如何使用 python azure sdk 为 ServiceBus 订阅生成 SAS 令牌?
How to generate a SAS token for a ServiceBus subscription with the python azure sdk?
我正在构建一个需要在运行时创建服务总线命名空间、主题和订阅的服务。
我需要将 sas 令牌(或 url)生成到服务创建的订阅并将其发送到系统中的其他服务。
如何使用 azure python sdk
生成 sas 令牌
如果要使用 python 为服务总线生成 SAS 令牌,请参阅 document。
例如(我为主题创建了一个 sas 令牌)
- 生成 SAS 令牌
sb_name='<service bus name>'
topic='<topic name>'
url=urllib.parse.quote_plus("https://{}.servicebus.windows.net/{}".format(sb_name,topic))
sas_value='your sas policy key value'
sas_name='your sas policy'
expiry = str(int(time.time() + 10000))
to_sign =(url + '\n' + expiry).encode('utf-8')
sas = sas_value.encode('utf-8')
signed_hmac_sha256 = hmac.HMAC(sas, to_sign, hashlib.sha256)
signature = urllib.parse.quote(base64.b64encode(signed_hmac_sha256.digest()))
auth_format = 'SharedAccessSignature sig={0}&se={1}&skn={2}&sr={3}'
auth=auth_format.format(signature,expiry,sas_name,url)
print(auth)
测试
一个。 Send message
POST https://<yournamespace>.servicebus.windows.net/<topic>/messages
Authorization: SharedAccessSignature sr=https%3A%2F%2F<yournamespace>.servicebus.windows.net%2F<yourentity>&sig=<yoursignature from code above>&se=1438205742&skn=KeyName
ContentType: application/atom+xml;type=entry;charset=utf-8
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">This is a message.</string>
b。收到消息
DELETE https://{serviceNamespace}.servicebus.windows.net/{topicPath}/subscriptions/{subscriptionName}/messages/head
Authorization: SharedAccessSignature sr=https%3A%2F%2F<yournamespace>.servicebus.windows.net%2F<yourentity>&sig=<yoursignature from code above>&se=1438205742&skn=KeyName
除了 Jim 的准确回答外,我还要注意:也可以使用 azure-mgmt-servicebus SDK. It would require using azure.common.credentials.ServicePrincpalCredential for authentication, but would give a slightly more structured flow; not only to create the namespace and topic/subscription, but to create or update authorization rules against a given topic or the namespace itself, and then fetch your keys programmatically 来解决这个问题。
请参阅以下作为独立示例:
from azure.mgmt.servicebus import ServiceBusManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.servicebus.models import AccessRights
client_id = 'REPLACEME'
client_secret = 'REPLACEME'
subscription = 'REPLACEME'
tenant = 'REPLACEME'
resource_group_name = 'REPLACEME'
namespace_name = 'REPLACEME'
authorization_rule_name = 'REPLACEME'
topic_name = 'REPLACEME'
subscription_name = 'REPLACEME'
authorization_rule_rights = [AccessRights.manage]
credential = ServicePrincipalCredentials(client_id, client_secret, tenant=tenant)
client = ServiceBusManagementClient(credential, subscription)
client.namespaces.create_or_update(resource_group_name, namespace_name)
client.topics.create_or_update(resource_group_name, namespace_name, topic_name)
client.subscriptions.create_or_update(resource_group_name, namespace_name, topic_name, subscription_name)
client.topics.create_or_update_authorization_rule(resource_group_name, namespace_name, topic_name, authorization_rule_name, authorization_rule_rights)
rule = client.topics.list_keys(resource_group_name, namespace_name, topic_name, authorization_rule_name)
一如既往,完全披露,我是维护 python azure servicebus 库的人之一,所以如果有任何不清楚的地方,请不要犹豫,大声喊叫。
我正在构建一个需要在运行时创建服务总线命名空间、主题和订阅的服务。 我需要将 sas 令牌(或 url)生成到服务创建的订阅并将其发送到系统中的其他服务。
如何使用 azure python sdk
生成 sas 令牌如果要使用 python 为服务总线生成 SAS 令牌,请参阅 document。
例如(我为主题创建了一个 sas 令牌)
- 生成 SAS 令牌
sb_name='<service bus name>'
topic='<topic name>'
url=urllib.parse.quote_plus("https://{}.servicebus.windows.net/{}".format(sb_name,topic))
sas_value='your sas policy key value'
sas_name='your sas policy'
expiry = str(int(time.time() + 10000))
to_sign =(url + '\n' + expiry).encode('utf-8')
sas = sas_value.encode('utf-8')
signed_hmac_sha256 = hmac.HMAC(sas, to_sign, hashlib.sha256)
signature = urllib.parse.quote(base64.b64encode(signed_hmac_sha256.digest()))
auth_format = 'SharedAccessSignature sig={0}&se={1}&skn={2}&sr={3}'
auth=auth_format.format(signature,expiry,sas_name,url)
print(auth)
测试
一个。 Send message
POST https://<yournamespace>.servicebus.windows.net/<topic>/messages Authorization: SharedAccessSignature sr=https%3A%2F%2F<yournamespace>.servicebus.windows.net%2F<yourentity>&sig=<yoursignature from code above>&se=1438205742&skn=KeyName ContentType: application/atom+xml;type=entry;charset=utf-8 <string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">This is a message.</string>b。收到消息
DELETE https://{serviceNamespace}.servicebus.windows.net/{topicPath}/subscriptions/{subscriptionName}/messages/head Authorization: SharedAccessSignature sr=https%3A%2F%2F<yournamespace>.servicebus.windows.net%2F<yourentity>&sig=<yoursignature from code above>&se=1438205742&skn=KeyName
除了 Jim 的准确回答外,我还要注意:也可以使用 azure-mgmt-servicebus SDK. It would require using azure.common.credentials.ServicePrincpalCredential for authentication, but would give a slightly more structured flow; not only to create the namespace and topic/subscription, but to create or update authorization rules against a given topic or the namespace itself, and then fetch your keys programmatically 来解决这个问题。
请参阅以下作为独立示例:
from azure.mgmt.servicebus import ServiceBusManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.servicebus.models import AccessRights
client_id = 'REPLACEME'
client_secret = 'REPLACEME'
subscription = 'REPLACEME'
tenant = 'REPLACEME'
resource_group_name = 'REPLACEME'
namespace_name = 'REPLACEME'
authorization_rule_name = 'REPLACEME'
topic_name = 'REPLACEME'
subscription_name = 'REPLACEME'
authorization_rule_rights = [AccessRights.manage]
credential = ServicePrincipalCredentials(client_id, client_secret, tenant=tenant)
client = ServiceBusManagementClient(credential, subscription)
client.namespaces.create_or_update(resource_group_name, namespace_name)
client.topics.create_or_update(resource_group_name, namespace_name, topic_name)
client.subscriptions.create_or_update(resource_group_name, namespace_name, topic_name, subscription_name)
client.topics.create_or_update_authorization_rule(resource_group_name, namespace_name, topic_name, authorization_rule_name, authorization_rule_rights)
rule = client.topics.list_keys(resource_group_name, namespace_name, topic_name, authorization_rule_name)
一如既往,完全披露,我是维护 python azure servicebus 库的人之一,所以如果有任何不清楚的地方,请不要犹豫,大声喊叫。