Broker Authorization - Get
Get a BrokerAuthorizationResource
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTOperations/instances/{instanceName}/brokers/{brokerName}/authorizations/{authorizationName}?api-version=2024-11-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
authorization
|
path | True |
string |
Name of Instance broker authorization resource Regex pattern: |
broker
|
path | True |
string |
Name of broker. Regex pattern: |
instance
|
path | True |
string |
Name of instance. Regex pattern: |
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
subscription
|
path | True |
string uuid |
The ID of the target subscription. The value must be an UUID. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Azure operation completed successfully. |
|
Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
BrokerAuthorization_Get
Sample request
Sample response
{
"properties": {
"authorizationPolicies": {
"cache": "Enabled",
"rules": [
{
"brokerResources": [
{
"method": "Connect",
"clientIds": [
"nlc"
],
"topics": [
"wvuca"
]
}
],
"principals": {
"attributes": [
{
"key5526": "nydhzdhbldygqcn"
}
],
"clientIds": [
"smopeaeddsygz"
],
"usernames": [
"iozngyqndrteikszkbasinzdjtm"
]
},
"stateStoreResources": [
{
"keyType": "Pattern",
"keys": [
"tkounsqtwvzyaklxjqoerpu"
],
"method": "Read"
}
]
}
]
},
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "qmbrfwcpwwhggszhrdjv",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/authorizations/resource-name123",
"name": "anqrqsvrjmlvzkrbuav",
"type": "yjlsfarshqoxojvgmy",
"systemData": {
"createdBy": "ssvaslsmudloholronopqyxjcu",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "gnicpuszwd",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}
Definitions
Name | Description |
---|---|
Authorization |
Broker AuthorizationConfig properties |
Authorization |
AuthorizationConfig Rule Properties |
Broker |
BrokerAuthorization Resource properties |
Broker |
Instance broker authorizations resource |
Broker |
BrokerResourceDefinitionMethods methods allowed |
Broker |
Broker Resource Rule properties. This defines the objects that represent the actions or topics, such as - method.Connect, method.Publish, etc. |
created |
The type of identity that created the resource. |
Error |
The resource management error additional info. |
Error |
The error detail. |
Error |
Error response |
Extended |
Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances. |
Extended |
The enum defining type of ExtendedLocation accepted. |
Operational |
Mode properties |
Principal |
PrincipalDefinition properties of Rule |
Provisioning |
The enum defining status of resource. |
State |
StateStoreResourceDefinitionMethods methods allowed |
State |
StateStoreResourceKeyTypes properties |
State |
State Store Resource Rule properties. |
system |
Metadata pertaining to creation and last modification of the resource. |
AuthorizationConfig
Broker AuthorizationConfig properties
Name | Type | Default value | Description |
---|---|---|---|
cache | Enabled |
Enable caching of the authorization rules. |
|
rules |
The authorization rules to follow. If no rule is set, but Authorization Resource is used that would mean DenyAll. |
AuthorizationRule
AuthorizationConfig Rule Properties
Name | Type | Description |
---|---|---|
brokerResources |
Give access to Broker methods and topics. |
|
principals |
Give access to clients based on the following properties. |
|
stateStoreResources |
Give access to state store resources. |
BrokerAuthorizationProperties
BrokerAuthorization Resource properties
Name | Type | Description |
---|---|---|
authorizationPolicies |
The list of authorization policies supported by the Authorization Resource. |
|
provisioningState |
The status of the last operation. |
BrokerAuthorizationResource
Instance broker authorizations resource
Name | Type | Description |
---|---|---|
extendedLocation |
Edge location of the resource. |
|
id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name |
string |
The name of the resource |
properties |
The resource-specific properties for this resource. |
|
systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
BrokerResourceDefinitionMethods
BrokerResourceDefinitionMethods methods allowed
Name | Type | Description |
---|---|---|
Connect |
string |
Allowed Connecting to Broker |
Publish |
string |
Allowed Publishing to Broker |
Subscribe |
string |
Allowed Subscribing to Broker |
BrokerResourceRule
Broker Resource Rule properties. This defines the objects that represent the actions or topics, such as - method.Connect, method.Publish, etc.
Name | Type | Default value | Description |
---|---|---|---|
clientIds |
string[] |
[] |
A list of client IDs that match the clients. The client IDs are case-sensitive and must match the client IDs provided by the clients during connection. This subfield may be set if the method is Connect. |
method |
Give access for a Broker method (i.e., Connect, Subscribe, or Publish). |
||
topics |
string[] |
[] |
A list of topics or topic patterns that match the topics that the clients can publish or subscribe to. This subfield is required if the method is Publish or Subscribe. |
createdByType
The type of identity that created the resource.
Name | Type | Description |
---|---|---|
Application |
string |
|
Key |
string |
|
ManagedIdentity |
string |
|
User |
string |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
ErrorDetail
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
ErrorResponse
Error response
Name | Type | Description |
---|---|---|
error |
The error object. |
ExtendedLocation
Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances.
Name | Type | Description |
---|---|---|
name |
string |
The name of the extended location. |
type |
Type of ExtendedLocation. |
ExtendedLocationType
The enum defining type of ExtendedLocation accepted.
Name | Type | Description |
---|---|---|
CustomLocation |
string |
CustomLocation type |
OperationalMode
Mode properties
Name | Type | Description |
---|---|---|
Disabled |
string |
Disabled is equivalent to False. |
Enabled |
string |
Enabled is equivalent to True |
PrincipalDefinition
PrincipalDefinition properties of Rule
Name | Type | Default value | Description |
---|---|---|---|
attributes |
object[] |
[] |
A list of key-value pairs that match the attributes of the clients. The attributes are case-sensitive and must match the attributes provided by the clients during authentication. |
clientIds |
string[] |
[] |
A list of client IDs that match the clients. The client IDs are case-sensitive and must match the client IDs provided by the clients during connection. |
usernames |
string[] |
[] |
A list of usernames that match the clients. The usernames are case-sensitive and must match the usernames provided by the clients during authentication. |
ProvisioningState
The enum defining status of resource.
Name | Type | Description |
---|---|---|
Accepted |
string |
Resource has been Accepted. |
Canceled |
string |
Resource creation was canceled. |
Deleting |
string |
Resource is Deleting. |
Failed |
string |
Resource creation failed. |
Provisioning |
string |
Resource is getting provisioned. |
Succeeded |
string |
Resource has been created. |
Updating |
string |
Resource is Updating. |
StateStoreResourceDefinitionMethods
StateStoreResourceDefinitionMethods methods allowed
Name | Type | Description |
---|---|---|
Read |
string |
Get/KeyNotify from Store |
ReadWrite |
string |
Allowed all operations on Store - Get/KeyNotify/Set/Delete |
Write |
string |
Set/Delete in Store |
StateStoreResourceKeyTypes
StateStoreResourceKeyTypes properties
Name | Type | Description |
---|---|---|
Binary |
string |
Key type - binary |
Pattern |
string |
Key type - pattern |
String |
string |
Key type - string |
StateStoreResourceRule
State Store Resource Rule properties.
Name | Type | Description |
---|---|---|
keyType |
Allowed keyTypes pattern, string, binary. The key type used for matching, for example pattern tries to match the key to a glob-style pattern and string checks key is equal to value provided in keys. |
|
keys |
string[] |
Give access to state store keys for the corresponding principals defined. When key type is pattern set glob-style pattern (e.g., '', 'clients/'). |
method |
Give access for |
systemData
Metadata pertaining to creation and last modification of the resource.
Name | Type | Description |
---|---|---|
createdAt |
string |
The timestamp of resource creation (UTC). |
createdBy |
string |
The identity that created the resource. |
createdByType |
The type of identity that created the resource. |
|
lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
lastModifiedBy |
string |
The identity that last modified the resource. |
lastModifiedByType |
The type of identity that last modified the resource. |