az iot ops broker authn
Note
This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.62.0 or higher). The extension will automatically install the first time you run an az iot ops broker authn command. Learn more about extensions.
Mqtt broker authentication management.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az iot ops broker authn apply |
Create or replace an mqtt broker authentication resource. |
Extension | GA |
| az iot ops broker authn delete |
Delete an mqtt broker authentication resource. |
Extension | GA |
| az iot ops broker authn list |
List mqtt broker authentication resources associated with a broker. |
Extension | GA |
| az iot ops broker authn method |
Mqtt broker authn method operations. |
Extension | GA |
| az iot ops broker authn method add |
Add authentication methods to an mqtt broker authentication resource. |
Extension | GA |
| az iot ops broker authn show |
Show details of an mqtt broker authentication resource. |
Extension | GA |
az iot ops broker authn apply
Create or replace an mqtt broker authentication resource.
An example of the config file format is as follows:
{
"authenticationMethods": [
{
"method": "Custom",
"customSettings": {
"endpoint": "https://auth-server-template",
"caCertConfigMap": "custom-auth-ca",
"auth": {
"x509": {
"secretRef": "custom-auth-client-cert"
}
},
"headers": {
"header_key": "header_value"
}
}
},
{
"method": "ServiceAccountToken",
"serviceAccountTokenSettings": {
"audiences": [
"aio-internal",
"my-audience"
]
}
},
{
"method": "X509",
"x509Settings": {
"trustedClientCaCert": "client-ca",
"authorizationAttributes": {
"root": {
"attributes": {
"organization": "contoso"
},
"subject": "CN = Contoso Root CA Cert, OU = Engineering, C = US"
},
"intermediate": {
"attributes": {
"city": "seattle",
"foo": "bar"
},
"subject": "CN = Contoso Intermediate CA"
},
"smartfan": {
"attributes": {
"building": "17"
},
"subject": "CN = smart-fan"
}
}
}
}
]
}
When used with apply the above content will create or replace a target authentication resource configured with three authn methods.
az iot ops broker authn apply --config-file
--instance
--name
--resource-group
[--broker]Examples
Create or replace an authentication resource for the default broker using a config file.
az iot ops broker authn apply -n authn --in myinstance -g myresourcegroup --config-file /path/to/authn/config.jsonRequired Parameters
Path to a config file containing resource properties in json format. The config file should contain an object with properties compatible with the ARM representation of the resource. The object correlates directly with 'properties:{}' of the ARM resource.
IoT Operations instance name.
Mqtt broker authentication resource name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Mqtt broker name.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az iot ops broker authn delete
Delete an mqtt broker authentication resource.
az iot ops broker authn delete --instance
--name
--resource-group
[--broker]
[--yes {false, true}]Examples
Delete the broker authentication resource called 'authn' associated with the default broker.
az iot ops broker authn delete -n authn --in myinstance -g myresourcegroupSame as prior example but skipping the confirmation prompt.
az iot ops broker authn delete -n authn --in myinstance -g myresourcegroup -yRequired Parameters
IoT Operations instance name.
Mqtt broker authentication resource name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Mqtt broker name.
Confirm [y]es without a prompt. Useful for CI and automation scenarios.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az iot ops broker authn list
List mqtt broker authentication resources associated with a broker.
az iot ops broker authn list --instance
--resource-group
[--broker]Examples
Enumerate all broker authentication resources associated with the default broker.
az iot ops broker authn list --in myinstance -g myresourcegroupRequired Parameters
IoT Operations instance name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Mqtt broker name.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az iot ops broker authn show
Show details of an mqtt broker authentication resource.
az iot ops broker authn show --instance
--name
--resource-group
[--broker]Examples
Show details of the default authentication resource associated with the default broker.
az iot ops broker authn show -n authn --in myinstance -g myresourcegroupRequired Parameters
IoT Operations instance name.
Mqtt broker authentication resource name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Mqtt broker name.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
