Compartilhar via


Broker Authorization - Create Or Update

Create a BrokerAuthorizationResource

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTOperations/instances/{instanceName}/brokers/{brokerName}/authorizations/{authorizationName}?api-version=2024-11-01

URI Parameters

Name In Required Type Description
authorizationName
path True

string

Name of Instance broker authorization resource

Regex pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$

brokerName
path True

string

Name of broker.

Regex pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$

instanceName
path True

string

Name of instance.

Regex pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$

resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

subscriptionId
path True

string

uuid

The ID of the target subscription. The value must be an UUID.

api-version
query True

string

The API version to use for this operation.

Request Body

Name Required Type Description
extendedLocation True

ExtendedLocation

Edge location of the resource.

properties

BrokerAuthorizationProperties

The resource-specific properties for this resource.

Responses

Name Type Description
200 OK

BrokerAuthorizationResource

Resource 'BrokerAuthorizationResource' update operation succeeded

201 Created

BrokerAuthorizationResource

Resource 'BrokerAuthorizationResource' create operation succeeded

Headers

  • Azure-AsyncOperation: string
  • Retry-After: integer
Other Status Codes

ErrorResponse

An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

BrokerAuthorization_CreateOrUpdate
BrokerAuthorization_CreateOrUpdate_Complex
BrokerAuthorization_CreateOrUpdate_Simple

BrokerAuthorization_CreateOrUpdate

Sample request

PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123?api-version=2024-11-01

{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "brokerResources": [
            {
              "method": "Connect",
              "clientIds": [
                "nlc"
              ],
              "topics": [
                "wvuca"
              ]
            }
          ],
          "principals": {
            "attributes": [
              {
                "key5526": "nydhzdhbldygqcn"
              }
            ],
            "clientIds": [
              "smopeaeddsygz"
            ],
            "usernames": [
              "iozngyqndrteikszkbasinzdjtm"
            ]
          },
          "stateStoreResources": [
            {
              "keyType": "Pattern",
              "keys": [
                "tkounsqtwvzyaklxjqoerpu"
              ],
              "method": "Read"
            }
          ]
        }
      ]
    }
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  }
}

Sample response

{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "brokerResources": [
            {
              "method": "Connect",
              "clientIds": [
                "nlc"
              ],
              "topics": [
                "wvuca"
              ]
            }
          ],
          "principals": {
            "attributes": [
              {
                "key5526": "nydhzdhbldygqcn"
              }
            ],
            "clientIds": [
              "smopeaeddsygz"
            ],
            "usernames": [
              "iozngyqndrteikszkbasinzdjtm"
            ]
          },
          "stateStoreResources": [
            {
              "keyType": "Pattern",
              "keys": [
                "tkounsqtwvzyaklxjqoerpu"
              ],
              "method": "Read"
            }
          ]
        }
      ]
    },
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
  "name": "anqrqsvrjmlvzkrbuav",
  "type": "yjlsfarshqoxojvgmy",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}
Azure-AsyncOperation: https://contoso.com/operationstatus
{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "brokerResources": [
            {
              "method": "Connect",
              "clientIds": [
                "nlc"
              ],
              "topics": [
                "wvuca"
              ]
            }
          ],
          "principals": {
            "attributes": [
              {
                "key5526": "nydhzdhbldygqcn"
              }
            ],
            "clientIds": [
              "smopeaeddsygz"
            ],
            "usernames": [
              "iozngyqndrteikszkbasinzdjtm"
            ]
          },
          "stateStoreResources": [
            {
              "keyType": "Pattern",
              "keys": [
                "tkounsqtwvzyaklxjqoerpu"
              ],
              "method": "Read"
            }
          ]
        }
      ]
    },
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
  "name": "anqrqsvrjmlvzkrbuav",
  "type": "yjlsfarshqoxojvgmy",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}

BrokerAuthorization_CreateOrUpdate_Complex

Sample request

PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123?api-version=2024-11-01

{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "principals": {
            "usernames": [
              "temperature-sensor",
              "humidity-sensor"
            ],
            "attributes": [
              {
                "building": "17",
                "organization": "contoso"
              }
            ]
          },
          "brokerResources": [
            {
              "method": "Connect",
              "clientIds": [
                "{principal.attributes.building}*"
              ]
            },
            {
              "method": "Publish",
              "topics": [
                "sensors/{principal.attributes.building}/{principal.clientId}/telemetry/*"
              ]
            },
            {
              "method": "Subscribe",
              "topics": [
                "commands/{principal.attributes.organization}"
              ]
            }
          ],
          "stateStoreResources": [
            {
              "method": "Read",
              "keyType": "Pattern",
              "keys": [
                "myreadkey",
                "myotherkey?",
                "mynumerickeysuffix[0-9]",
                "clients:{principal.clientId}:*"
              ]
            },
            {
              "method": "ReadWrite",
              "keyType": "Binary",
              "keys": [
                "MTE2IDEwMSAxMTUgMTE2"
              ]
            }
          ]
        }
      ]
    }
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  }
}

Sample response

{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "principals": {
            "usernames": [
              "temperature-sensor",
              "humidity-sensor"
            ],
            "attributes": [
              {
                "building": "17",
                "organization": "contoso"
              }
            ]
          },
          "brokerResources": [
            {
              "method": "Connect",
              "clientIds": [
                "{principal.attributes.building}*"
              ]
            },
            {
              "method": "Publish",
              "topics": [
                "sensors/{principal.attributes.building}/{principal.clientId}/telemetry/*"
              ]
            },
            {
              "method": "Subscribe",
              "topics": [
                "commands/{principal.attributes.organization}"
              ]
            }
          ],
          "stateStoreResources": [
            {
              "method": "Read",
              "keyType": "Pattern",
              "keys": [
                "myreadkey",
                "myotherkey?",
                "mynumerickeysuffix[0-9]",
                "clients:{principal.clientId}:*"
              ]
            },
            {
              "method": "ReadWrite",
              "keyType": "Binary",
              "keys": [
                "MTE2IDEwMSAxMTUgMTE2"
              ]
            }
          ]
        }
      ]
    },
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
  "name": "anqrqsvrjmlvzkrbuav",
  "type": "yjlsfarshqoxojvgmy",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}
Azure-AsyncOperation: https://contoso.com/operationstatus
{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "principals": {
            "usernames": [
              "temperature-sensor",
              "humidity-sensor"
            ],
            "attributes": [
              {
                "building": "17",
                "organization": "contoso"
              }
            ]
          },
          "brokerResources": [
            {
              "method": "Connect",
              "clientIds": [
                "{principal.attributes.building}*"
              ]
            },
            {
              "method": "Publish",
              "topics": [
                "sensors/{principal.attributes.building}/{principal.clientId}/telemetry/*"
              ]
            },
            {
              "method": "Subscribe",
              "topics": [
                "commands/{principal.attributes.organization}"
              ]
            }
          ],
          "stateStoreResources": [
            {
              "method": "Read",
              "keyType": "Pattern",
              "keys": [
                "myreadkey",
                "myotherkey?",
                "mynumerickeysuffix[0-9]",
                "clients:{principal.clientId}:*"
              ]
            },
            {
              "method": "ReadWrite",
              "keyType": "Binary",
              "keys": [
                "MTE2IDEwMSAxMTUgMTE2"
              ]
            }
          ]
        }
      ]
    },
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
  "name": "anqrqsvrjmlvzkrbuav",
  "type": "yjlsfarshqoxojvgmy",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}

BrokerAuthorization_CreateOrUpdate_Simple

Sample request

PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123?api-version=2024-11-01

{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "principals": {
            "clientIds": [
              "my-client-id"
            ],
            "attributes": [
              {
                "floor": "floor1",
                "site": "site1"
              }
            ]
          },
          "brokerResources": [
            {
              "method": "Connect"
            },
            {
              "method": "Subscribe",
              "topics": [
                "topic",
                "topic/with/wildcard/#"
              ]
            }
          ],
          "stateStoreResources": [
            {
              "method": "ReadWrite",
              "keyType": "Pattern",
              "keys": [
                "*"
              ]
            }
          ]
        }
      ]
    }
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  }
}

Sample response

{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "principals": {
            "clientIds": [
              "my-client-id"
            ],
            "attributes": [
              {
                "floor": "floor1",
                "site": "site1"
              }
            ]
          },
          "brokerResources": [
            {
              "method": "Connect"
            },
            {
              "method": "Subscribe",
              "topics": [
                "topic",
                "topic/with/wildcard/#"
              ]
            }
          ],
          "stateStoreResources": [
            {
              "method": "ReadWrite",
              "keyType": "Pattern",
              "keys": [
                "*"
              ]
            }
          ]
        }
      ]
    },
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
  "name": "anqrqsvrjmlvzkrbuav",
  "type": "yjlsfarshqoxojvgmy",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}
Azure-AsyncOperation: https://contoso.com/operationstatus
{
  "properties": {
    "authorizationPolicies": {
      "cache": "Enabled",
      "rules": [
        {
          "principals": {
            "clientIds": [
              "my-client-id"
            ],
            "attributes": [
              {
                "floor": "floor1",
                "site": "site1"
              }
            ]
          },
          "brokerResources": [
            {
              "method": "Connect"
            },
            {
              "method": "Subscribe",
              "topics": [
                "topic",
                "topic/with/wildcard/#"
              ]
            }
          ],
          "stateStoreResources": [
            {
              "method": "ReadWrite",
              "keyType": "Pattern",
              "keys": [
                "*"
              ]
            }
          ]
        }
      ]
    },
    "provisioningState": "Succeeded"
  },
  "extendedLocation": {
    "name": "qmbrfwcpwwhggszhrdjv",
    "type": "CustomLocation"
  },
  "id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
  "name": "anqrqsvrjmlvzkrbuav",
  "type": "yjlsfarshqoxojvgmy",
  "systemData": {
    "createdBy": "ssvaslsmudloholronopqyxjcu",
    "createdByType": "User",
    "createdAt": "2024-08-09T18:13:29.389Z",
    "lastModifiedBy": "gnicpuszwd",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-08-09T18:13:29.389Z"
  }
}

Definitions

Name Description
AuthorizationConfig

Broker AuthorizationConfig properties

AuthorizationRule

AuthorizationConfig Rule Properties

BrokerAuthorizationProperties

BrokerAuthorization Resource properties

BrokerAuthorizationResource

Instance broker authorizations resource

BrokerResourceDefinitionMethods

BrokerResourceDefinitionMethods methods allowed

BrokerResourceRule

Broker Resource Rule properties. This defines the objects that represent the actions or topics, such as - method.Connect, method.Publish, etc.

createdByType

The type of identity that created the resource.

ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

ExtendedLocation

Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances.

ExtendedLocationType

The enum defining type of ExtendedLocation accepted.

OperationalMode

Mode properties

PrincipalDefinition

PrincipalDefinition properties of Rule

ProvisioningState

The enum defining status of resource.

StateStoreResourceDefinitionMethods

StateStoreResourceDefinitionMethods methods allowed

StateStoreResourceKeyTypes

StateStoreResourceKeyTypes properties

StateStoreResourceRule

State Store Resource Rule properties.

systemData

Metadata pertaining to creation and last modification of the resource.

AuthorizationConfig

Broker AuthorizationConfig properties

Name Type Default value Description
cache

OperationalMode

Enabled

Enable caching of the authorization rules.

rules

AuthorizationRule[]

The authorization rules to follow. If no rule is set, but Authorization Resource is used that would mean DenyAll.

AuthorizationRule

AuthorizationConfig Rule Properties

Name Type Description
brokerResources

BrokerResourceRule[]

Give access to Broker methods and topics.

principals

PrincipalDefinition

Give access to clients based on the following properties.

stateStoreResources

StateStoreResourceRule[]

Give access to state store resources.

BrokerAuthorizationProperties

BrokerAuthorization Resource properties

Name Type Description
authorizationPolicies

AuthorizationConfig

The list of authorization policies supported by the Authorization Resource.

provisioningState

ProvisioningState

The status of the last operation.

BrokerAuthorizationResource

Instance broker authorizations resource

Name Type Description
extendedLocation

ExtendedLocation

Edge location of the resource.

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

name

string

The name of the resource

properties

BrokerAuthorizationProperties

The resource-specific properties for this resource.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BrokerResourceDefinitionMethods

BrokerResourceDefinitionMethods methods allowed

Name Type Description
Connect

string

Allowed Connecting to Broker

Publish

string

Allowed Publishing to Broker

Subscribe

string

Allowed Subscribing to Broker

BrokerResourceRule

Broker Resource Rule properties. This defines the objects that represent the actions or topics, such as - method.Connect, method.Publish, etc.

Name Type Default value Description
clientIds

string[]

[]

A list of client IDs that match the clients. The client IDs are case-sensitive and must match the client IDs provided by the clients during connection. This subfield may be set if the method is Connect.

method

BrokerResourceDefinitionMethods

Give access for a Broker method (i.e., Connect, Subscribe, or Publish).

topics

string[]

[]

A list of topics or topic patterns that match the topics that the clients can publish or subscribe to. This subfield is required if the method is Publish or Subscribe.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

ExtendedLocation

Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances.

Name Type Description
name

string

The name of the extended location.

type

ExtendedLocationType

Type of ExtendedLocation.

ExtendedLocationType

The enum defining type of ExtendedLocation accepted.

Name Type Description
CustomLocation

string

CustomLocation type

OperationalMode

Mode properties

Name Type Description
Disabled

string

Disabled is equivalent to False.

Enabled

string

Enabled is equivalent to True

PrincipalDefinition

PrincipalDefinition properties of Rule

Name Type Default value Description
attributes

object[]

[]

A list of key-value pairs that match the attributes of the clients. The attributes are case-sensitive and must match the attributes provided by the clients during authentication.

clientIds

string[]

[]

A list of client IDs that match the clients. The client IDs are case-sensitive and must match the client IDs provided by the clients during connection.

usernames

string[]

[]

A list of usernames that match the clients. The usernames are case-sensitive and must match the usernames provided by the clients during authentication.

ProvisioningState

The enum defining status of resource.

Name Type Description
Accepted

string

Resource has been Accepted.

Canceled

string

Resource creation was canceled.

Deleting

string

Resource is Deleting.

Failed

string

Resource creation failed.

Provisioning

string

Resource is getting provisioned.

Succeeded

string

Resource has been created.

Updating

string

Resource is Updating.

StateStoreResourceDefinitionMethods

StateStoreResourceDefinitionMethods methods allowed

Name Type Description
Read

string

Get/KeyNotify from Store

ReadWrite

string

Allowed all operations on Store - Get/KeyNotify/Set/Delete

Write

string

Set/Delete in Store

StateStoreResourceKeyTypes

StateStoreResourceKeyTypes properties

Name Type Description
Binary

string

Key type - binary

Pattern

string

Key type - pattern

String

string

Key type - string

StateStoreResourceRule

State Store Resource Rule properties.

Name Type Description
keyType

StateStoreResourceKeyTypes

Allowed keyTypes pattern, string, binary. The key type used for matching, for example pattern tries to match the key to a glob-style pattern and string checks key is equal to value provided in keys.

keys

string[]

Give access to state store keys for the corresponding principals defined. When key type is pattern set glob-style pattern (e.g., '', 'clients/').

method

StateStoreResourceDefinitionMethods

Give access for Read, Write and ReadWrite access level.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.