Azure Service Bus队列避免在整个环境中读取消息
[英]Azure Service Bus Queue Avoid Message being read across enviroment
问题描述
Issue description : My development environment Service bus message are populated to my UAT or production queue and message are been processed in those environment.. 
问题描述:我的开发环境服务总线消息已填充到我的UAT或生产队列中,并且已在这些环境中处理了消息。
To summarize my system: We have a campaign management system where emails are sent to users.. 总结一下我的系统:我们有一个活动管理系统,该系统将电子邮件发送给用户。
We have a worker role which reads input data and populates the Message in service bus queue. 我们具有辅助角色,该角色读取输入数据并在服务总线队列中填充消息。
Their is another worker role which reads this message, process and send email to user.. 他们是另一个工作角色,它读取此消息,处理并将电子邮件发送给用户。
My issue is when we debug, some developer are not checking for correct message queue setting and are populating the message in UAT environment queue. 我的问题是,当我们调试时,一些开发人员没有检查正确的消息队列设置,而是在UAT环境队列中填充消息。 This result in sending email to real user.. 这导致向真实用户发送电子邮件。
So I am looking for a way or strategy, where we have some validation which deducts these unwanted message and not process it. 因此,我正在寻找一种方法或策略,在该方法或策略中进行一些验证,以扣除这些不需要的消息而不进行处理。
I am sure we should have process in place to check these config setting but would like to automate these validation.. 我确定我们应该有适当的流程来检查这些配置设置,但想自动执行这些验证。
1 个解决方案
解决方案1
2 2015-10-29 13:07:06
In the question comments GauravMantri made the statement that you should have different service bus accounts for each environment, which it sounds like you do, but the problem is that the credentials (or SAS tokens) for all those accounts are in the config files. 在问题注释中,GauravMantri声明您应该为每个环境使用不同的服务总线帐户,这听起来像您这样做,但是问题是所有这些帐户的凭据(或SAS令牌)都在配置文件中。 A developer isn't paying attention to which account is set to be used in the config file, thus you end up populating the prod system from Dev. 开发人员不会注意配置文件中将使用哪个帐户,因此最终会从Dev中填充生产系统。
In the past I've seen this solved by changing the deployment process so that the config file is modified as part of the deployment process (hopefully automated), which is also something Gaurav suggested. 过去,我已经看到可以通过更改部署过程来解决此问题,因此可以将配置文件作为部署过程的一部分进行修改(希望是自动化的),这也是Gaurav建议的。 The rollout script would load the config file, find the connection string or specific value that needs to differ and replace it with the string used to actually reach the production/UAT system. 首次发布脚本将加载配置文件,找到需要不同的连接字符串或特定值,并将其替换为实际用于生产/ UAT系统的字符串。 The actual credentials are usually stored in a secured location that only the Ops folks have access to (and thus the deployment script service account). 实际凭据通常存储在只有Ops员工可以访问的安全位置(因此也可以部署脚本服务帐户)。 This way the file in source control never had the actual production credentials AT ALL. 这样,源代码管理中的文件永远不会拥有实际的生产凭证。 By putting the credentials only into the hands of the Ops folks then it drastically reduces who has access to that info. 通过仅将凭证放到Ops人员手中,它就大大减少了谁可以访问该信息。 Of course, this also means the developers shouldn't have remote access to the production servers where they can then just peek at it. 当然,这也意味着开发人员不应具有对生产服务器的远程访问权,而只能在那里窥视它。
By having it baked into the deployment process you don't have to worry about it. 通过将其烘焙到部署过程中,您不必担心它。 I highly recommend making it automated so that the Ops folks don't have to remember it either. 我强烈建议将其自动化,这样操作人员也不必记住它。 The developer will never "forget" to set the correct values because the only values in source control are to the dev environment (or test maybe). 开发人员将永远不会“忘记”设置正确的值,因为源代码控制中的唯一值是开发环境(或可能是测试)。
In really small shops it may makes sense for the developer to actually know the production environment credentials, especially if they are first line support for the system; 在非常小的商店中,开发人员实际知道生产环境凭证可能是有意义的,尤其是当它们是对系统的第一线支持时。 but I'd still remove them from source control and then the developer that uses them had to make a conscious decision to do so. 但我仍然会将其从源代码管理中删除,然后使用它们的开发人员必须做出有意识的决定才能这样做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.