了解用于管理事件网格主题的事件域Understand event domains for managing Event Grid topics

本文介绍如何使用事件域来管理各种业务组织、客户或应用程序的自定义事件流。This article describes how to use event domains to manage the flow of custom events to your various business organizations, customers, or applications. 事件域可用于:Use event domains to:

  • 管理大规模的多租户事件处理体系结构。Manage multitenant eventing architectures at scale.
  • 管理授权和身份验证。Manage your authorization and authentication.
  • 对主题进行分区,而不单独管理每个主题。Partition your topics without managing each individually.
  • 避免单独发布到每个主题终结点。Avoid individually publishing to each of your topic endpoints.

事件域概述Event domain overview

事件域是用于管理有关同一应用程序的大量事件网格主题的工具。An event domain is a management tool for large numbers of Event Grid topics related to the same application. 可将其视为可包含数千个单独主题的元主题。You can think of it as a meta-topic that can have thousands of individual topics.

事件域提供 Azure 服务(例如存储和 IoT 中心)使用的相同体系结构来发布其事件。Event domains make available to you the same architecture used by Azure services (like Storage and IoT Hub) to publish their events. 它们可以将事件发布到数千个主题。They allow you to publish events to thousands of topics. 域还提供对每个主题的授权和身份验证控制,以便你可对租户进行分区。Domains also give you authorization and authentication control over each topic so you can partition your tenants.

示例用例Example use case

解释事件域最简单的方法是采用示例。Event domains are most easily explained using an example. 假设你经营着 Contoso 建筑机械公司,你在其中制造拖拉机、挖掘设备和其他重型机械。Let's say you run Contoso Construction Machinery, where you manufacture tractors, digging equipment, and other heavy machinery. 运营业务时,可向客户推送有关设备维护、系统运行状况、合同更新的实时信息。As a part of running the business, you push real-time information to customers about equipment maintenance, systems health, and contract updates. 所有这些信息都会发布到各种终结点,包括应用、客户终结点以及客户已安装的其他基础结构。All of this information goes to various endpoints including your app, customer endpoints, and other infrastructure that customers have set up.

事件域允许将 Contoso 建筑机械公司建模为单个事件实体。Event domains allow you to model Contoso Construction Machinery as a single eventing entity. 每个客户表示为域中的主题。Each of your customers is represented as a topic within the domain. 使用 Azure Active Directory 处理身份验证和授权。Authentication and authorization are handled using Azure Active Directory. 每个客户都可订阅他们的主题并获取传送的事件。Each of your customers can subscribe to their topic and get their events delivered to them. 通过事件域管理访问权限可确保客户仅能访问其主题。Managed access through the event domain ensures they can only access their topic.

此外,你还可获得一个单个终结点,可将所有客户事件发布至此终结点。It also gives you a single endpoint, which you can publish all of your customer events to. 事件网格将负责确保每个主题仅获取其租户范围内的事件。Event Grid will take care of making sure each topic is only aware of events scoped to its tenant.

Contoso 建筑公司示例

访问管理Access management

使用域,可通过 Azure 的基于角色的访问控制 (RBAC) 精细控制每个主题的授权和身份验证情况。With a domain, you get fine grain authorization and authentication control over each topic via Azure's role-based access control (RBAC). 这些角色可用于将应用程序中的每个租户限制为仅可访问经授权的主题。You can use these roles to restrict each tenant in your application to only the topics you wish to grant them access to.

事件域中 RBAC 的工作方式与托管访问控制在事件网格和 Azure 的其余部分中的工作方式相同。RBAC in event domains works the same way managed access control works in the rest of Event Grid and Azure. 使用 RBAC 在事件域中创建和强制实施自定义角色定义。Use RBAC to create and enforce custom role definitions in event domains.

内置角色Built in roles

事件网格提供两个内置角色定义,使 RBAC 可更方便地用于事件域。Event Grid has two built-in role definitions to make RBAC easier for working with event domains. 这些角色是“EventGrid EventSubscription 参与者(预览版)”和“EventGrid EventSubscription 读取者(预览版)”。 These roles are EventGrid EventSubscription Contributor (Preview) and EventGrid EventSubscription Reader (Preview). 将这些角色分配到需要订阅事件域中的主题的用户。You assign these roles to users who need to subscribe to topics in your event domain. 将角色分配的范围仅限于用户需要订阅的主题。You scope the role assignment to only the topic that users need to subscribe to.

有关这些角色的信息,请参阅事件网格的内置角色For information about these roles, see Built-in roles for Event Grid.

订阅主题Subscribing to topics

订阅事件域中主题的事件与创建自定义主题的事件订阅或订阅 Azure 服务中的事件相同。Subscribing to events on a topic within an event domain is the same as creating an Event Subscription on a custom topic or subscribing to an event from an Azure service.

域范围订阅Domain scope subscriptions

事件域还允许域范围订阅。Event domains also allow for domain-scope subscriptions. 在事件域上订阅事件后,无论事件发送到哪个主题,都会收到发送到域的所有事件。An event subscription on an event domain will receive all events sent to the domain regardless of the topic the events are sent to. 域范围订阅可用于管理和审核工作。Domain scope subscriptions can be useful for management and auditing purposes.

发布到事件域Publishing to an event domain

创建事件域时,将获得一个发布终结点,这与在事件网格中创建主题时类似。When you create an event domain, you're given a publishing endpoint similar to if you had created a topic in Event Grid.

若要将事件发布到事件域中的主题,请将事件推送到域的终结点,方法与使用自定义主题时相同To publish events to any topic in an Event Domain, push the events to the domain's endpoint the same way you would for a custom topic. 唯一的区别是,必须指定要将事件传递到的主题。The only difference is that you must specify the topic you'd like the event to be delivered to.

例如,发布以下事件数组后,会将带有 "id": "1111" 的事件发送到主题 foo,带有 "id": "2222" 的事件发送到主题 barFor example, publishing the following array of events would send event with "id": "1111" to topic foo while the event with "id": "2222" would be sent to topic bar:

[{
  "topic": "foo",
  "id": "1111",
  "eventType": "maintenanceRequested",
  "subject": "myapp/vehicles/diggers",
  "eventTime": "2018-10-30T21:03:07+00:00",
  "data": {
    "make": "Contoso",
    "model": "Small Digger"
  },
  "dataVersion": "1.0"
},
{
  "topic": "bar",
  "id": "2222",
  "eventType": "maintenanceCompleted",
  "subject": "myapp/vehicles/tractors",
  "eventTime": "2018-10-30T21:04:12+00:00",
  "data": {
    "make": "Contoso",
    "model": "Big Tractor"
  },
  "dataVersion": "1.0"
}]

事件域会自动处理发布到主题的工作。Event domains handle publishing to topics for you. 可将所有事件发布到域的终结点,而无需将事件发布到单独管理的每个主题。Instead of publishing events to each topic you manage individually, you can publish all of your events to the domain's endpoint. 事件网格确保将每个事件发送到正确的主题。Event Grid makes sure each event is sent to the correct topic.

限制和配额Limits and quotas

下面是与事件域相关的限制和配额:Here are the limits and quotas related to event domains:

  • 每个事件域 100,000 个主题100,000 topics per event domain
  • 每个 Azure 订阅 100 个事件域100 event domains per Azure subscription
  • 事件域中每个主题 500 个事件订阅500 event subscriptions per topic in an event domain
  • 50 个域范围订阅50 domain scope subscriptions
  • 每秒 5,000 个事件的引入速率(引入到域)5,000 events per second ingestion rate (into a domain)

如果这些限制不适合你,请通过开具支持票证或向 askgrid@microsoft.com 发送电子邮件来联系产品团队。If these limits don't suit you, reach out the product team by opening a support ticket or by sending an email to askgrid@microsoft.com.

定价Pricing

事件域将使用与事件网格中所有其他功能相同的操作定价Event domains use the same operations pricing that all other features in Event Grid use.

操作在事件域中的工作方式与在自定义主题中的相同。Operations work the same in event domains as they do in custom topics. 事件域每引入一个事件都为一个操作,每尝试传递一个事件都为一个操作。Each ingress of an event to an event domain is an operation, and each delivery attempt for an event is an operation.

后续步骤Next steps

  • 若要了解有关设置事件域、创建主题、创建事件订阅和发布事件的信息,请参阅管理事件域To learn about setting up event domains, creating topics, creating event subscriptions, and publishing events, see Manage event domains.