Recently I had a discussion with Sam Vanhoutte at the Belgium Usergroup about an article he wrote about configuring permissions for Service Bus Relays.  Sam was spot on that many projects do not implement tight security around Service Bus because configuring detailed permissions is not as easy as we would like.  This made me think back to some stuff I did about configuring Service Bus permissions.  The tooling for Service Bus around the Azure portal and Service Bus Explorer is pretty good but there are a couple of cases which I would like to automate which I needed to build my own tools to do and I have got around to writing about them, and also including the code snippet from Sam’s article so Relay’s can be managed in the same way.

For the real world service bus projects we did, the usual process I used for ALM around Service Bus configuration was:

  1. Use service bus explorer to manually create the service bus queue and topic configuration
  2. Export the configuration and manage it as a resource in TFS
  3. Deploy the configuration to service bus using Powershell or MsBuild using the AppFx.ServiceBus.Build widgets

The next bit I want to add to this process is:

  • Apply the authorization rules to Service Bus to lock down security
  • Produce a report so I can easily see what authorization rules have been applied

The reason I chose to lock down Service Bus after applying the queue configuration was that I felt that it would be a simpler approach keeping Service Bus Explorer easier to use and not having to manipulate anything in the config export as we go across environments.  We could focus on the authorization bit as an optional step we might only do in certain test environments and production so that developers arent tripping themselves up all of the time in development by missing a step.  By having this as a seperate step it would also allow us to add a change script approach when we wanted to add more permissions later rather than having to rebuild messaging entities or doing it all by hand.

The code sample below includes a console application and some sample command files which will run various scenarios to help automate these tasks.  The idea being that it will be easy for me to setup the required

Demo

The below video will demonstrate how to use these tools

Code

The code for this demo is available at the following location:

http://cscblogsamples.blob.core.windows.net/publicblogsamples/AppFx.ServiceBus.AuthorizationManager.zip

 

Buy Me A Coffee