
+
   /**
    * The resource for which we want to get a token for.
    *

extensions/pvaPublish/src/node/constants.ts

@@ -30,11 +30,17 @@ export const AUTH_CREDENTIALS = {
     scopes: ['9315aedd-209b-43b3-b149-2abff6a95d59/.default'],
     targetResource: '9315aedd-209b-43b3-b149-2abff6a95d59',
   },
+  GCC_HIGH: {
+    clientId: COMPOSER_1P_APP_ID,
+    scopes: ['69c6e40c-465f-4154-987d-da5cba10734e/.default'],
+    targetResource: '69c6e40c-465f-4154-987d-da5cba10734e',
+  },
 };
 
 export const BASE_URLS = {
   INT: 'https://bots.int.customercareintelligence.net/',
   PPE: 'https://bots.ppe.customercareintelligence.net/',
   PROD: 'https://powerva.microsoft.com/',
   GCC: 'https://gcc.api.powerva.microsoft.us/',
+  GCC_HIGH: 'https://high.api.powerva.microsoft.us/',
 };

extensions/pvaPublish/src/node/publish.ts

@@ -42,7 +42,7 @@ export const publish = async (
     logger.log('Starting publish to Power Virtual Agents.');
     // authenticate with PVA
     const base = baseUrl || getBaseUrl();
-    const creds = getAuthCredentials(base);
+    const creds = getAuthCredentials(base, tenantId);
     const accessToken = await getAccessToken(creds);
 
     // write the .zip to a buffer in memory
@@ -162,7 +162,7 @@ export const getStatus = async (
   try {
     // authenticate with PVA
     const base = baseUrl || getBaseUrl();
-    const creds = getAuthCredentials(base);
+    const creds = getAuthCredentials(base, tenantId);
     const accessToken = await getAccessToken(creds);
 
     // check the status for the publish job
@@ -223,7 +223,7 @@ export const history = async (
   try {
     // authenticate with PVA
     const base = baseUrl || getBaseUrl();
-    const creds = getAuthCredentials(base);
+    const creds = getAuthCredentials(base, tenantId);
     const accessToken = await getAccessToken(creds);
 
     // get the publish history for the bot
@@ -257,7 +257,7 @@ export const pull = async (
   try {
     // authenticate with PVA
     const base = baseUrl || getBaseUrl();
-    const creds = getAuthCredentials(base);
+    const creds = getAuthCredentials(base, tenantId);
     const accessToken = await getAccessToken(creds);
 
     // fetch zip containing bot content

extensions/pvaPublish/src/node/utils.spec.ts

@@ -41,6 +41,11 @@ describe('should return the proper PVA base URL for the environment', () => {
     Object.assign(process.env, { COMPOSER_PVA_PUBLISH_ENV: 'GCC' });
     expect(getBaseUrl()).toBe(BASE_URLS.GCC);
   });
+
+  it('gcc high', () => {
+    Object.assign(process.env, { COMPOSER_PVA_PUBLISH_ENV: 'GCC-HIGH' });
+    expect(getBaseUrl()).toBe(BASE_URLS.GCC_HIGH);
+  });
 });
 
 describe('it should return the proper PVA auth parameters for the base URL', () => {
@@ -71,4 +76,13 @@ describe('it should return the proper PVA auth parameters for the base URL', ()
     const url = 'https://gcc.api.powerva.microsoft.us/api/botmanagement/v1';
     expect(getAuthCredentials(url)).toEqual(AUTH_CREDENTIALS.GCC);
   });
+
+  it('gcc high', () => {
+    const url = 'https://high.api.powerva.microsoft.us/api/botmanagement/v1';
+    const tenantId = '1234-6789-abcd-efgh';
+    expect(getAuthCredentials(url, tenantId)).toEqual({
+      ...AUTH_CREDENTIALS.GCC_HIGH,
+      authority: `https://login.microsoftonline.us/${tenantId}`,
+    });
+  });
 });

extensions/pvaPublish/src/node/utils.ts

@@ -34,6 +34,12 @@ export const getBaseUrl = () => {
       return url;
     }
 
+    case 'gcc-high': {
+      const url = BASE_URLS.GCC_HIGH;
+      logger.log('gcc high pva publish env detected, operation using PVA url: ', url);
+      return url;
+    }
+
     default: {
       const url = BASE_URLS.PROD;
       logger.log('No pva publish env detected, operation using PVA url: ', url);
@@ -46,7 +52,7 @@ export const getBaseUrl = () => {
  * Looks at the base URL for a request and returns the necessary authentication parameters
  * to get an access token for the resource.
  */
-export const getAuthCredentials = (baseUrl = '') => {
+export const getAuthCredentials = (baseUrl = '', tenantId?: string) => {
   if (baseUrl) {
     const host = new URL(baseUrl).host;
 
@@ -56,6 +62,11 @@ export const getAuthCredentials = (baseUrl = '') => {
       return AUTH_CREDENTIALS.PPE;
     } else if (host === 'gcc.api.powerva.microsoft.us') {
       return AUTH_CREDENTIALS.GCC;
+    } else if (host === 'high.api.powerva.microsoft.us') {
+      return {
+        ...AUTH_CREDENTIALS.GCC_HIGH,
+        authority: `https://login.microsoftonline.us/${tenantId}`,
+      };
     }
   }
   // fall back to prod