Azure Service Bus Queues and SAS with ARM templates

20/12/2015

Previously I posted about how to create Azure Service Bus topics with ARM templates. This post is a follow up where I show how to create Service Bus queues (in case you didn’t figure it out already). In addition I will also, by popular demand, show how to create Shared Access Signatures policies for a specific queue instead of for the entire namespace as I did in the first post.

Lets look at the complete template. To shorten the template I have not included my trick to generate the primary and secondary keys in this template, but you can read about it in my first post.
[js]
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sbNamespace": {
"type": "string",
"metadata": {
"description": "The service bus namespace"
}

},
"primaryKey": {
"type": "string",
"defaultValue": "DG4TcCs+XnDN83VZcT2e5NfVeSFvTuiYUiWtXhxnJ2s="
},
"secondaryKey": {
"type": "string",
"defaultValue": "tegikp1IoeEFCF9NRSV78nYomDlFjsz21X9aVKPL4Eo="
}
},
"variables": {
"location": "[resourceGroup().location]",
"sbVersion": "2014-09-01",
"namespaceName": "[concat(parameters(‘sbNamespace’),uniqueString(resourceGroup().id))]",
"queueName": "testQueue"
},
"resources": [
{
"apiVersion": "[variables(‘sbVersion’)]",
"name": "[variables(‘namespaceName’)]",
"type": "Microsoft.ServiceBus/namespaces",
"location": "[variables(‘location’)]",
"properties": {
"messagingSku": 2
},
"resources": [
{
"apiVersion": "[variables(‘sbVersion’)]",
"name": "[variables(‘queueName’)]",
"type": "Queues",
"dependsOn": [
"[concat(‘Microsoft.ServiceBus/namespaces/’, variables(‘namespaceName’))]"
],
"properties": {
"path": "[variables(‘queueName’)]"
},
"resources": [
{
"apiVersion": "[variables(‘sbVersion’)]",
"name": "ReadOnlyKey",
"type": "AuthorizationRules",
"dependsOn": [
"[variables(‘queueName’)]"
],
"properties": {
"keyName": "ReadOnlyKey",
"claimType": "SharedAccessKey",
"claimValue": "None",
"primaryKey": "[parameters(‘primaryKey’)]",
"secondaryKey": "[parameters(‘secondaryKey’)]",
"rights": [ "Send" ],
"revision": -1
}
},
{
"apiVersion": "[variables(‘sbVersion’)]",
"name": "ListenOnlyKey",
"type": "AuthorizationRules",
"dependsOn": [
"[variables(‘queueName’)]"
],
"properties": {
"keyName": "ListenOnlyKey",
"claimType": "SharedAccessKey",
"claimValue": "None",
"primaryKey": "[parameters(‘primaryKey’)]",
"secondaryKey": "[parameters(‘secondaryKey’)]",
"rights": [ "Listen" ],
"revision": -1
}
}
]
}

]
}
],
"outputs": {

}
}
[/js]

Creating a Service Bus queue, is very similar to create a topic. You add the following to the resource collection of the namespace.
[js]
{
"apiVersion": "[variables(‘sbVersion’)]",
"name": "[variables(‘queueName’)]",
"type": "Queues",
"dependsOn": [
"[concat(‘Microsoft.ServiceBus/namespaces/’, variables(‘namespaceName’))]"
],
"properties": {
"path": "[variables(‘queueName’)]"
},
"resources": []
}
[/js]

In order to create Shared Access Signature policies for this specific queue, we have to use the resource collection.

An access policy for that allows you to listen to the queue can be made with.
[js]
{
"apiVersion": "[variables(‘sbVersion’)]",
"name": "ReadOnlyKey",
"type": "AuthorizationRules",
"dependsOn": [
"[variables(‘queueName’)]"
],
"properties": {
"keyName": "ReadOnlyKey",
"claimType": "SharedAccessKey",
"claimValue": "None",
"primaryKey": "[parameters(‘primaryKey’)]",
"secondaryKey": "[parameters(‘secondaryKey’)]",
"rights": [ "Send" ],
"revision": -1
}
}
[/js]

The template is quite similar to that for creating shared access signature policies for namespaces. The few things to note are

If you want to grab it from github, I have updated the repository from the first post, you find it here: https://github.com/sjkp/Azure.ARM.ServiceBus

For people who are wondering how I was able to find out how to do this, I can recommend using ARMClient, with ARM client you can quickly create requests to the different ARM endpoints to probe what they return, after you have created the resource in the portal. You can also use resources.azure.com, but that tool doesn’t work for Service Bus, whereas the ARM clients work for all Azure Resource Manager providers, as long as you are able to guess the endpoints (which for most parts are quite easy, as the endpoints are logically named REST endpoints.)
armclient