static void CreateServiceIdentity(string name)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
AccessControlServiceIdentity identity = AccessControlServiceIdentity.Create(settings, name);
identity.Save();
Console.WriteLine("Name: {0}\nKey: {1}", identity.Name, Convert.ToBase64String(identity.Key));
}
static void DeleteServiceIdentity(string name)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings);
serviceClient.DeleteServiceIdentityIfExists(name);
serviceClient.SaveChanges();
Console.WriteLine("Deleted.");
}
static void RevokeOperationRight(string operation, string path, string name)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
Uri uri = ServiceBusEnvironment.CreateServiceUri("http", @namespace, path);
AccessControlList list = NamespaceAccessControl.GetAccessControlList(uri, settings);
IdentityReference identityReference = IdentityReference.CreateServiceIdentityReference(name);
if (operation.Equals("Send", StringComparison.OrdinalIgnoreCase))
{
AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Send));
if (existing != null)
{
if (existing.Inherited)
{
Console.Error.WriteLine("Cannot revoke inherited rules.");
return;
}
list.RemoveRule(existing);
list.SaveChanges();
}
else
{
Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name);
}
}
else if (operation.Equals("Listen", StringComparison.OrdinalIgnoreCase))
{
AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Listen));
if (existing != null)
{
list.RemoveRule(existing);
list.SaveChanges();
}
else
{
Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name);
}
}
else if (operation.Equals("Manage", StringComparison.OrdinalIgnoreCase))
{
AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Manage));
if (existing != null)
{
list.RemoveRule(existing);
list.SaveChanges();
}
else
{
Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name);
}
}
else
{
Console.Error.WriteLine("Unknown operation '{0}'", operation);
}
}
static void ShowRights(string path)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
Uri uri = ServiceBusEnvironment.CreateServiceUri("http", @namespace, path);
AccessControlList list = NamespaceAccessControl.GetAccessControlList(uri, settings);
Console.WriteLine("Path {0}", path);
Console.WriteLine("------------------------------------------");
Console.WriteLine("{0,-6} {1,-25} {2,-4}", "Right", "Assigned To", "Inherited");
Console.WriteLine("------------------------------------------");
foreach (AccessControlRule rule in list)
{
Console.WriteLine("{0,-6} {1,-25} {2,-4}", rule.Right.ClaimValue, rule.Condition.ClaimValue, rule.Inherited);
}
}
static void GetServiceIdentity(string name)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings);
ServiceIdentity si = serviceClient.GetServiceIdentityByName(name);
if (si != null)
{
ServiceIdentityKey symmKey =
(from sk in si.ServiceIdentityKeys where sk.Type == ServiceIdentityKeyType.Symmetric.ToString() select sk).FirstOrDefault();
if (symmKey != null)
{
Console.WriteLine("Name: {0}\nKey: {1}", si.Name, Convert.ToBase64String(symmKey.Value));
return;
}
}
Console.Error.WriteLine("Service identity '{0}' not found or key not found", name);
}
