Unable to consistently create authorisation rules on the service bus

John Penny 1 Reputation point

I've created a bicep template for deploying the Azure Service Bus which includes creation of multiple topics, subscriptions, filters, and authorisation rules.

I'm attempting to deploy 24 authorisation rules in a serial for loop after the rest of the servicebus has been created. The first time deployment will always fail with one or two authorisation rules returning with the error MessagingGatewayTooManyRequests or AuthorizationRuleNotFound. A subsequent deployment will always work as expected.

I have tried deploying only the authorisation rules and nothing else, and still ran into the same results. The first 18 rules were created almost instantly, then after that they start to show as duplicated in the azure portal and fail.

The specific code causing me rate limiting issues is as follows;

resource topic_auth_rule 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-11-01' = [for policy in sharedAccessPolicies: {  
  name: '${namespace}/${policy.topicName}/${policy.policyName}'  
  properties: {  
    rights: policy.policyRights  

I've also raised a post for this on stack overflow trying to detail my issue which contains the full code for the failing deployment module.

For reference, if people have access to tracking information in the Azure Portal, my tracking IDs are as follows;

Deployment Correlation ID: 5872b406-b7f7-4481-adeb-1c701745cd72

Resource deployments;

  1. Tracking ID: 283905c7-d572-4cd1-929f-65b720a436b9
    serviceRequestId: 6e834d14-33d4-4825-a163-7d10a63eba49
  2. Tracking ID: ab124efc-f309-47b6-a32d-4e0cdb1aa607
    serviceRequestId: a14411fa-63c5-4084-ba1b-3ecafaf28ee4
  3. Tracking ID: a2ec2b16-d610-43fb-a5ee-41efa48c8b01
    serviceRequestId: 8cfc839b-6b18-4b31-8917-c1ecfad5666e

Any help on this would be greatly appreciated, thank you.

Azure Service Bus
Azure Service Bus
An Azure service that provides cloud messaging as a service and hybrid integration.
556 questions
{count} votes

1 answer

Sort by: Most helpful
  1. John Penny 1 Reputation point

    The above code in my question now works as expected, I managed to get in touch with the ARM team who looked into and resolved the problem.

    The alternative solution which I was suggested was to individually register each resource and create a huge dependency chain, see example below.

       resource topic_auth_rule_listen 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-11-01' = {  
         name: '${namespace}/mytopic/listen-policy'  
         properties: {  
           rights: [ 'Listen' ]  
       resource topic_auth_rule_send 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-11-01' = {  
         name: '${namespace}/mytopic/send-policy'  
         properties: {  
           rights: [ 'Send' ]  
         dependsOn: [ topic_auth_rule_listen ]