Managed identity with APIM and ServiceBus | ServiceBus implementation with MSI | APIM inbound policy

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone welcome to the channel in this video we will discuss how do we use manage identity and role with Access Control to send message to service bus from the API management apis without writing any single line of code it may possible in your previous experience you might have written some line of code with your choice of programming language such as.net to send message to the service Cube but with this demonstration you will learn how do we send message to the side bus code without writing any line of code with just help of the configuration sounds in sounds interesting if it is let's begin with the demonstration so for the demo I have the API management instance created in my Azure subscription and I also have a service bus instance created in the same subscription now this service was subscription has got this topic which is the name of the topic is topic one and this topic has also got a subscription and I have given the name of the subscription as a subscription one so our objective of the demo is to send message to this topic so that it can be subscribed by this particular subscriber now in order to send the Subscribe or to send the message I need API configured in this particular API management so by default when you deploy the API management you have received one Echo API so for this demonstration I am going to use this Echo API to demonstrate how do you use this API to send the message but the concept will remain same you can use your own choice of apis which you will be using in your project or in your organization so this API has got a bunch of different type of operations like get post put delete and all and then you can test these operations just for just to make sure that for the demo purpose I would like to test one operation which is the post operation from this API management test blade to make sure that it is working fine we do not have any issues before we make any changes to the configuration so you can see that when I run this post method I got 200 response which is which proves that my API management instance for this API is perfectly fine now as of now I do not have any other configuration this is just a default API created when I've created this API management instance next thing what I need for this API management instance is the manage identity which I need to set up to set up a manage identity I'll go to the security Tab and then under the security I have a managed identity with like any other resource in nazio with API management also you have got the system manage identity option as well as the user manage identity option so now I am going to create the system manage identity if it is not already enabled you can enable this option right here from this section from the Azure portal itself this may take a minute or so to enable the manage identity behind the scene what it does Microsoft creates a service principle or manage identity in the active directory so that you can use this service principle to perform any of the operations on this on on your behalf obviously these manage identity is to have appropriate role to perform the same actions manage identities created successfully this is our managed identity ID next we need to assign a role-based access permissions to our Target resource which is service bus manage service name space so I'll go to service first namespace which is O our Cloud School service bus demo and then click here on the access control to assign a role I'll go to the role assignment and from here I'll create a new role obviously to assign a role you need to have appropriate permission like I have owner access on this subscription so I can create or assign a role on this resource so the role which we are looking for this demonstration to send the message to service bus is the Azure service bus data sender which is this one next one I'll select this role click on next in The Next Step next tab it is asking to choose a member on which this role needs to be assigned so assign access to select manage identity option because the manage identity is your setup in the API management so we'll choose this option next I am going to select the exact member which is our API management and select manage identities and then search it will give the manage identity instance which is API management instance manager identity select this option click on select you can review and assign the permission it's done this is going to be a very quick to set up the role role has been set up successfully if I refresh it you can see that my manage identity my API management has got the permission to send data to this particular service bus name space next I will go to the API management apis that is where we need to write the API inbound policies to configure these roles let's go to the echo API and again we'll use the post operation right now as you can see we do not have any policies configured so if I click here on the inbound processing option I'll just expand this to make it bigger you can see that we have different sections so a section to perform or set the backend policy section to set the outbound and inbound and on error policies as well so we needed to send or create the inbound policy for this particular purpose so what we are going to do now will serve first of all set up a policy configuration to generate a bearer token and for that I'm going to use this authenticate manage identity tag so that will basically generate or use the manage identity against this particular resource and it will generate a better token and as the better token will be assigned on this particular variable right so that's what it is going to do next thing what we need to do is we need to set this Bearer token into a header so that our when our request comes on this API operation the better token will be generated in the generated by a token will be sent as an header authorization header with the same value which we have it in this particular variable once this header is set I can set another backend header I can set another header in case let's say if you are expecting your API operations to accept as in let's say content type as in Json so I can set that as well but that is totally optional but I want to set that next what we need to do is we need to set the backend service operation because you can see that right now there is no backend service configured which means we have configured the API management apis but there is no back backend associated with this particular service and as we want to send the message to service bus in this case our backend is going to be the service bus so you can see that we have the set back-end tag and in this we are setting up the back base URL is the URL of your service bus name of https the name of your service Dot solutions.windows.net now that will route your request call to this particular base URL which is a service bus URL but we want to send the message to the services topic or queue so in in that case we have to append this Ur either we append this URL to the level of your service bus topic meaning that you've add the forward slash and provide the name of your service topic but if you don't want to do that other option is you can have a rewrite URL tag with this policy and you can say that the template name is the name of the topic and then then forward slash message name that is the only thing you need to do once it is done save it your policy is going to be configured in the API management which you can see here all your policies or tags which you have configured in the inbound section it has been displayed here specific to this operation we are not set up for all operation it is just specific to this particular operation now again use this test blade to test or to send the message to the service bus using the policy which we have configured I am going to use the same request body which we have it as in default as it is also a Json type and I am sending it content type as is without modifying anything this is a URL it will use I have not made any changes as such let's run this send it and see if it is working it says that it has created 201 response it means that it has successfully sent the message to service bus and we have got the HTTP 201 response now let's go to our service bus topic and see if we have received a message from the API operation I'll go to the topic here and then I'll go to search bus Explorer [Music] I'll choose the subscription so that it can filter out the message and you can see that we have got a message which we have sent from the API if I just select this this is the exact message we have send it from the API management test blade now if you don't want to use the API management test Blade the same operation I am going to run it from my Postman so I'll copy this particular URL and I will go to the postman so you can copy this URL here as in the API post operation I am going to generate or use this particular Json this time for the demonstration which is a different Json than what we have used in the from the API management test plate I'll click here on the send button just to make sure we are able to send this send the message and yes we have got the same response which is 201 created I'll go back to the API management skill service topic subscription and see if we have got the message yes we have got and that's the message we have received so that's the demonstration about writing or sending the message to the sales bus topic without writing the code if you have seen that we have not tried any single lineup code we are not using any service connection string or anything like that we are just using the API management policies and our back and the manage identity perform the same action which you might have been using using the source code with the connection string and all I hope you have found this useful if it is please give it a thumbs up and do not forget to subscribe to the channel if you haven't already thanks for watching it see in the next video
Info
Channel: Our Cloud School
Views: 2,040
Rating: undefined out of 5
Keywords: apim, api management, azure apim, azure api management, azure servicebus, servicebus, send message to servicebus using apim, send message to servicebus with MSI, send message to servicebus using managed identity, send message to servicebus using RBAC, managed identity with apim, MSI with apim, managed identity with api management, api management and msi example
Id: vS2dGosI_94
Channel Id: undefined
Length: 12min 27sec (747 seconds)
Published: Wed Aug 23 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.