locked
Send message to Service Bus Topic using MSIAuthentication class with Python SDK RRS feed

  • Question

  • We would like to send messages to different Service Bus topics using the Python SDK from an Azure Function. We prefer not to use bindings as we will be deciding which topics to send data to dynamically and we would like to avoid using the service bus key for authentication.

    In the following page:

    Quickstart: Use Service Bus topics and subscriptions with Python

    The following code is used to create an instance of the ServiceBusService class:

    bus_service = ServiceBusService(
        service_namespace='<namespace>',
        shared_access_key_name='<sharedaccesskeyname>',
        shared_access_key_value='<sharedaccesskeyvalue>')

    We would like to avoid having to plug in the Key value in there and instead use MSIAuthentication class from the msrestazure.azure_active_directory package. 

    We tried using the authentication parameter in the ServiceBusService class with something like:

    bus_service = ServiceBusService(
        service_namespace='ournamespace'
        authentication=MSIAuthentication())

    Our Azure Function has a System Assigned Identity against it and we have tested that we can successfully perform various operations with this mode of authentication from our function.

    However, when using the MSIAuthentication() with the ServiceBusService class, the SDK always errors with:

    AttributeError: 'MSIAuthentication' object has no attribute 'sign_request'.

    We have the same issue trying locally with the ServicePrincipalCredentials class.

    How can we send messages to Service Bus topic with alternative ways of authenticating rather than using the Service Bus key?




    • Edited by antongonmir Tuesday, April 28, 2020 7:20 AM Bold formatting
    Tuesday, April 28, 2020 7:09 AM

Answers

  • I believe you have the wrong Identity SDK (or older?) perhaps.

    The right class to use would be ManagedIdentityCredential, part of the azure-identity package. Also, refer to this sample for using the credential class.

    Here is a sample for synchronous code as well.

    Thursday, April 30, 2020 9:12 AM
  • OK, so after spending a fair amount of time completely puzzled, I worked out what the issue was.

    I have the latest version of the azure-servicebus sdk (0.50.2) installed, and yet, looking at its source code, it absolutely requires the shared key name and values, so the samples provided in the links would never work.

    Unless...

    The preview version of azure-servicebus is installed:

    pip install azure-servicebus --pre as per:

    Azure Service Bus client library for Python

    So, in the right answer we should mention that the preview version (at the time of writing) of azure-servicebus must be installed in order to be able to use Managed Identities to authenticate.


    • Marked as answer by antongonmir Friday, May 1, 2020 7:28 AM
    • Edited by antongonmir Friday, May 1, 2020 7:28 AM
    Friday, May 1, 2020 7:27 AM

All replies

  • I believe you have the wrong Identity SDK (or older?) perhaps.

    The right class to use would be ManagedIdentityCredential, part of the azure-identity package. Also, refer to this sample for using the credential class.

    Here is a sample for synchronous code as well.

    Thursday, April 30, 2020 9:12 AM
  • Interesting.

    We are using MSIAuthentication within our Azure Functions based on this documentation:

    https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate#mgmt-auth-msi

    Further reading suggests that MSIAuthentication is used for the management SDKs (azure-mgmt ...), which is most of what we are doing from within the our Azure Function.

    The ServiceBus client seems to follow a different authentication flow. 

    Thanks for your response.


    Friday, May 1, 2020 12:33 AM
  • OK, so after spending a fair amount of time completely puzzled, I worked out what the issue was.

    I have the latest version of the azure-servicebus sdk (0.50.2) installed, and yet, looking at its source code, it absolutely requires the shared key name and values, so the samples provided in the links would never work.

    Unless...

    The preview version of azure-servicebus is installed:

    pip install azure-servicebus --pre as per:

    Azure Service Bus client library for Python

    So, in the right answer we should mention that the preview version (at the time of writing) of azure-servicebus must be installed in order to be able to use Managed Identities to authenticate.


    • Marked as answer by antongonmir Friday, May 1, 2020 7:28 AM
    • Edited by antongonmir Friday, May 1, 2020 7:28 AM
    Friday, May 1, 2020 7:27 AM