Compartilhar via


Broker Authentication - Create Or Update

Create a BrokerAuthenticationResource

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTOperations/instances/{instanceName}/brokers/{brokerName}/authentications/{authenticationName}?api-version=2024-11-01

URI Parameters

Name In Required Type Description
authenticationName
path True

string

Name of Instance broker authentication resource

Regex pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$

brokerName
path True

string

Name of broker.

Regex pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$

instanceName
path True

string

Name of instance.

Regex pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$

resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

subscriptionId
path True

string

uuid

The ID of the target subscription. The value must be an UUID.

api-version
query True

string

The API version to use for this operation.

Request Body

Name Required Type Description
extendedLocation True

ExtendedLocation

Edge location of the resource.

properties

BrokerAuthenticationProperties

The resource-specific properties for this resource.

Responses

Name Type Description
200 OK

BrokerAuthenticationResource

Resource 'BrokerAuthenticationResource' update operation succeeded

201 Created

BrokerAuthenticationResource

Resource 'BrokerAuthenticationResource' create operation succeeded

Headers

  • Azure-AsyncOperation: string
  • Retry-After: integer
Other Status Codes

ErrorResponse

An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

BrokerAuthentication_CreateOrUpdate
BrokerAuthentication_CreateOrUpdate_Complex

BrokerAuthentication_CreateOrUpdate

Sample request

PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authentications/resource-name123?api-version=2024-11-01

{
  "properties": {
    "authenticationMethods": [
      {
        "method": "Custom",
        "customSettings": {
          "auth": {
            "x509": {
              "secretRef": "secret-name"
            }
          },
          "caCertConfigMap": "pdecudefqyolvncbus",
          "endpoint": "https://www.example.com",
          "headers": {
            "key8518": "bwityjy"
          }
        },
        "serviceAccountTokenSettings": {
          "audiences": [
            "jqyhyqatuydg"
          ]
        },
        "x509Settings": {
          "authorizationAttributes": {
            "key3384": {
              "attributes": {
                "key186": "ucpajramsz"
              },
              "subject": "jpgwctfeixitptfgfnqhua"
            }
          },
          "trustedClientCaCert": "vlctsqddl"
        }
      }
    ]
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  }
}

Sample response

{
  "properties": {
    "authenticationMethods": [
      {
        "method": "Custom",
        "customSettings": {
          "auth": {
            "x509": {
              "secretRef": "secret-name"
            }
          },
          "caCertConfigMap": "pdecudefqyolvncbus",
          "endpoint": "https://www.example.com",
          "headers": {
            "key8518": "bwityjy"
          }
        },
        "serviceAccountTokenSettings": {
          "audiences": [
            "jqyhyqatuydg"
          ]
        },
        "x509Settings": {
          "authorizationAttributes": {
            "key3384": {
              "attributes": {
                "key186": "ucpajramsz"
              },
              "subject": "jpgwctfeixitptfgfnqhua"
            }
          },
          "trustedClientCaCert": "vlctsqddl"
        }
      }
    ],
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authentications/resource-name123",
  "name": "lwucizfvtsdpx",
  "type": "kvtilkgcxanlfozrd",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}
Azure-AsyncOperation: https://contoso.com/operationstatus
{
  "properties": {
    "authenticationMethods": [
      {
        "method": "Custom",
        "customSettings": {
          "auth": {
            "x509": {
              "secretRef": "secret-name"
            }
          },
          "caCertConfigMap": "pdecudefqyolvncbus",
          "endpoint": "https://www.example.com",
          "headers": {
            "key8518": "bwityjy"
          }
        },
        "serviceAccountTokenSettings": {
          "audiences": [
            "jqyhyqatuydg"
          ]
        },
        "x509Settings": {
          "authorizationAttributes": {
            "key3384": {
              "attributes": {
                "key186": "ucpajramsz"
              },
              "subject": "jpgwctfeixitptfgfnqhua"
            }
          },
          "trustedClientCaCert": "vlctsqddl"
        }
      }
    ],
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authentications/resource-name123",
  "name": "lwucizfvtsdpx",
  "type": "kvtilkgcxanlfozrd",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}

BrokerAuthentication_CreateOrUpdate_Complex

Sample request

PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authentications/resource-name123?api-version=2024-11-01

{
  "properties": {
    "authenticationMethods": [
      {
        "method": "ServiceAccountToken",
        "serviceAccountTokenSettings": {
          "audiences": [
            "aio-internal"
          ]
        }
      },
      {
        "method": "X509",
        "x509Settings": {
          "trustedClientCaCert": "my-ca",
          "authorizationAttributes": {
            "root": {
              "subject": "CN = Contoso Root CA Cert, OU = Engineering, C = US",
              "attributes": {
                "organization": "contoso"
              }
            },
            "intermediate": {
              "subject": "CN = Contoso Intermediate CA",
              "attributes": {
                "city": "seattle",
                "foo": "bar"
              }
            },
            "smart-fan": {
              "subject": "CN = smart-fan",
              "attributes": {
                "building": "17"
              }
            }
          }
        }
      }
    ]
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  }
}

Sample response

{
  "properties": {
    "authenticationMethods": [
      {
        "method": "ServiceAccountToken",
        "serviceAccountTokenSettings": {
          "audiences": [
            "aio-internal"
          ]
        }
      },
      {
        "method": "X509",
        "x509Settings": {
          "trustedClientCaCert": "my-ca",
          "authorizationAttributes": {
            "root": {
              "subject": "CN = Contoso Root CA Cert, OU = Engineering, C = US",
              "attributes": {
                "organization": "contoso"
              }
            },
            "intermediate": {
              "subject": "CN = Contoso Intermediate CA",
              "attributes": {
                "city": "seattle",
                "foo": "bar"
              }
            },
            "smart-fan": {
              "subject": "CN = smart-fan",
              "attributes": {
                "building": "17"
              }
            }
          }
        }
      }
    ],
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authentications/resource-name123",
  "name": "lwucizfvtsdpx",
  "type": "kvtilkgcxanlfozrd",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}
Azure-AsyncOperation: https://contoso.com/operationstatus
{
  "properties": {
    "authenticationMethods": [
      {
        "method": "ServiceAccountToken",
        "serviceAccountTokenSettings": {
          "audiences": [
            "aio-internal"
          ]
        }
      },
      {
        "method": "X509",
        "x509Settings": {
          "trustedClientCaCert": "my-ca",
          "authorizationAttributes": {
            "root": {
              "subject": "CN = Contoso Root CA Cert, OU = Engineering, C = US",
              "attributes": {
                "organization": "contoso"
              }
            },
            "intermediate": {
              "subject": "CN = Contoso Intermediate CA",
              "attributes": {
                "city": "seattle",
                "foo": "bar"
              }
            },
            "smart-fan": {
              "subject": "CN = smart-fan",
              "attributes": {
                "building": "17"
              }
            }
          }
        }
      }
    ],
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authentications/resource-name123",
  "name": "lwucizfvtsdpx",
  "type": "kvtilkgcxanlfozrd",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}

Definitions

Name Description
BrokerAuthenticationMethod

Broker Authentication Mode

BrokerAuthenticationProperties

BrokerAuthentication Resource properties

BrokerAuthenticationResource

Instance broker authentication resource

BrokerAuthenticatorCustomAuth

Custom Authentication properties

BrokerAuthenticatorMethodCustom

Custom method for BrokerAuthentication

BrokerAuthenticatorMethods

Set of broker authentication policies. Only one method is supported for each entry.

BrokerAuthenticatorMethodSat

Service Account Token for BrokerAuthentication

BrokerAuthenticatorMethodX509

X509 for BrokerAuthentication.

BrokerAuthenticatorMethodX509Attributes

BrokerAuthenticatorMethodX509Attributes properties.

createdByType

The type of identity that created the resource.

ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

ExtendedLocation

Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances.

ExtendedLocationType

The enum defining type of ExtendedLocation accepted.

ProvisioningState

The enum defining status of resource.

systemData

Metadata pertaining to creation and last modification of the resource.

X509ManualCertificate

X509 Certificate Authentication properties.

BrokerAuthenticationMethod

Broker Authentication Mode

Name Type Description
Custom

string

Custom authentication configuration.

ServiceAccountToken

string

ServiceAccountToken authentication configuration.

X509

string

X.509 authentication configuration.

BrokerAuthenticationProperties

BrokerAuthentication Resource properties

Name Type Description
authenticationMethods

BrokerAuthenticatorMethods[]

Defines a set of Broker authentication methods to be used on BrokerListeners. For each array element one authenticator type supported.

provisioningState

ProvisioningState

The status of the last operation.

BrokerAuthenticationResource

Instance broker authentication resource

Name Type Description
extendedLocation

ExtendedLocation

Edge location of the resource.

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

name

string

The name of the resource

properties

BrokerAuthenticationProperties

The resource-specific properties for this resource.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BrokerAuthenticatorCustomAuth

Custom Authentication properties

Name Type Description
x509

X509ManualCertificate

X509 Custom Auth type details.

BrokerAuthenticatorMethodCustom

Custom method for BrokerAuthentication

Name Type Description
auth

BrokerAuthenticatorCustomAuth

Optional authentication needed for authenticating with the custom authentication server.

caCertConfigMap

string

Optional CA certificate for validating the custom authentication server's certificate.

endpoint

string

Endpoint of the custom authentication server. Must be an HTTPS endpoint.

headers

object

Additional HTTP headers to pass to the custom authentication server.

BrokerAuthenticatorMethods

Set of broker authentication policies. Only one method is supported for each entry.

Name Type Description
customSettings

BrokerAuthenticatorMethodCustom

Custom authentication configuration.

method

BrokerAuthenticationMethod

Custom authentication configuration.

serviceAccountTokenSettings

BrokerAuthenticatorMethodSat

ServiceAccountToken authentication configuration.

x509Settings

BrokerAuthenticatorMethodX509

X.509 authentication configuration.

BrokerAuthenticatorMethodSat

Service Account Token for BrokerAuthentication

Name Type Description
audiences

string[]

List of allowed audience.

BrokerAuthenticatorMethodX509

X509 for BrokerAuthentication.

Name Type Default value Description
authorizationAttributes

<string,  BrokerAuthenticatorMethodX509Attributes>

X509 authorization attributes properties.

trustedClientCaCert

string

client-ca

Name of the trusted client ca cert resource.

BrokerAuthenticatorMethodX509Attributes

BrokerAuthenticatorMethodX509Attributes properties.

Name Type Description
attributes

object

Attributes object.

subject

string

Subject of the X509 attribute.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

ExtendedLocation

Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances.

Name Type Description
name

string

The name of the extended location.

type

ExtendedLocationType

Type of ExtendedLocation.

ExtendedLocationType

The enum defining type of ExtendedLocation accepted.

Name Type Description
CustomLocation

string

CustomLocation type

ProvisioningState

The enum defining status of resource.

Name Type Description
Accepted

string

Resource has been Accepted.

Canceled

string

Resource creation was canceled.

Deleting

string

Resource is Deleting.

Failed

string

Resource creation failed.

Provisioning

string

Resource is getting provisioned.

Succeeded

string

Resource has been created.

Updating

string

Resource is Updating.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

X509ManualCertificate

X509 Certificate Authentication properties.

Name Type Description
secretRef

string

Kubernetes secret containing an X.509 client certificate. This is a reference to the secret through an identifying name, not the secret itself.