bussinTechnical Reference Portal
Azure Service Bus Diagnostics Documentation
Welcome to the Bussin documentation library. Bussin operates on a zero-proxy, WebAssembly architecture, allowing developers and SREs to run safe, protocol-native diagnostics directly inside their web browsers. This guide acts as a starting point, covering connectivity prerequisites, Entra ID delegated scopes, and core troubleshooting paths.
Connection Prerequisites & RBAC Roles
Because Bussin communicates directly from your browser network stack to Azure API endpoints without an intermediate proxy, it respects standard Azure Active Directory (Entra ID) Role-Based Access Control (RBAC) boundaries. To connect, your corporate identity requires specific configurations:
1. Directory Access Scopes
During Entra ID sign-in, MSAL.js requests two primary OAuth 2.0 delegated permissions:
- Azure Service Bus Data Plane: `https://servicebus.azure.net/user_impersonation` (enables peeking, sending, locking, and completing messages).
- Azure Resource Manager (ARM) Management Plane: `https://management.azure.com/user_impersonation` (enables listing subscriptions, active directories, namespaces, queues, and topics).
2. Essential RBAC Roles
Ensure your user profile or security group is assigned one of the following standard Azure RBAC roles on the target Service Bus Namespace or Entity level:
- Azure Service Bus Data Owner: Complete control over all entities and message streams (required for full Send, Lock, Complete, and Purge workflows).
- Azure Service Bus Data Receiver: Permission to receive and peek active messages.
- Azure Service Bus Data Sender: Permission to publish payloads to queues and topics.
Security Enforcement: If your identity is only assigned standard management roles (like *Contributor* or *Owner*), the broker will reject active AMQP WebSocket connections. You **must** possess data-plane roles to inspect payloads.
Visual Architecture & Network Flow
Bussin's security model is enforced natively by your browser's sandbox. Because direct data-plane REST endpoints on Azure Service Bus completely lack CORS headers (making direct HTTP requests from the browser impossible), Bussin opens a direct WebSocket tunnel to pipe raw AMQP 1.0 frames safely without intermediate server proxies:
Peek-Lock Workflows
Explore AMQP 1.0 receiver settlement modes, lock lease duration limits, and lock renewal protocols for safe, transactional message diagnostics.
Dead-Letter Queues (DLQ)
Analyze broker-level triggers (delivery count limits, TTLExpiredException), edit payloads, and execute safe background resubmissions.
Topic & Subscription Routing
Auditing the broker's publish-subscribe distribution engine. Technical breakdowns of TrueFilters, SqlFilters, and CorrelationFilters.
Diagnostic Troubleshooting Workflows
Bussin organizes messaging diagnostics into high-fidelity browser workflows, resolving standard cloud troubleshooting friction:
- Multi-Tenant Workspace Organization: Bookmark target namespaces across separate Entra ID tenants, group them into nested directories, and filter active entities from a single sidebar.
- Deep index Scanning: Execute high-speed searches across up to 1,000,000 message bodies or custom headers in local sandboxed memory.
- Safe Bulk Operations: Start background purges or destination moves and monitor progress meters in the console while continuing diagnostic peeks on distinct blades.
Deep Dive Reference Sheets
AMQP 1.0 Protocol
Learn why native AMQP over WebSockets outperforms REST APIs in diagnostic sessions.
Dead-Letter Sub-Queues
Examine why the broker appends failure details and how DLQs differ from standard active entities.
WebSocket Transport
Review the end-to-end security boundary mapping of a zero-proxy, static browser client architecture.