Can you add more Event Hub rules to a Shared Access Policy than one?

Question

After I create my Event Hub, I am applying rules. Am I able to apply, for example, and Send and a Listen rule to the same shared access policy?

The code I am trying to use seems to "overwrite" the previous rule. Is there a better way I should be doing this?

await eventHub.Update()
   .WithNewSendRule(sendListenRuleNames)
   .WithNewListenRule(sendListenRuleNames)
   .ApplyAsync();

The code above will end up applying only the Listen rule to the Shared Access Policy.

UPDATE

After trying the above way, I tried to implement using Jay's comment like this:

List<AccessRights> accessRights = new List<AccessRights>();
accessRights.Add(AccessRights.Listen);
accessRights.Add(AccessRights.Manage);

foreach (var listenManageRuleNames in list)
{
   await eventHub.Manager
      .EventHubAuthorizationRules
      .Inner
.CreateOrUpdateAuthorizationRuleWithHttpMessagesAsync(eventHubResource.ResourceGroup.Name, eventHubNamespace.Name, eventHubResource.Name, listenManageRuleNames, accessRights);
}

But it ends up giving me this error:

"{\"error\":{\"message\":\"Error setting value to 'Rights' on 'Microsoft.Cloud.ServiceBus.ResourceProvider.ArmVersionedEntities.ArmAuthorizationRuleDescription'. \",\"code\":\"BadRequest\"}}"

UPDATE 2 I just tried doing only AccessRights.Listen and it worked. Right after that I tried doing only AccessRights.Manage and it didn't work, and threw the same error.

@JayGong I updated my post, please take a look – TyngeOfTheGinge Nov 08 '19 at 17:18 — TyngeOfTheGinge, Nov 08 '19 at 17:18

score 2 · Accepted Answer · answered Nov 07 '19 at 09:10

2

Found the method!

List<AccessRights> accessRights = new LinkedList<>();
        accessRights.add(AccessRights.LISTEN);
        accessRights.add(AccessRights.SEND);

azure.eventHubNamespaces().authorizationRules()
                    .manager()
                    .namespaceAuthorizationRules()
                    .inner()
                  .createOrUpdateAuthorizationRule("resourceGroup","namespace","policyname",accessRights);

Get tips from the REST API method name and tried to find similar names in source code.

answered Nov 07 '19 at 09:10

Jay Gong

23,163
2
27
32

Hey @JayGong I updated my post above to use the implementation you suggested. It seems correct and like it should work, but then I ran into the error above. – TyngeOfTheGinge Nov 08 '19 at 17:19
@TyngeOfTheGinge Your code is using .net package,am i right? – Jay Gong Nov 11 '19 at 09:23
yes I am, specifically Microsoft.Azure.Management.Eventhub.Fluent – TyngeOfTheGinge Nov 11 '19 at 16:01
@TyngeOfTheGinge My code is based on java,however,i could reproduce your issue on my side when i try to grant `Manage` permission to `eventhubAuthRules`. Especially for this one, everything works 100% fine with `namespaceAuthRules` three permissions and `eventhubAuthRules` Listen and Send permissions. I want to know if it is same as you? – Jay Gong Nov 14 '19 at 06:46
@TyngeOfTheGinge Sorry for the late response,still trying to help you solve this issue. – Jay Gong Nov 14 '19 at 06:47

score 1 · Answer 2 · answered Dec 04 '20 at 12:49

It should work if you add

accessRights.Add(AccessRights.Send);

It doesn't matter if you use the C# SDK or the Java one; under water they all use the same REST API which you can experiment with e.g. here.

Just adding 'Manage' rights didn't work for me:

{ "properties": { "rights": [ "Manage" ] } }

presumably because 'Manage' automatically grants 'Send' and 'Listen'. This is obvious from the dialog when adding an SAS policy through the portal:

Changing the payload to

{ "properties": { "rights": [ "Manage", "Listen", "Send" ] } }

fixed it for me.

Can you add more Event Hub rules to a Shared Access Policy than one?

2 Answers2