I am trying to start a 2-way bus that is configured to use an existing Azure Service Bus Queue. The connection string I am passing is restricted to read and listen permission, there is no manage permission configured on the access policy. Here's a sample code that can be used to replicate the issue:
using (var activator = new BuiltinHandlerActivator())
{
Configure.With(activator)
.Logging(l => l.ColoredConsole())
.Transport(t => t.UseAzureServiceBus(connectionString, "myqueue").DoNotCreateQueues())
.Start();
}
Forcing connection strings to have manage permissions might cause security issues. Ideally, application should not have such elevated permission if it's not needed.
Expected behavior
Bus starts normally and application can send and receive messages.
Actual behavior
An exception is thrown
Unhandled Exception: Rebus.Injection.ResolutionException: Could not resolve Rebus.Bus.IBus with decorator depth 0 - registrations: Rebus.Injection.Injectionist+Handler ---> Rebus.Exceptions.RebusApplicationException: Could not get queue description for queue myqueue ---> Microsoft.Azure.ServiceBus.UnauthorizedException: Manage claim is required for this operation
Background
I am trying to start a 2-way bus that is configured to use an existing Azure Service Bus Queue. The connection string I am passing is restricted to read and listen permission, there is no manage permission configured on the access policy. Here's a sample code that can be used to replicate the issue:
Forcing connection strings to have manage permissions might cause security issues. Ideally, application should not have such elevated permission if it's not needed.
Expected behavior
Bus starts normally and application can send and receive messages.
Actual behavior
An exception is thrown
Unhandled Exception: Rebus.Injection.ResolutionException: Could not resolve Rebus.Bus.IBus with decorator depth 0 - registrations: Rebus.Injection.Injectionist+Handler ---> Rebus.Exceptions.RebusApplicationException: Could not get queue description for queue myqueue ---> Microsoft.Azure.ServiceBus.UnauthorizedException: Manage claim is required for this operation
Digging more into the code, I found that the issue is caused by this line of code https://github.com/rebus-org/Rebus.AzureServiceBus/blob/616c122d8b5b0f73cd166138b7fa8c6e97e7fb50/Rebus.AzureServiceBus/AzureServiceBus/AzureServiceBusTransport.cs#L385
It looks like the 'managementClient.GetQueueAsync' method requires a manage permission.