SharedAccessAuthorizationRule and GetQueues are crossing "Queue Boundaries"

Question

I have Service Bus 1.1. On Premise. But that part may not matter.

I've setup SharedAccess security for my Queues. Each queue is assigned a SharedAccessKey

Code looks something like this:

/* \packages\WindowsAzure.ServiceBus.2.1.4.0\lib\net40-full\Microsoft.ServiceBus.dll */
using Microsoft.ServiceBus;
using Microsoft.ServiceBus.Messaging;

ServiceBusConnectionStringBuilder sbcsb = /* not shown */;
NamespaceManager nsm = new NamespaceManager(sbcsb.GetAbsoluteManagementEndpoints(), tp);                        
QueueDescription currentQueueDescription = new QueueDescription("MyQueueOne");
currentQueueDescription.SupportOrdering = false;
currentQueueDescription.LockDuration = "1000";

ICollection<AccessRights> accessRightsCollection = new List<AccessRights> { AccessRights.Listen, AccessRights.Manage, AccessRights.Send };

string currentRandomKeyName = "MyListenManageSendKeyName" + Guid.NewGuid().ToString("N");
string currentRandomKeyValue = SharedAccessAuthorizationRule.GenerateRandomKey();                       

currentQueueDescription.Authorization.Add(new SharedAccessAuthorizationRule(currentRandomKeyName, currentRandomKeyValue, accessRightsCollection.ToArray()));                       

nsm.CreateQueue(currentQueueDescription);

Let's say I create 3 queues:

MyQueueOne
KeyName = MyListenManageSendKeyName11111111111111111111111111111111
KeyValue = abc1230000000000000000000000000000000000000

(code not shown, but same idea as the above)

MyQueueTwo
KeyName = MyListenManageSendKeyName22222222222222222222222222222222
KeyValue = def4560000000000000000000000000000000000000

MyQueueThree
KeyName = MyListenManageSendKeyName33333333333333333333333333333333
KeyValue = ghi7890000000000000000000000000000000000000

Later on, I call code to GetAllQueues.

Like the below. Note that I am using the shared-key-access , that originally was made for MyQueueOne.

string currentKeyName = "MyListenManageSendKeyName11111111111111111111111111111111";
string currentKeyValue = "abc1230000000000000000000000000000000000000"; 

ServiceBusConnectionStringBuilder sbcsb = /* not shown */

TokenProvider tp = TokenProvider.CreateSharedAccessSignatureTokenProvider(currentKeyName, currentKeyValue);

NamespaceManager nsm = new NamespaceManager(sbcsb.GetAbsoluteManagementEndpoints(), tp);

IEnumerable<QueueDescription> allQueues = nsm.GetQueues();

When I call the .GetAllQueues() methods, I get back

MyQueueOne
MyQueueTwo
MyQueueThree

is this expected behavior?

In my limited view, that specific key would only bring back MyQueueOne.

Is there anything I can do to only get back the queues that "fall under" the specific SharedAccessAuthorizationRule?

Answer 1

is this expected behavior?In my limited view, that specific key would only bring back MyQueueOne

No,If we use MyQueueOne shared key access to get the queue list, then will get the 401 error. And I am sure that if we want to list queues we need to use the default RootManageSharedAccessKey. And I also test it with your code and get the 401 error when try to GetAllQueues.

If I used the RootManageSharedAccessKey then could the result as you mentioned.

Is there anything I can do to only get back the queues that "fall under" the specific SharedAccessAuthorizationRule?

If want to get the sepcific SharedAccessAuthorizationRule, we need to use RootMangeSharedAccesskey to generate TokenProvider then filter the result we wanted, the following is my test code and result.

TokenProvider.CreateSharedAccessSignatureTokenProvider("RootManageSharedAccessKey", "xxxxxx");
IEnumerable<QueueDescription> allQueues = nsm.GetQueues().Where(queue=>queue.Authorization.Count(auth => auth.KeyName.Equals(currentKeyName))>0);