MSMQ - Create Transactional Queue

Octopus.Script exported 2018-03-28 by bobjwalker belongs to ‘Windows’ category.

Create one or more MSMQ transactional queues and configure permissions.

Parameters

When steps based on the template are included in a project’s deployment process, the parameters below can be set.

Queue names

MSMQQueues =

Queue names, separated by semicolons. Example: Queue1;Queue2;Queue3

Queue users

MSMQUsers =

Users with access to the queue separated by semicolons. Example: DOMAIN\User1;DOMAIN\User2

Allowed permissions

MSMQPermAllow = DeleteMessage;PeekMessage;ReceiveMessage;WriteMessage

Permissions granted to the queue users, separated by semicolons. Example: DeleteMessage;PeekMessage;ReceiveMessage

Denied permissions

MSMQPermDeny = TakeQueueOwnership

Denied permissions, separated by semicolons: TakeQueueOwnership

Admin queue users

MSMQAdminUsers

Users with access to the queue separated by semicolons. Example: DOMAIN\User1;DOMAIN\User2

Allowed admin permissions

MSMQPermAdminAllow = FullControl

Permissions granted to the queue admin users, separated by semicolons. Example: DeleteMessage;PeekMessage;ReceiveMessage

Denied admin permissions

MSMQPermAdminDeny

Denied permissions, separated by semicolons: TakeQueueOwnership

Reset Permissions

MSMQResetPermissions = false

Remove all existing permissions from the Queue if it already exists

Reset Permissions Domains

MSMQResetDomains

This is used if Reset Permissions is set. Example: YOURDOMAIN1;YOURDOMAIN2

Script body

Steps based on this template will execute the following PowerShell script.

$MSMQQueues = $OctopusParameters['MSMQQueues']
$MSMQResetPermissions = $OctopusParameters['MSMQResetPermissions']
$MSMQResetDomains = $OctopusParameters['MSMQResetDomains']
$MSMQUsers = $OctopusParameters['MSMQUsers']
$MSMQPermAllow = $OctopusParameters['MSMQPermAllow']
$MSMQPermDeny = $OctopusParameters['MSMQPermDeny']
$MSMQAdminUsers = $OctopusParameters['MSMQAdminUsers']
$MSMQPermAdminAllow = $OctopusParameters['MSMQPermAdminAllow']
$MSMQPermAdminDeny = $OctopusParameters['MSMQPermAdminDeny']

Write-Verbose "`$MSMQQueues = $MSMQQueues"
Write-Verbose "`$MSMQResetPermissions = $MSMQResetPermissions"
Write-Verbose "`$MSMQResetDomains = $MSMQResetDomains"
Write-Verbose "`$MSMQUsers = $MSMQUsers"
Write-Verbose "`$MSMQPermAllow = $MSMQPermAllow"
Write-Verbose "`$MSMQPermDeny = $MSMQPermDeny"
Write-Verbose "`$MSMQAdminUsers = $MSMQAdminUsers"
Write-Verbose "`$MSMQPermAdminAllow = $MSMQPermAdminAllow"
Write-Verbose "`$MSMQPermAdminDeny = $MSMQPermAdminDeny"

#Split the Queues into an array
$arrQueues = $MSMQQueues.split(";")
foreach ($Queue in $arrQueues) 
{
    #Does Queue Exists Already?
    $thisQueue = Get-MSMQQueue $Queue
    if (!$thisQueue)
    {
        #not found, create
        Write-Output "Creating Queue: " $Queue
        New-MsmqQueue -Name "$Queue" -Label "private$\$Queue" -Transactional | Out-Null
        $thisQueue = Get-MSMQQueue $Queue    
    }
    else
    {
        Write-Output "Queue Exists: " $thisQueue.QueueName
        
        if($MSMQResetPermissions -eq "True")
        {
            foreach($domain in $MSMQResetDomains.split(";"))
            {
                # reset permissions
                $QueuePermissions = $thisQueue | Get-MsmqQueueACL
                foreach ($AccessItem in $MSMQQueuePermissions)
                {
                    $userName = [Environment]::UserName
                    if($AccessItem.AccountName -NotLike "*$userName") # not current user
                    {
                        $domain = "$($domain)*" #append * to end of domain
                        if ($AccessItem.AccountName -Like "$($domain)*")
                        {
                            Write-Output "Removing Permissions $($AccessItem.Right) for $($AccessItem.AccountName)"
                            Try
                            {
                                $thisQueue | Set-MsmqQueueACL -UserName $AccessItem.AccountName -Remove $AccessItem.Right | Out-Null
                            }
                            Catch
                            {
                                Write-Output "Could not set permissions item $_.Exception.Message"
                                Break
                            }
                        }
                    }
                }
            }
        }
    }

    #set acl for users
    $arrUsers = $MSMQUsers.split(";")
    foreach ($User in $arrUsers)     
    {    
        if ($User)
        {    
            Write-Output "Adding ACL for User: " $User        
            
            #allows
            if ($MSMQPermAllow)
            {
                $arrPermissions = $MSMQPermAllow.split(";")
                foreach ($Permission in $arrPermissions)     
                {
                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Allow $Permission | Out-Null                
                    Write-Output "ACL Allow set: $Permission"
                }
            }
                
            #denies
            if ($MSMQPermDeny)
            {
                $arrPermissions = $MSMQPermDeny.split(";")
                foreach ($Permission in $arrPermissions)     
                {
                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Deny $Permission | Out-Null
                    Write-Output "ACL Deny set: $Permission"
                }
            }
        }
    }   
    
    
    $arrAdminUsers = $MSMQAdminUsers.split(";") 
    foreach ($User in $arrAdminUsers)     
    {    
        if ($User)
        { 
            Write-Output "Adding ACL for Admin User: " $User        
            
            #allows
            if ($MSMQPermAdminAllow)
            {
                $arrPermissions = $MSMQPermAdminAllow.split(";")
                foreach ($Permission in $arrPermissions)     
                {
                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Allow $Permission | Out-Null                
                    Write-Output "ACL Allow admin set: $Permission"
                }
            }
                
            #denies
            if ($MSMQPermAdminDeny)
            {
                $arrPermissions = $MSMQPermAdminDeny.split(";")
                foreach ($Permission in $arrPermissions)     
                {
                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Deny $Permission | Out-Null
                    Write-Output "ACL Deny admin set: $Permission"
                }
            }
        }
    }
}

Provided under the Apache License version 2.0.

Report an issue

To use this template in Octopus Deploy, copy the JSON below and paste it into the Library → Step templates → Import dialog.

{
  "Id": "4c22f201-c634-4a22-aa55-ae24dc83d588",
  "Name": "MSMQ - Create Transactional Queue",
  "Description": "Create one or more MSMQ transactional queues and configure permissions.",
  "Version": 10,
  "ExportedAt": "2018-03-28T07:21:22.039Z",
  "ActionType": "Octopus.Script",
  "Author": "bobjwalker",
  "Parameters": [
    {
      "Id": "35154cac-d005-4a7b-85c9-8eab276e726b",
      "Name": "MSMQQueues",
      "Label": "Queue names",
      "HelpText": "Queue names, separated by semicolons. Example: _Queue1;Queue2;Queue3_",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "6f3a90b7-df04-4884-9cd1-f04ad7a1f97b",
      "Name": "MSMQUsers",
      "Label": "Queue users",
      "HelpText": "Users with access to the queue separated by semicolons. Example: _DOMAIN\\User1;DOMAIN\\User2_",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "3e2e1512-6f75-4e36-80cc-d350a3563a09",
      "Name": "MSMQPermAllow",
      "Label": "Allowed permissions",
      "HelpText": "Permissions granted to the queue users, separated by semicolons. Example: _DeleteMessage;PeekMessage;ReceiveMessage_",
      "DefaultValue": "DeleteMessage;PeekMessage;ReceiveMessage;WriteMessage",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "2063989e-587f-4787-b3ce-6865501316b2",
      "Name": "MSMQPermDeny",
      "Label": "Denied permissions",
      "HelpText": "Denied permissions, separated by semicolons: _TakeQueueOwnership_",
      "DefaultValue": "TakeQueueOwnership",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "42ec591d-9631-4ff4-ac56-94a1ac7c5994",
      "Name": "MSMQAdminUsers",
      "Label": "Admin queue users",
      "HelpText": "Users with access to the queue separated by semicolons. Example: _DOMAIN\\User1;DOMAIN\\User2_",
      "DefaultValue": null,
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "47dee55f-9d5a-4798-a61c-b4c7350774a5",
      "Name": "MSMQPermAdminAllow",
      "Label": "Allowed admin permissions",
      "HelpText": "Permissions granted to the queue admin users, separated by semicolons. Example: _DeleteMessage;PeekMessage;ReceiveMessage_",
      "DefaultValue": "FullControl",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "949b3efb-5fb7-4350-8336-1dfff67172aa",
      "Name": "MSMQPermAdminDeny",
      "Label": "Denied admin permissions",
      "HelpText": "Denied permissions, separated by semicolons: _TakeQueueOwnership_",
      "DefaultValue": null,
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "2be54d36-3b81-4a39-8685-adfe8d98ebbb",
      "Name": "MSMQResetPermissions",
      "Label": "Reset Permissions",
      "HelpText": "Remove all existing permissions from the Queue if it already exists",
      "DefaultValue": "false",
      "DisplaySettings": {
        "Octopus.ControlType": "Checkbox"
      },
      "Links": {}
    },
    {
      "Id": "54143721-075f-4270-89c1-154719ee0b3c",
      "Name": "MSMQResetDomains",
      "Label": "Reset Permissions Domains",
      "HelpText": "This is used if Reset Permissions is set.\nExample: YOURDOMAIN1;YOURDOMAIN2",
      "DefaultValue": null,
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    }
  ],
  "Properties": {
    "Octopus.Action.Script.ScriptBody": "$MSMQQueues = $OctopusParameters['MSMQQueues']\n$MSMQResetPermissions = $OctopusParameters['MSMQResetPermissions']\n$MSMQResetDomains = $OctopusParameters['MSMQResetDomains']\n$MSMQUsers = $OctopusParameters['MSMQUsers']\n$MSMQPermAllow = $OctopusParameters['MSMQPermAllow']\n$MSMQPermDeny = $OctopusParameters['MSMQPermDeny']\n$MSMQAdminUsers = $OctopusParameters['MSMQAdminUsers']\n$MSMQPermAdminAllow = $OctopusParameters['MSMQPermAdminAllow']\n$MSMQPermAdminDeny = $OctopusParameters['MSMQPermAdminDeny']\n\nWrite-Verbose \"`$MSMQQueues = $MSMQQueues\"\nWrite-Verbose \"`$MSMQResetPermissions = $MSMQResetPermissions\"\nWrite-Verbose \"`$MSMQResetDomains = $MSMQResetDomains\"\nWrite-Verbose \"`$MSMQUsers = $MSMQUsers\"\nWrite-Verbose \"`$MSMQPermAllow = $MSMQPermAllow\"\nWrite-Verbose \"`$MSMQPermDeny = $MSMQPermDeny\"\nWrite-Verbose \"`$MSMQAdminUsers = $MSMQAdminUsers\"\nWrite-Verbose \"`$MSMQPermAdminAllow = $MSMQPermAdminAllow\"\nWrite-Verbose \"`$MSMQPermAdminDeny = $MSMQPermAdminDeny\"\n\n#Split the Queues into an array\n$arrQueues = $MSMQQueues.split(\";\")\nforeach ($Queue in $arrQueues) \n{\n    #Does Queue Exists Already?\n    $thisQueue = Get-MSMQQueue $Queue\n    if (!$thisQueue)\n    {\n        #not found, create\n        Write-Output \"Creating Queue: \" $Queue\n        New-MsmqQueue -Name \"$Queue\" -Label \"private$\\$Queue\" -Transactional | Out-Null\n        $thisQueue = Get-MSMQQueue $Queue    \n    }\n    else\n    {\n        Write-Output \"Queue Exists: \" $thisQueue.QueueName\n        \n        if($MSMQResetPermissions -eq \"True\")\n        {\n            foreach($domain in $MSMQResetDomains.split(\";\"))\n            {\n                # reset permissions\n                $QueuePermissions = $thisQueue | Get-MsmqQueueACL\n                foreach ($AccessItem in $MSMQQueuePermissions)\n                {\n                    $userName = [Environment]::UserName\n                    if($AccessItem.AccountName -NotLike \"*$userName\") # not current user\n                    {\n                        $domain = \"$($domain)*\" #append * to end of domain\n                        if ($AccessItem.AccountName -Like \"$($domain)*\")\n                        {\n                            Write-Output \"Removing Permissions $($AccessItem.Right) for $($AccessItem.AccountName)\"\n                            Try\n                            {\n                                $thisQueue | Set-MsmqQueueACL -UserName $AccessItem.AccountName -Remove $AccessItem.Right | Out-Null\n                            }\n                            Catch\n                            {\n                                Write-Output \"Could not set permissions item $_.Exception.Message\"\n                                Break\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n\n    #set acl for users\n    $arrUsers = $MSMQUsers.split(\";\")\n    foreach ($User in $arrUsers)     \n    {    \n        if ($User)\n        {    \n            Write-Output \"Adding ACL for User: \" $User        \n            \n            #allows\n            if ($MSMQPermAllow)\n            {\n                $arrPermissions = $MSMQPermAllow.split(\";\")\n                foreach ($Permission in $arrPermissions)     \n                {\n                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Allow $Permission | Out-Null                \n                    Write-Output \"ACL Allow set: $Permission\"\n                }\n            }\n                \n            #denies\n            if ($MSMQPermDeny)\n            {\n                $arrPermissions = $MSMQPermDeny.split(\";\")\n                foreach ($Permission in $arrPermissions)     \n                {\n                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Deny $Permission | Out-Null\n                    Write-Output \"ACL Deny set: $Permission\"\n                }\n            }\n        }\n    }   \n    \n    \n    $arrAdminUsers = $MSMQAdminUsers.split(\";\") \n    foreach ($User in $arrAdminUsers)     \n    {    \n        if ($User)\n        { \n            Write-Output \"Adding ACL for Admin User: \" $User        \n            \n            #allows\n            if ($MSMQPermAdminAllow)\n            {\n                $arrPermissions = $MSMQPermAdminAllow.split(\";\")\n                foreach ($Permission in $arrPermissions)     \n                {\n                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Allow $Permission | Out-Null                \n                    Write-Output \"ACL Allow admin set: $Permission\"\n                }\n            }\n                \n            #denies\n            if ($MSMQPermAdminDeny)\n            {\n                $arrPermissions = $MSMQPermAdminDeny.split(\";\")\n                foreach ($Permission in $arrPermissions)     \n                {\n                    $thisQueue | Set-MsmqQueueAcl -UserName $User -Deny $Permission | Out-Null\n                    Write-Output \"ACL Deny admin set: $Permission\"\n                }\n            }\n        }\n    }\n}",
    "Octopus.Action.Script.Syntax": "PowerShell",
    "Octopus.Action.Script.ScriptSource": "Inline",
    "Octopus.Action.RunOnServer": "false",
    "Octopus.Action.Script.ScriptFileName": null,
    "Octopus.Action.Package.FeedId": null,
    "Octopus.Action.Package.PackageId": null
  },
  "Category": "Windows",
  "HistoryUrl": "https://github.com/OctopusDeploy/Library/commits/master/step-templates//opt/buildagent/work/75443764cd38076d/step-templates/msmq-create-transactional-queue.json",
  "Website": "/step-templates/4c22f201-c634-4a22-aa55-ae24dc83d588",
  "Logo": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAADNQTFRF////Da3qSsLvhtb0wur6O7zuWcfxldv2aMzyK7ftpOD3s+X48Pr+0fD7d9HzHLLr4fX8xD/OcwAAAaNJREFUeNrs3cFygjAUQFECWott1f//2sJoW6kIKEzNs+euXOmcmSSGDa8oJEmSJEmSJGmsj1W1K9cpsGD1Vr2WdToVEPC+2lYvZfpVrEW0qZpF1F+MRdRugzoNlvkiarfBPk0pT8GhWUSX2yASpDlLr2+DEJBmEY1ug6whx7N0n2b30G1QlmmxHsRYp6X76yvF9vg5RYQczq8UVURI35UiFmTgShED0p6lI1eKzCHTrxS5Qk6PZ9PLDtJ9PIsJmXWlyAky6/dAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQMJCyjltF/iO3gpJUpD8s4OAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID8T8itwwKyhbTdMr4ha8hXUwZqhICcOgyNOIkE+V5wo4MSgr1u/fp7poO+AL8K/gL8yw0UeyRB34m9iQ/pVD8L5JYTO3NI58R+AsiEEzsW5OfE3sUe/zRwYkeGnG2g2CPS7rhjF4GKP0ZwyoldxK37kFqEL/7wU0mSJEmSJOmJ+xRgAHxZTCXGdZkfAAAAAElFTkSuQmCC",
  "$Meta": {
    "Type": "ActionTemplate"
  }
}

History

Page updated on Wednesday, March 28, 2018