New-AzureSBAuthorizationRule error when creating authorization for a Service Bus Queue

Question

I use New-AzureSBAuthorizationRule to create a new Shared Access Policy for an Azure Service Bus Queue. See command below...

New-AzureSBAuthorizationRule -EntityName abcdef -EntityType Queue -Permission Listen  -Name "abcdef_reader" -Namespace abcdefnamespace

But every time I run this I get the error below:

New-AzureSBAuthorizationRule : Object reference not set to an instance of an object.
At line:1 char:1
+ New-AzureSBAuthorizationRule -EntityName abcdef -EntityType Queue -Permission ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzureSBAuthorizationRule], NullReferenceException
    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceBus.NewAzureSBAuthorizationRuleCommand

I am able to run New-AzureSBAuthorizationRule without issues if I drop EntityName and EntityType, i.e. creating policies for the Service Bus and not the Queue.

What am I doing wrong?

Answer 1

is it possible you're missing some syntax around the -Permission parameter? Here's an example of the PS command line given on MSDN:

C:\PS>New-AzureSBAuthorizationRule -Name MyRule -Namespace MyNamespace -Permission $("Manage", "Listen", "Send") -EntityName MyEntity -EntityType Queue -PrimaryKey P+lL/Mnd2Z9sj5hwMrRyAxQDdX8RHfbdqU2eIAqs1rc=

Looks like your parameter should be -Permission $("Listen")

Please let us know if that helps.

Regards, Seth Manheim Azure Doc Team

Answer 2

I get the same error and use

            function Create-AzureSBAuthorisationTopic
            {
            param
            ([Parameter (Mandatory = $true)]
            [string] $Namespace,
            [Parameter (Mandatory = $true)]
            [string] $TopicName,
            [Parameter (Mandatory = $true)]
            [string]$RuleName,
             [switch]$CanManage,
             [switch]$CanListen,
             [switch]$CanSend

            )

            $NamespaceManager = [Microsoft.ServiceBus.NamespaceManager]::CreateFromConnectionString($CurrentNamespace.ConnectionString);

            $newkey = [Microsoft.ServiceBus.Messaging.SharedAccessAuthorizationRule]::GenerateRandomKey()

                #Strongly Typed Array
                [Microsoft.ServiceBus.Messaging.AccessRights[]]$AccessRights =  
                New-Object -TypeName "System.Collections.Generic.List[Microsoft.ServiceBus.Messaging.AccessRights]" ;



                    if ($CanManage)
                    {
                        $AccessRights  +=  [Microsoft.ServiceBus.Messaging.AccessRights]::Manage;
                    }

                    if ($CanListen)
                    {
                        $AccessRights  += [Microsoft.ServiceBus.Messaging.AccessRights]::Listen;
                    }

                    if ($CanSend)
                    {

                        $AccessRights  += [Microsoft.ServiceBus.Messaging.AccessRights]::Send;
                    }    


            $AuthorizationRule = [Microsoft.ServiceBus.Messaging.SharedAccessAuthorizationRule]::new($RuleName,$newkey, $accessRights)
            $AuthorizationRule
            $topic = $NamespaceManager.GetTopic($TopicName)
            $topic.Authorization.Add($AuthorizationRule)
            $NamespaceManager.UpdateTopic($topic)
            }

You can alter the code to set permissions on Queues by replacing topic with queue :-)