AI Event-Driven Workflows with Azure Service Bus Topic Authorization

Question

Pulumi · Accepted Answer

To set up AI event-driven workflows with Azure Service Bus and Topic Authorization in Pulumi, you'll need to perform a series of steps using the Pulumi Azure Native provider. You will create an Azure Service Bus namespace, a topic within that namespace, subscriptions to that topic, and an authorization rule that grants specific rights or permissions to interact with that topic.

Here's what each of these concepts means:

1. **Service Bus Namespace**: A container for all messaging components. Service Bus Namespaces provide a scoping container for Service Bus messaging entities, similar to an Azure Resource Group.

2. **Topic**: Analogous to a queue, a topic is used to send messages. Unlike queues, topics are generally used for one-to-many communication using subscriptions.

3. **Subscription**: Works as a virtual queue tied to the topic. Each subscription can have its own settings, thereby enabling unique handling/workflows for messages that end up there.

4. **Authorization Rule**: An entity that provides rights to perform particular operations in the Service Bus Namespace/Topic/Subscription, such as Send, Listen, and Manage.

The Python program below demonstrates how to set up an Azure Service Bus Topic with an Authorization Rule. The comments in the code explain the purpose of each section.

```python
import pulumi
import pulumi_azure_native as azure_native

# Replace the following with your own values
resource_group_name = "myResourceGroup"
namespace_name = "myServiceBusNamespace"
topic_name = "myTopic"
subscription_name = "mySubscription"
authorization_rule_name = "myAuthorizationRule"

# Create an Azure resource group
resource_group = azure_native.resources.ResourceGroup(resource_group_name)

# Create a Service Bus Namespace.
service_bus_namespace = azure_native.servicebus.Namespace(
    namespace_name,
    resource_group_name=resource_group.name,
    location=resource_group.location,
    sku=azure_native.servicebus.SkuArgs(
        # Basic: Provides messaging capabilities. Standard: Messaging + brokered messaging. Premium: Messaging + brokered messaging + enterprise features.
        name="Standard"  
    )
)

# Create a Service Bus Topic within the namespace.
service_bus_topic = azure_native.servicebus.Topic(
    topic_name,
    resource_group_name=resource_group.name,
    namespace_name=service_bus_namespace.name
)

# Create a Service Bus Subscription for the topic.
service_bus_subscription = azure_native.servicebus.Subscription(
    subscription_name,
    resource_group_name=resource_group.name,
    namespace_name=service_bus_namespace.name,
    topic_name=service_bus_topic.name
)

# Create a Service Bus Topic Authorization Rule.
topic_authorization_rule = azure_native.servicebus.TopicAuthorizationRule(
    authorization_rule_name,
    resource_group_name=resource_group.name,
    namespace_name=service_bus_namespace.name,
    topic_name=service_bus_topic.name,
    rights=[ # Rights can include "Send", "Listen", "Manage"
        "Send",
        "Listen"
    ]
)

# Export the primary connection string for the authorization rule.
primary_connection_string = pulumi.Output.all(resource_group.name, service_bus_namespace.name, service_bus_topic.name, topic_authorization_rule.name).apply(
    lambda args: azure_native.servicebus.list_topic_keys.ListTopicKeysOutput(args[0], args[1], args[2], args[3]).primary_connection_string
)

pulumi.export('primaryConnectionString', primary_connection_string)
```

In the program above, we're importing `pulumi` and the `pulumi_azure_native` module and then defining several resources:

- A **Resource Group** to contain our Azure resources.
- A **Service Bus Namespace**, which serves as a container for messaging components.
- A **Service Bus Topic** inside the Namespace, where messages will be sent.
- A **Service Bus Subscription**, which "listens" for messages sent to the associated Topic.
- A **Topic Authorization Rule**, which lays down the permissions for sending messages to and subscribing to the topic.

We then use `pulumi.Output.all().apply()` to construct the primary connection string by combining information from the resource group, service bus namespace, topic, and the authorization rule. This connection string can be used to send messages to the topic and to receive messages from the subscriptions.

Finally, we export the `primaryConnectionString`, which can be used in applications that need to connect to the Azure Service Bus topic we have set up. The `pulumi.export` function makes this value available when the Pulumi program runs successfully.