az iot ops broker authn method
Note
This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.62.0 or higher). The extension will automatically install the first time you run an az iot ops broker authn method command. Learn more about extensions.
Mqtt broker authn method operations.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az iot ops broker authn method add |
Add authentication methods to an mqtt broker authentication resource. |
Extension | GA |
az iot ops broker authn method add
Add authentication methods to an mqtt broker authentication resource.
This is an add method(s) operation. If the target authentication resource does not exist the command will create it.
az iot ops broker authn method add --authn
--instance
--resource-group
[--broker]
[--custom-ca-ref]
[--custom-ep]
[--custom-header]
[--custom-x509-secret-ref]
[--sat-aud]
[--show-config {false, true}]
[--x509-attr]
[--x509-client-ca-ref]Examples
Configure a SAT authn method and add it to the existing default authn resource.
az iot ops broker authn method add --authn default --in myinstance -g myresourcegroup --sat-aud my-audience1 my-audience2Configure an x509 authn method and add it to a newly created authn resource.
az iot ops broker authn method add --authn myauthn --in myinstance -g myresourcegroup --x509-client-ca-ref client-ca --x509-attr root.subject='CN = Contoso Root CA Cert, OU = Engineering, C = US' root.attributes.organization=contoso --x509-attr intermediate.subject='CN = Contoso Intermediate CA' intermediate.attributes.city=seattle intermediate.attributes.foo=bar --x509-attr smartfan.subject='CN = smart-fan' smartfan.attributes.building=17Configure a custom authentication service authn method and add it to a newly created authn resource.
az iot ops broker authn method add --authn myauthn --in myinstance -g myresourcegroup --custom-ep https://myauthserver --custom-ca-ref myconfigmap --custom-x509-secret-ref mysecret --custom-header a=b c=dConfigure and add two separate authn methods to an existing authn resource.
az iot ops broker authn method add --authn myexistingauthn --in myinstance -g myresourcegroup --sat-aud my-audience1 my-audience2 --x509-client-ca-ref client-caRequired Parameters
Mqtt broker authentication resource name.
IoT Operations instance name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Mqtt broker name.
Name of the configmap containing the CA certificate for validating the custom authentication server's certificate.
Endpoint to use for the custom auth service. Format is https://.*.
Http headers to pass to the custom authentication server. Format is space-separated key=value pairs. Can be used one or more times.
Reference to Kubernetes secret containing a client certificate.
Space-separated list of allowed audiences.
Show the generated resource config instead of invoking the API with it.
Specify attributes in the authentication resource for authorizing clients based on their certificate properties. You can apply authorization rules to clients by using x509 certificates with these attributes. Format is space-separated key=value pairs where the key uses object dot notation such as 'a.b.c=value'. Can be used one or more times.
Name of the configmap containing the trusted client ca cert resource. Default value is 'client-ca'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
