Κοινή χρήση μέσω

az iot ops connector opcua client

  • Preview
  • Reference

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.53.0 or higher). The extension will automatically install the first time you run an az iot ops connector opcua client command. Learn more about extensions.

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage enterprise grade client application instance certificate for the OPC UA Broker.

The connector for OPC UA makes use of a single OPC UA application instance certificate for all the sessions it establishes to collect telemetry data from OPC UA servers. For more info, see https://aka.ms/opcua-certificates.

Commands

Name Description Type Status
az iot ops connector opcua client add

Add an enterprise grade client application instance certificate.

 Extension Preview
az iot ops connector opcua client remove

Remove client application instance certificate from the OPC UA Broker.

 Extension Preview
az iot ops connector opcua client show

Show details of secretsync resource 'aio-opc-ua-broker-client-certificate'.

 Extension Preview

az iot ops connector opcua client add

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Add an enterprise grade client application instance certificate.

The public key file extension must be .der and private key file extension must be .pem. Please make sure to use same filename for public key and private key file. Azure resource secretproviderclass 'opc-ua-connector' and secretsync 'aio-opc-ua-broker-client-certificate' will be created if not found. The newly added certificate will replace the existing certificate if there is any.

az iot ops connector opcua client add --application-uri
                                      --instance
                                      --pkf
                                      --private-key-file
                                      --resource-group
                                      --sn
                                      [--overwrite-secret {false, true}]
                                      [--pks]
                                      [--private-key-secret-name]

Examples

Add a client certificate.

az iot ops connector opcua client add --instance instance --resource-group instanceresourcegroup --public-key-file "newopc.der" --private-key-file "newopc.pem" --subject-name "aio-opc-opcuabroker" --application-uri "urn:microsoft.com:aio:opc:opcuabroker"

Add a client certificate and skip the overwrite confirmation prompt when the secret already exists.

az iot ops connector opcua client add --instance instance --resource-group instanceresourcegroup --public-key-file "newopc.der" --private-key-file "newopc.pem" --subject-name "aio-opc-opcuabroker" --application-uri "urn:microsoft.com:aio:opc:opcuabroker" --overwrite-secret

Add a client certificate with custom public and private key secret name.

az iot ops connector opcua client add --instance instance --resource-group instanceresourcegroup --public-key-file "newopc.der" --private-key-file "newopc.pem" --public-key-secret-name public-secret-name --private-key-secret-name private-secret-name --subject-name "aio-opc-opcuabroker" --application-uri "urn:microsoft.com:aio:opc:opcuabroker"

Required Parameters

--application-uri --au

The application instance URI embedded in the application instance.Can be found under public key certificate.

--instance -i -n

IoT Operations instance name.

--pkf --public-key-file

File that contains the enterprise grade application instance certificate public key in .der format. File name will be used to generate the public key secret name.

--private-key-file --prkf

File that contains the enterprise grade application instance certificate private key in .pem format. File name will be used to generate the private key secret name.

--resource-group -g

Instance resource group.

--sn --subject-name

The subject name string embedded in the application instance certificate.Can be found under public key certificate.

Optional Parameters

--overwrite-secret

Confirm [y]es without a prompt to overwrite secret. if secret name existed in Azure key vault. Useful for CI and automation scenarios.

Accepted values: false, true
Default value: False
--pks --public-key-secret-name

Public key secret name in the Key Vault. If not provided, the certificate file name will be used to generate the secret name.

--private-key-secret-name --prks

Private key secret name in the Key Vault. If not provided, the certificate file name will be used to generate the secret name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops connector opcua client remove

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Remove client application instance certificate from the OPC UA Broker.

Note: Removing all certificates from the OPC UA Broker's client certificate store will trigger deletion of the secretsync resource 'aio-opc-ua-broker-client-certificate'. And this operation will trigger the fallback to default (cert-manager based) certificate. This fallback requires an aio extension update. Please make sure to remove both public(.der) and private(.pem) key certificate pair to avoid orphaned secret.

az iot ops connector opcua client remove --certificate-names
                                         --instance
                                         --resource-group
                                         [--force {false, true}]
                                         [--include-secrets {false, true}]
                                         [--yes {false, true}]

Examples

Remove client certificates from the OPC UA Broker's client certificate store.

az iot ops connector opcua client remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der testcert.pem

Remove client certificates from client certificate store, including remove related keyvault secret.

az iot ops connector opcua client remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der testcert.pem --include-secrets

Force remove certificates operation regardless of warnings. May lead to errors.

az iot ops connector opcua client remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der testcert.pem --force

Remove client certificates from client certificate store and skip confirmation prompt for removal.

az iot ops connector opcua client remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der testcert.pem --yes

Required Parameters

--certificate-names --cn

Space-separated certificate names to remove. Note: the names can be found under the corresponding secretsync resource property 'targetKey'.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Optional Parameters

--force

Force the operation to execute.

Accepted values: false, true
Default value: False
--include-secrets

Indicates the command should remove the key vault secrets associated with the certificate(s). This option will delete and purge the secrets.

Accepted values: false, true
Default value: False
--yes -y

Confirm [y]es without a prompt. Useful for CI and automation scenarios.

Accepted values: false, true
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops connector opcua client show

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Show details of secretsync resource 'aio-opc-ua-broker-client-certificate'.

az iot ops connector opcua client show --instance
                                       --resource-group

Examples

Show details of 'aio-opc-ua-broker-client-certificate' secretsync resource.

az iot ops connector opcua client show --instance instance --resource-group instanceresourcegroup

Required Parameters

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.