是否可以在没有“管理"权限策略的情况下将MassTransit 3与Azure Service Bus一起使用? [英] Is it possible to use MassTransit 3 with Azure Service Bus without Manage permission policy?
问题描述
我花了几天的时间测试 MassTransit 3.1.2 ,以查看我们是否可以在应用程序中将其与 Azure Service Bus 一起使用.
I spent some days testing MassTransit 3.1.2 to see if we can use it with Azure Service Bus in our applications.
我使用MassTransit.AzureServiceBus(3.1.2)通过两个控制台应用程序制作了一个示例:一个发布者和一个订阅者.
I made a sample with two console applications using MassTransit.AzureServiceBus (3.1.2) : one publisher and one suscriber.
效果很好.当我启动应用程序时,实体(队列,主题,订阅)是在Azure上的命名空间上自动创建的.
当您测试事物但在生产中时,这很好,我不希望该应用程序被允许创建实体.我们想提前创建它们.
It works well. When I start the applications, the entities (queues, topic, subscriptions) are created automatically on my namespace on Azure.
That's nice when you are testing thing but in production, I don't want the application to be allowed to create entities. We want to create them upfront.
为此,我认为使用具有SAS策略且仅具有发送" 或监听" 权限的总线是一个好主意(在我之前使用具有管理" 权限的名称空间策略).
To try that, I thought It was a good idea to connect to the bus using SAS policy with "Send" or "Listen" permissions only (before I was using a namespace policy with "Manage" permission).
现在,我在这一点上苦苦挣扎,无法正常工作,总是遇到401错误如果我不使用政策,则需要管理此操作的声明拥有管理"权限.
我尝试直接在名称空间或实体上设置策略,但没有成功.
Now I'm struggling on this point, I can't get it to work, I'm always getting 401 errors Manage claim is required for this operation if I don't use a policy with "Manage" permissions.
I tried setting the policy on the namespace or the entities directly without success.
之后,我分析了堆栈跟踪异常(用[...]省略了无用的部分):
After that I analyzed the stack trace exception (useless part omitted with [...]) :
System.UnauthorizedAccessException: Le serveur distant a retourné une erreur : (401) Non autorisé. Manage claim is required for this operation. TrackingId:2ca420e3-aac6-467c-bacb-6e051dbc3e39_G47,TimeStamp:1/29/2016 11:20:41 PM ---> System.Net.WebException: Le serveur distant a retourné une erreur : (401) Non autorisé.
à System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
à Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>b__3c(GetAsyncResult`1 thisPtr, IAsyncResult r)
à Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)
--- Fin de la trace de la pile d'exception interne ---
Server stack trace:
Exception rethrown at [0]:
à Microsoft.ServiceBus.Common.ExceptionDispatcher.Throw(Exception exception)
à Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
à Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
à Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.EndGet[TEntityDescription](IAsyncResult asyncResult, String[]& resourceNames)
à Microsoft.ServiceBus.NamespaceManager.EndGetQueue(IAsyncResult result)
à System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
[...]
à MassTransit.AzureServiceBusTransport.NamespaceManagerExtensions.<CreateQueueSafeAsync>d__1.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
[...]
à MassTransit.AzureServiceBusTransport.Pipeline.PrepareReceiveQueueFilter.<Send>d__5.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
[...]
à MassTransit.AzureServiceBusTransport.ServiceBusReceiveTransport.<>c__DisplayClass12_0.<<Receiver>b__0>d.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
[...]
à MassTransit.Internals.Extensions.TaskExtensions.<WithCancellation>d__0`1.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception
[...]
à MassTransit.MassTransitBus.<StartAsync>d__30.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
à System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
à MassTransit.MassTransitBus.<StartAsync>d__30.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
à System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
à System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
à MassTransit.Util.TaskUtil.Await[T](Func`1 taskFactory, CancellationToken cancellationToken)
à MassTransit.MassTransitBus.MassTransit.IBusControl.Start()
我发现 MassTransit.AzureServiceBusTransport.NamespaceManagerExtensions.CreateQueueSafeAsync 所在的行非常有趣,因为我能够查看MassTransit源代码以查看其功能.我看到它正在使用NamespaceManager进行一些调用以获取队列或主题.
I found out that the line with MassTransit.AzureServiceBusTransport.NamespaceManagerExtensions.CreateQueueSafeAsync to be really interesting because I was able to look at the MassTransit source code to see what it was doing. I saw that it was doing some calls using the NamespaceManager to get the queue or topic.
由于该类的名称为 NamespaceManager ,所以我认为这意味着您仍然需要"管理"权限.
为此,我仅使用Azure SDK制作了一个基本的控制台应用程序,使用仅具有监听"或发送"权限的策略对NamespaceManager进行了一些调用:在所有尝试的调用上都出现401错误.添加管理"权限有效.
Since this class is named NamespaceManager, I thought that would mean you need "Manage" permission anyway.
To try that, I made a basic console application using only the Azure SDK to make some calls to the NamespaceManager using a policy with only Listen or Send permissions : I got 401 errors on all the calls I tried. Adding Manage permission worked.
我在Azure文档中没有找到关于此假设的任何信息,或者我错过了一些东西.
I didn't find anything about this assumption in the Azure documentation or maybe I missed something.
是否有一种方法仅在Azure Service Bus上使用MassTransit且仅具有发送"或侦听"策略?我错过了什么吗,我走错了路吗?
Is there a way to use MassTransit on Azure Service Bus with a Send or Listen policy only ? Did I miss something and I'm heading the wrong way ?
推荐答案
由于MassTransit负责管理服务总线名称空间的拓扑,包括创建主题和队列以及创建和绑定订阅,因此需要管理权限.
Because MassTransit is responsible for managing the topology of the service bus namespace, including creating topics and queues as well as creating and binding subscriptions, the manage permission is required.
虽然您可能会认为手动创建生产中的所有内容并将该权限留给应用程序是一个好主意,但您总是会花时间弄清楚为什么生产中会出现问题并使工程师感到沮丧.我从经验上讲过这一点-这就是为什么我们需要获得许可.
While you might think it's a great idea to create everything in production manually and leave that permission off your application, you will always spend time figuring out why things are broken in production and frustrate your engineers. I speak from experience on this one -- it's why we require the permission.
还为总线管理创建了自动删除队列,这同样需要管理权限.
There are also auto-delete queues created for bus management, which again requires the manage permission.
这篇关于是否可以在没有“管理"权限策略的情况下将MassTransit 3与Azure Service Bus一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
