Broker Authentication - Update

Reference

Service:: IoT MQ

API Version:: 2023-10-04-preview

Update a BrokerAuthenticationResource

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTOperationsMQ/mq/{mqName}/broker/{brokerName}/authentication/{authenticationName}?api-version=2023-10-04-preview

URI Parameters

Name	In	Required	Type	Description
authenticationName	path	True	string	Name of MQ broker/authentication resource Regex pattern: `^[a-zA-Z0-9-]{3,24}$`
brokerName	path	True	string	Name of MQ broker resource Regex pattern: `^[a-zA-Z0-9-]{3,24}$`
mqName	path	True	string	Name of MQ resource Regex pattern: `^[a-zA-Z0-9-]{3,24}$`
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Type	Description
properties.authenticationMethods	BrokerAuthenticatorMethods[]	The list of authentication methods supported by the Authentication Resource. For each array element, NOTE - Enum only authenticator type supported.
properties.listenerRef	string[]	The array of listener Resources it supports.
tags	object	Resource tags.

Responses

Name	Type	Description
200 OK	BrokerAuthenticationResource	Azure operation completed successfully.
Other Status Codes	ErrorResponse	An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

BrokerAuthentication_Update

Sample request

HTTP

PATCH https://management.azure.com/subscriptions/2408F1A7-C077-406C-814C-FBD93E129C00/resourceGroups/rgiotoperationsmq/providers/Microsoft.IoTOperationsMQ/mq/--2-yu7-a--s-6/broker/-18XI--g-3/authentication/J1-GL1ColXv?api-version=2023-10-04-preview

{
  "tags": {},
  "properties": {
    "authenticationMethods": [
      {
        "custom": {
          "auth": {
            "x509": {
              "keyVault": {
                "vault": {
                  "credentials": {
                    "servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
                  },
                  "directoryId": "eyjniptiykzcgbzok",
                  "name": "lxmwfan"
                },
                "vaultCaChainSecret": {
                  "name": "bmectskddmpjxnsogwooexj",
                  "version": "unjfbf"
                },
                "vaultCert": {
                  "name": "bmectskddmpjxnsogwooexj",
                  "version": "unjfbf"
                }
              },
              "secretName": "dordbwjewnqkhfd"
            }
          },
          "caCertConfigMap": "diufihyysdcosgy",
          "endpoint": "yy",
          "headers": {}
        },
        "sat": {
          "audiences": [
            "fiyitxutbuuhwtltukyjacads"
          ]
        },
        "svid": {
          "agentSocketPath": "gnyowebmeaj",
          "identityMaxRetry": 4031184731,
          "identityWaitRetryMs": 2243705844935085600
        },
        "usernamePassword": {
          "keyVault": {
            "vault": {
              "credentials": {
                "servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
              },
              "directoryId": "eyjniptiykzcgbzok",
              "name": "lxmwfan"
            },
            "vaultSecret": {
              "name": "bmectskddmpjxnsogwooexj",
              "version": "unjfbf"
            }
          },
          "secretName": "blk"
        },
        "x509": {
          "attributes": {
            "keyVault": {
              "vault": {
                "credentials": {
                  "servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
                },
                "directoryId": "eyjniptiykzcgbzok",
                "name": "lxmwfan"
              },
              "vaultSecret": {
                "name": "bmectskddmpjxnsogwooexj",
                "version": "unjfbf"
              }
            },
            "secretName": "ybcke"
          },
          "trustedClientCaCertConfigMap": "udidafmnpt"
        }
      }
    ],
    "listenerRef": [
      "johyupxmkijmdmc"
    ]
  }
}

Sample response

Status code:: 200

{
  "properties": {
    "authenticationMethods": [
      {
        "custom": {
          "auth": {
            "x509": {
              "keyVault": {
                "vault": {
                  "credentials": {
                    "servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
                  },
                  "directoryId": "eyjniptiykzcgbzok",
                  "name": "lxmwfan"
                },
                "vaultCaChainSecret": {
                  "name": "bmectskddmpjxnsogwooexj",
                  "version": "unjfbf"
                },
                "vaultCert": {
                  "name": "bmectskddmpjxnsogwooexj",
                  "version": "unjfbf"
                }
              },
              "secretName": "dordbwjewnqkhfd"
            }
          },
          "caCertConfigMap": "diufihyysdcosgy",
          "endpoint": "yy",
          "headers": {}
        },
        "sat": {
          "audiences": [
            "fiyitxutbuuhwtltukyjacads"
          ]
        },
        "svid": {
          "agentSocketPath": "gnyowebmeaj",
          "identityMaxRetry": 4031184731,
          "identityWaitRetryMs": 2243705844935085600
        },
        "usernamePassword": {
          "keyVault": {
            "vault": {
              "credentials": {
                "servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
              },
              "directoryId": "eyjniptiykzcgbzok",
              "name": "lxmwfan"
            },
            "vaultSecret": {
              "name": "bmectskddmpjxnsogwooexj",
              "version": "unjfbf"
            }
          },
          "secretName": "blk"
        },
        "x509": {
          "attributes": {
            "keyVault": {
              "vault": {
                "credentials": {
                  "servicePrincipalLocalSecretName": "wuimjwpbhoglbsxxa"
                },
                "directoryId": "eyjniptiykzcgbzok",
                "name": "lxmwfan"
              },
              "vaultSecret": {
                "name": "bmectskddmpjxnsogwooexj",
                "version": "unjfbf"
              }
            },
            "secretName": "ybcke"
          },
          "trustedClientCaCertConfigMap": "udidafmnpt"
        }
      }
    ],
    "listenerRef": [
      "johyupxmkijmdmc"
    ],
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "an",
    "type": "CustomLocation"
  },
  "tags": {},
  "location": "vtxegvaeqwyupplnm",
  "id": "rtmmdnvzvrabsmvmhdm",
  "name": "ktgtbdoqrmk",
  "type": "djuvudmbmryh",
  "systemData": {
    "createdBy": "lsch",
    "createdByType": "User",
    "createdAt": "2023-10-06T15:04:36.253Z",
    "lastModifiedBy": "moncedixbtiffwcevatm",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2023-10-06T15:04:36.256Z"
  }
}

Definitions

Name	Description
BrokerAuthenticationResource	MQ broker/authentication resource
BrokerAuthenticationResourceUpdate	The type used for update operations of the BrokerAuthenticationResource.
BrokerAuthenticatorCustomAuth	Custom Authentication properties
BrokerAuthenticatorCustomAuthX509	X509 Custom Authentication properties. NOTE - Enum only authenticator type supported at a time.
BrokerAuthenticatorMethodCustom	Custom method for BrokerAuthentication
BrokerAuthenticatorMethods	Collection of different CrdAuthenticator methods of Broker Resource. NOTE Enum - Only one method is supported for each entry.
BrokerAuthenticatorMethodSat	Service Account Token for BrokerAuthentication
BrokerAuthenticatorMethodSvid	SVID for BrokerAuthentication
BrokerAuthenticatorMethodUsernamePassword	UsernamePassword for BrokerAuthentication
BrokerAuthenticatorMethodX509	X509 for BrokerAuthentication.
BrokerAuthenticatorMethodX509Attributes	BrokerAuthenticatorMethodX509Attributes properties. NOTE - Enum only type supported at a time.
createdByType	The type of identity that created the resource.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
ExtendedLocationProperty	ExtendedLocation properties
ExtendedLocationType	The enum defining type of ExtendedLocation accepted.
KeyVaultCertificateProperties	KeyVault certificate properties
KeyVaultConnectionProperties	KeyVault properties
KeyVaultCredentialsProperties	KeyVault credentials properties. NOTE - Future this will be ENUM.
KeyVaultSecretObject	KeyVault secret object properties
KeyVaultSecretProperties	KeyVault secret properties
ProvisioningState	The enum defining status of resource.
systemData	Metadata pertaining to creation and last modification of the resource.

BrokerAuthenticationResource

MQ broker/authentication resource

Name	Type	Description
extendedLocation	ExtendedLocationProperty	Extended Location
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
location	string	The geo-location where the resource lives
name	string	The name of the resource
properties.authenticationMethods	BrokerAuthenticatorMethods[]	The list of authentication methods supported by the Authentication Resource. For each array element, NOTE - Enum only authenticator type supported.
properties.listenerRef	string[]	The array of listener Resources it supports.
properties.provisioningState	ProvisioningState	The status of the last operation.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	Resource tags.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BrokerAuthenticationResourceUpdate

The type used for update operations of the BrokerAuthenticationResource.

Name	Type	Description
properties.authenticationMethods	BrokerAuthenticatorMethods[]	The list of authentication methods supported by the Authentication Resource. For each array element, NOTE - Enum only authenticator type supported.
properties.listenerRef	string[]	The array of listener Resources it supports.
tags	object	Resource tags.

BrokerAuthenticatorCustomAuth

Custom Authentication properties

Name	Type	Description
x509	BrokerAuthenticatorCustomAuthX509	X509 Custom Auth type details.

BrokerAuthenticatorCustomAuthX509

X509 Custom Authentication properties. NOTE - Enum only authenticator type supported at a time.

Name	Type	Description
keyVault	KeyVaultCertificateProperties	Keyvault X509 secret properties.
secretName	string	Secret where cert details are stored.

BrokerAuthenticatorMethodCustom

Custom method for BrokerAuthentication

Name	Type	Description
auth	BrokerAuthenticatorCustomAuth	Custom Broker Authentication Method.
caCertConfigMap	string	CA cert config map to use.
endpoint	string	Endpoint to connect to.
headers	object	Configuration Headers to use.

BrokerAuthenticatorMethods

Collection of different CrdAuthenticator methods of Broker Resource. NOTE Enum - Only one method is supported for each entry.

Name	Type	Description
custom	BrokerAuthenticatorMethodCustom	Custom Authentication Method.
sat	BrokerAuthenticatorMethodSat	Service Account Token Method.
svid	BrokerAuthenticatorMethodSvid	Service Account Token Method.
usernamePassword	BrokerAuthenticatorMethodUsernamePassword	UsernamePassword Method.
x509	BrokerAuthenticatorMethodX509	X509 Method.

BrokerAuthenticatorMethodSat

Service Account Token for BrokerAuthentication

Name	Type	Description
audiences	string[]	List of allowed audience.

BrokerAuthenticatorMethodSvid

SVID for BrokerAuthentication

Name	Type	Default value	Description
agentSocketPath	string		Mounted socket path for spiffe agent.
identityMaxRetry	integer	3	Maximum number of re-tries to fetch identity.
identityWaitRetryMs	integer	5000	Maximum time to wait before fetching identity again.

BrokerAuthenticatorMethodUsernamePassword

UsernamePassword for BrokerAuthentication

Name	Type	Description
keyVault	KeyVaultSecretProperties	Keyvault username password secret properties.
secretName	string	Secret where username and password are stored.

BrokerAuthenticatorMethodX509

X509 for BrokerAuthentication.

Name	Type	Default value	Description
attributes	BrokerAuthenticatorMethodX509Attributes		K8S Secret name to mount for username and password.
trustedClientCaCertConfigMap	string	client-ca	Trusted client ca cert config map.

BrokerAuthenticatorMethodX509Attributes

BrokerAuthenticatorMethodX509Attributes properties. NOTE - Enum only type supported at a time.

Name	Type	Description
keyVault	KeyVaultSecretProperties	Keyvault x509 attributes secret properties.
secretName	string	Secret where x509 attributes are stored.

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Error response

Name	Type	Description
error	ErrorDetail	The error object.

ExtendedLocationProperty

ExtendedLocation properties

Name	Type	Description
name	string	The name of the extended location.
type	ExtendedLocationType	Type of ExtendedLocation.

ExtendedLocationType

The enum defining type of ExtendedLocation accepted.

Name	Type	Description
CustomLocation	string	CustomLocation type

KeyVaultCertificateProperties

KeyVault certificate properties

Name	Type	Description
vault	KeyVaultConnectionProperties	KeyVault properties.
vaultCaChainSecret	KeyVaultSecretObject	KeyVault CA chain secret details.
vaultCert	KeyVaultSecretObject	KeyVault Cert secret details.

KeyVaultConnectionProperties

KeyVault properties

Name	Type	Description
credentials	KeyVaultCredentialsProperties	KeyVault credentials.
directoryId	string	KeyVault directoryId.
name	string	KeyVault name.

KeyVaultCredentialsProperties

KeyVault credentials properties. NOTE - Future this will be ENUM.

Name	Type	Description
servicePrincipalLocalSecretName	string	KeyVault service principal local secret name.

KeyVaultSecretObject

KeyVault secret object properties

Name	Type	Description
name	string	KeyVault secret name.
version	string	KeyVault secret version.

KeyVaultSecretProperties

KeyVault secret properties

Name	Type	Description
vault	KeyVaultConnectionProperties	KeyVault properties.
vaultSecret	KeyVaultSecretObject	KeyVault secret details.

ProvisioningState

The enum defining status of resource.

Name	Type	Description
Accepted	string	Resource has been Accepted.
Canceled	string	Resource creation was canceled.
Deleting	string	Resource is Deleting.
Failed	string	Resource creation failed.
Provisioning	string	Resource is getting provisioned.
Succeeded	string	Resource has been created.
Updating	string	Resource is Updating.

systemData

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

Share via