Broker Authentication - Create Or Update
Create a BrokerAuthenticationResource
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTOperationsMQ/mq/{mqName}/broker/{brokerName}/authentication/{authenticationName}?api-version=2023-10-04-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
authentication
|
path | True |
string |
Name of MQ broker/authentication resource Regex pattern: |
|
broker
|
path | True |
string |
Name of MQ broker resource Regex pattern: |
|
mq
|
path | True |
string |
Name of MQ resource Regex pattern: |
|
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string |
The ID of the target subscription. |
|
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| extendedLocation | True |
Extended Location |
|
| location | True |
string |
The geo-location where the resource lives |
| properties.authenticationMethods | True |
The list of authentication methods supported by the Authentication Resource. For each array element, NOTE - Enum only authenticator type supported. |
|
| properties.listenerRef | True |
string[] |
The array of listener Resources it supports. |
| tags |
object |
Resource tags. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Resource 'BrokerAuthenticationResource' update operation succeeded |
|
| 201 Created |
Resource 'BrokerAuthenticationResource' create operation succeeded Headers Retry-After: integer |
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
BrokerAuthentication_CreateOrUpdate
Sample request
PUT https://management.azure.com/subscriptions/2408F1A7-C077-406C-814C-FBD93E129C00/resourceGroups/rgiotoperationsmq/providers/Microsoft.IoTOperationsMQ/mq/2S-A2-D9kC946K/broker/87v1GC9557XuP-JLI4-/authentication/lUo-GQ3-95F-1O-?api-version=2023-10-04-preview
{
"properties": {
"authenticationMethods": [
{
"custom": {
"auth": {
"x509": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultCaChainSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
},
"vaultCert": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "dordbwjewnqkhfd"
}
},
"caCertConfigMap": "diufihyysdcosgy",
"endpoint": "yy",
"headers": {}
},
"sat": {
"audiences": [
"fiyitxutbuuhwtltukyjacads"
]
},
"svid": {
"agentSocketPath": "gnyowebmeaj",
"identityMaxRetry": 4031184731,
"identityWaitRetryMs": 2243705844935085600
},
"usernamePassword": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "blk"
},
"x509": {
"attributes": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "ybcke"
},
"trustedClientCaCertConfigMap": "udidafmnpt"
}
}
],
"listenerRef": [
"dhjpypfjzzmwm"
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "an",
"type": "CustomLocation"
},
"tags": {},
"location": "vtxegvaeqwyupplnm"
}
Sample response
{
"properties": {
"authenticationMethods": [
{
"custom": {
"auth": {
"x509": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultCaChainSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
},
"vaultCert": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "dordbwjewnqkhfd"
}
},
"caCertConfigMap": "diufihyysdcosgy",
"endpoint": "yy",
"headers": {}
},
"sat": {
"audiences": [
"fiyitxutbuuhwtltukyjacads"
]
},
"svid": {
"agentSocketPath": "gnyowebmeaj",
"identityMaxRetry": 4031184731,
"identityWaitRetryMs": 2243705844935085600
},
"usernamePassword": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "blk"
},
"x509": {
"attributes": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "ybcke"
},
"trustedClientCaCertConfigMap": "udidafmnpt"
}
}
],
"listenerRef": [
"dhjpypfjzzmwm"
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "an",
"type": "CustomLocation"
},
"tags": {},
"location": "vtxegvaeqwyupplnm",
"id": "rtmmdnvzvrabsmvmhdm",
"name": "ktgtbdoqrmk",
"type": "djuvudmbmryh",
"systemData": {
"createdBy": "lsch",
"createdByType": "User",
"createdAt": "2023-10-06T15:04:36.253Z",
"lastModifiedBy": "moncedixbtiffwcevatm",
"lastModifiedByType": "User",
"lastModifiedAt": "2023-10-06T15:04:36.256Z"
}
}Azure-AsyncOperation: https://contoso.com/operationstatus{
"properties": {
"authenticationMethods": [
{
"custom": {
"auth": {
"x509": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultCaChainSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
},
"vaultCert": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "dordbwjewnqkhfd"
}
},
"caCertConfigMap": "diufihyysdcosgy",
"endpoint": "yy",
"headers": {}
},
"sat": {
"audiences": [
"fiyitxutbuuhwtltukyjacads"
]
},
"svid": {
"agentSocketPath": "gnyowebmeaj",
"identityMaxRetry": 4031184731,
"identityWaitRetryMs": 2243705844935085600
},
"usernamePassword": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "blk"
},
"x509": {
"attributes": {
"keyVault": {
"vault": {
"credentials": {
"servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
},
"directoryId": "eyjniptiykzcgbzok",
"name": "lxmwfan"
},
"vaultSecret": {
"name": "bmectskddmpjxnsogwooexj",
"version": "unjfbf"
}
},
"secretName": "ybcke"
},
"trustedClientCaCertConfigMap": "udidafmnpt"
}
}
],
"listenerRef": [
"dhjpypfjzzmwm"
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "an",
"type": "CustomLocation"
},
"tags": {},
"location": "vtxegvaeqwyupplnm",
"id": "rtmmdnvzvrabsmvmhdm",
"name": "ktgtbdoqrmk",
"type": "djuvudmbmryh",
"systemData": {
"createdBy": "lsch",
"createdByType": "User",
"createdAt": "2023-10-06T15:04:36.253Z",
"lastModifiedBy": "moncedixbtiffwcevatm",
"lastModifiedByType": "User",
"lastModifiedAt": "2023-10-06T15:04:36.256Z"
}
}Definitions
| Name | Description |
|---|---|
|
Broker |
MQ broker/authentication resource |
|
Broker |
Custom Authentication properties |
|
Broker |
X509 Custom Authentication properties. NOTE - Enum only authenticator type supported at a time. |
|
Broker |
Custom method for BrokerAuthentication |
|
Broker |
Collection of different CrdAuthenticator methods of Broker Resource. NOTE Enum - Only one method is supported for each entry. |
|
Broker |
Service Account Token for BrokerAuthentication |
|
Broker |
SVID for BrokerAuthentication |
|
Broker |
UsernamePassword for BrokerAuthentication |
|
Broker |
X509 for BrokerAuthentication. |
|
Broker |
BrokerAuthenticatorMethodX509Attributes properties. NOTE - Enum only type supported at a time. |
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Extended |
ExtendedLocation properties |
|
Extended |
The enum defining type of ExtendedLocation accepted. |
|
Key |
KeyVault certificate properties |
|
Key |
KeyVault properties |
|
Key |
KeyVault credentials properties. NOTE - Future this will be ENUM. |
|
Key |
KeyVault secret object properties |
|
Key |
KeyVault secret properties |
|
Provisioning |
The enum defining status of resource. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
BrokerAuthenticationResource
MQ broker/authentication resource
| Name | Type | Description |
|---|---|---|
| extendedLocation |
Extended Location |
|
| id |
string |
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
| location |
string |
The geo-location where the resource lives |
| name |
string |
The name of the resource |
| properties.authenticationMethods |
The list of authentication methods supported by the Authentication Resource. For each array element, NOTE - Enum only authenticator type supported. |
|
| properties.listenerRef |
string[] |
The array of listener Resources it supports. |
| properties.provisioningState |
The status of the last operation. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| tags |
object |
Resource tags. |
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
BrokerAuthenticatorCustomAuth
Custom Authentication properties
| Name | Type | Description |
|---|---|---|
| x509 |
X509 Custom Auth type details. |
BrokerAuthenticatorCustomAuthX509
X509 Custom Authentication properties. NOTE - Enum only authenticator type supported at a time.
| Name | Type | Description |
|---|---|---|
| keyVault |
Keyvault X509 secret properties. |
|
| secretName |
string |
Secret where cert details are stored. |
BrokerAuthenticatorMethodCustom
Custom method for BrokerAuthentication
| Name | Type | Description |
|---|---|---|
| auth |
Custom Broker Authentication Method. |
|
| caCertConfigMap |
string |
CA cert config map to use. |
| endpoint |
string |
Endpoint to connect to. |
| headers |
object |
Configuration Headers to use. |
BrokerAuthenticatorMethods
Collection of different CrdAuthenticator methods of Broker Resource. NOTE Enum - Only one method is supported for each entry.
| Name | Type | Description |
|---|---|---|
| custom |
Custom Authentication Method. |
|
| sat |
Service Account Token Method. |
|
| svid |
Service Account Token Method. |
|
| usernamePassword |
UsernamePassword Method. |
|
| x509 |
X509 Method. |
BrokerAuthenticatorMethodSat
Service Account Token for BrokerAuthentication
| Name | Type | Description |
|---|---|---|
| audiences |
string[] |
List of allowed audience. |
BrokerAuthenticatorMethodSvid
SVID for BrokerAuthentication
| Name | Type | Default value | Description |
|---|---|---|---|
| agentSocketPath |
string |
Mounted socket path for spiffe agent. |
|
| identityMaxRetry |
integer |
3 |
Maximum number of re-tries to fetch identity. |
| identityWaitRetryMs |
integer |
5000 |
Maximum time to wait before fetching identity again. |
BrokerAuthenticatorMethodUsernamePassword
UsernamePassword for BrokerAuthentication
| Name | Type | Description |
|---|---|---|
| keyVault |
Keyvault username password secret properties. |
|
| secretName |
string |
Secret where username and password are stored. |
BrokerAuthenticatorMethodX509
X509 for BrokerAuthentication.
| Name | Type | Default value | Description |
|---|---|---|---|
| attributes |
K8S Secret name to mount for username and password. |
||
| trustedClientCaCertConfigMap |
string |
client-ca |
Trusted client ca cert config map. |
BrokerAuthenticatorMethodX509Attributes
BrokerAuthenticatorMethodX509Attributes properties. NOTE - Enum only type supported at a time.
| Name | Type | Description |
|---|---|---|
| keyVault |
Keyvault x509 attributes secret properties. |
|
| secretName |
string |
Secret where x509 attributes are stored. |
createdByType
The type of identity that created the resource.
| Name | Type | Description |
|---|---|---|
| Application |
string |
|
| Key |
string |
|
| ManagedIdentity |
string |
|
| User |
string |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
ExtendedLocationProperty
ExtendedLocation properties
| Name | Type | Description |
|---|---|---|
| name |
string |
The name of the extended location. |
| type |
Type of ExtendedLocation. |
ExtendedLocationType
The enum defining type of ExtendedLocation accepted.
| Name | Type | Description |
|---|---|---|
| CustomLocation |
string |
CustomLocation type |
KeyVaultCertificateProperties
KeyVault certificate properties
| Name | Type | Description |
|---|---|---|
| vault |
KeyVault properties. |
|
| vaultCaChainSecret |
KeyVault CA chain secret details. |
|
| vaultCert |
KeyVault Cert secret details. |
KeyVaultConnectionProperties
KeyVault properties
| Name | Type | Description |
|---|---|---|
| credentials |
KeyVault credentials. |
|
| directoryId |
string |
KeyVault directoryId. |
| name |
string |
KeyVault name. |
KeyVaultCredentialsProperties
KeyVault credentials properties. NOTE - Future this will be ENUM.
| Name | Type | Description |
|---|---|---|
| servicePrincipalLocalSecretName |
string |
KeyVault service principal local secret name. |
KeyVaultSecretObject
KeyVault secret object properties
| Name | Type | Description |
|---|---|---|
| name |
string |
KeyVault secret name. |
| version |
string |
KeyVault secret version. |
KeyVaultSecretProperties
KeyVault secret properties
| Name | Type | Description |
|---|---|---|
| vault |
KeyVault properties. |
|
| vaultSecret |
KeyVault secret details. |
ProvisioningState
The enum defining status of resource.
| Name | Type | Description |
|---|---|---|
| Accepted |
string |
Resource has been Accepted. |
| Canceled |
string |
Resource creation was canceled. |
| Deleting |
string |
Resource is Deleting. |
| Failed |
string |
Resource creation failed. |
| Provisioning |
string |
Resource is getting provisioned. |
| Succeeded |
string |
Resource has been created. |
| Updating |
string |
Resource is Updating. |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |