In the Azure Python SDK, is it possible to generate SAS tokens specific to a ServiceBus topic?

201 views Asked by At

I'm using Python 3.8 and azure-servicebus v0.50.3. I would like to generate a read-only SAS token for each topic i create. I have figured out so far I can create the topics like so ...

sbs = ServiceBusService(service_namespace,
                        shared_access_key_name=key_name,
                        shared_access_key_value=key_value)
...

sbs.create_topic(name)

However, I'm unclear how (or if it's even possible) to use the existing API to generate a SAS token for each topic I create. The documentation online seems to imply this isn't possible but thought I'd ask anyway.

1

There are 1 answers

9
Kibrantn On BEST ANSWER

Good news and bad news. While there are certainly ways to generate SAS tokens per topic, I don't believe you'll be able to so with the API you're using. ServiceBusService via control_client is basically our "double-legacy" SDK and is both very dated and effectively deprecated.

That said, I would point you at our current azure-mgmt-servicebus package. With it you can create topics in a similar fashion, but more important to your purposes you can create an authorization rule (you'd likely want to give it only Listener rights) and then access the topic's keys to programmatically utilize them if needed.

To be honest, I wasn't sure if you were referring to SAS keys colloquially as tokens (Frankly I flip the naming constantly) so to cover all my bases, I'll also detail below how you'd turn the key into a transient token, but if you don't need this, you can skip the next paragraph.

While there isn't an official built-in utility to generate SAS tokens from a SAS key, in the hope that this is a workable approach, let me provide some breadcrumbs to what this would look like here. (This demonstrates using a SAS Key to generate and then authenticate our up-coming-GA-version with a SAS Token, you'd take as much or as little of this as you need, but the key for your purposes would be generate_sas_token)

Don't hesitate to shout if any clarity is needed or if I've misunderstood your issue, I'd also mention our github if you run into any problems in the future. (full disclaimer, am a maintainer for this sdk)