Merge pull request #100697 from banisadr/grid-edge-updates

Grid Edge updates for Preview2

Author: megvanhuygen

articles/event-grid/blob-event-quickstart-portal.md

@@ -36,6 +36,9 @@ When you're finished, you see that the event data has been sent to the web app.
 
    ![Start steps](./media/blob-event-quickstart-portal/provide-blob-values.png)
 
+>[!NOTE]
+> Only storage accounts of kind **StorageV2 (general purpose v2)** and **BlobStorage** support event integration. **Storage (genral purpose v1)** does *not* support integration with Event Grid.
+
 ## Create a message endpoint
 
 Before subscribing to the events for the Blob storage, let's create the endpoint for the event message. Typically, the endpoint takes actions based on the event data. To simplify this quickstart, you deploy a [pre-built web app](https://github.com/Azure-Samples/azure-event-grid-viewer) that displays the event messages. The deployed solution includes an App Service plan, an App Service web app, and source code from GitHub.

articles/event-grid/cloudevents-schema.md

@@ -69,7 +69,6 @@ You can use Event Grid for both input and output of events in CloudEvents schema
 |--------------------|---------------------
 | CloudEvents format | CloudEvents format
 | Event Grid format  | CloudEvents format
-| CloudEvents format | Event Grid format
 | Event Grid format  | Event Grid format
 
 For all event schemas, Event Grid requires validation when publishing to an event grid topic and when creating an event subscription. For more information, see [Event Grid security and authentication](security-authentication.md).
@@ -106,8 +105,6 @@ New-AzureRmEventGridTopic `
   -InputSchema CloudEventSchemaV1_0
 ```
 
-The current version of CloudEvents doesn't support batching of events. To publish events with CloudEvent schema to a topic, publish each event individually.
-
 ### Output schema
 
 You set the output schema when you create the event subscription.

articles/event-grid/edge/api.md

@@ -179,6 +179,7 @@ Samples in this section use `EndpointType=Webhook;`. The json samples for `Endpo
             "eventExpiryInMinutes": 120,
             "maxDeliveryAttempts": 50
         },
+        "persistencePolicy": "true",
         "destination":
         {
             "endpointType": "WebHook",
@@ -682,3 +683,93 @@ SasKey:
 TopicName:
 - If the Subscription.EventDeliverySchema is set to EventGridSchema, the value from this field is put into every event's Topic field before being forwarded to Event Grid in the cloud.
 - If the Subscription.EventDeliverySchema is set to CustomEventSchema, this property is ignored and the custom event payload is forwarded exactly as it was received.
+
+## Set up Event Hubs as a destination
+
+To publish to an Event Hub, set the `endpointType` to `eventHub` and provide:
+
+* connectionString: Connection string for the specific Event Hub you're targeting generated via a Shared Access Policy.
+
+    >[!NOTE]
+    > The connection string must be entity specific. Using a namespace connection string will not work. You can generate an entity specific connection string by navigating to the specific Event Hub you would like to publish to in the Azure Portal and clicking **Shared access policies** to generate a new entity specific connecection string.
+
+    ```json
+        {
+          "properties": {
+            "destination": {
+              "endpointType": "eventHub",
+              "properties": {
+                "connectionString": "<your-event-hub-connection-string>"
+              }
+            }
+          }
+        }
+    ```
+
+## Set up Service Bus Queues as a destination
+
+To publish to a Service Bus Queue, set the `endpointType` to `serviceBusQueue` and provide:
+
+* connectionString: Connection string for the specific Service Bus Queue you're targeting generated via a Shared Access Policy.
+
+    >[!NOTE]
+    > The connection string must be entity specific. Using a namespace connection string will not work. Generate an entity specific connection string by navigating to the specific Service Bus Queue you would like to publish to in the Azure Portal and clicking **Shared access policies** to generate a new entity specific connecection string.
+
+    ```json
+        {
+          "properties": {
+            "destination": {
+              "endpointType": "serviceBusQueue",
+              "properties": {
+                "connectionString": "<your-service-bus-queue-connection-string>"
+              }
+            }
+          }
+        }
+    ```
+
+## Set up Service Bus Topics as a destination
+
+To publish to a Service Bus Topic, set the `endpointType` to `serviceBusTopic` and provide:
+
+* connectionString: Connection string for the specific Service Bus Topic you're targeting generated via a Shared Access Policy.
+
+    >[!NOTE]
+    > The connection string must be entity specific. Using a namespace connection string will not work. Generate an entity specific connection string by navigating to the specific Service Bus Topic you would like to publish to in the Azure Portal and clicking **Shared access policies** to generate a new entity specific connecection string.
+
+    ```json
+        {
+          "properties": {
+            "destination": {
+              "endpointType": "serviceBusTopic",
+              "properties": {
+                "connectionString": "<your-service-bus-topic-connection-string>"
+              }
+            }
+          }
+        }
+    ```
+
+## Set up Storage Queues as a destination
+
+To publish to a Storage Queue, set the  `endpointType` to `storageQueue` and provide:
+
+* queueName: Name of the Storage Queue you're publishing to.
+* connectionString: Connection string for the Storage Account the Storage Queue is in.
+
+    >[!NOTE]
+    > Unline Event Hubs, Service Bus Queues, and Service Bus Topics, the connection string used for Storage Queues is not entity specific. Instead, it must but the connection string for the Storage Account.
+
+    ```json
+        {
+          "properties": {
+            "destination": {
+              "endpointType": "storageQueue",
+              "properties": {
+                "queueName": "<your-storage-queue-name>",
+                "connectionString": "<your-storage-account-connection-string>"
+              }
+            }
+          }
+        }
+    ```

articles/event-grid/edge/configure-api-protocol.md

@@ -27,8 +27,8 @@ See [Security and authentication](security-authentication.md) guide for all the
 ```json
  {
   "Env": [
-    "inbound:serverAuth:tlsPolicy=strict",
-    "inbound:serverAuth:serverCert:source=IoTEdge"
+    "inbound__serverAuth__tlsPolicy=strict",
+    "inbound__serverAuth__serverCert__source=IoTEdge"
   ]
 }
  ```
@@ -38,8 +38,8 @@ See [Security and authentication](security-authentication.md) guide for all the
 ```json
  {
   "Env": [
-    "inbound:serverAuth:tlsPolicy=strict",
-    "inbound:serverAuth:serverCert:source=IoTEdge"
+    "inbound__serverAuth__tlsPolicy=strict",
+    "inbound__serverAuth__serverCert__source=IoTEdge"
   ],
   "HostConfig": {
     "PortBindings": {
@@ -61,8 +61,8 @@ See [Security and authentication](security-authentication.md) guide for all the
 ```json
  {
   "Env": [
-    "inbound:serverAuth:tlsPolicy=enabled",
-    "inbound:serverAuth:serverCert:source=IoTEdge"
+    "inbound__serverAuth__tlsPolicy=enabled",
+    "inbound__serverAuth__serverCert__source=IoTEdge"
   ]
 }
  ```
@@ -72,8 +72,8 @@ See [Security and authentication](security-authentication.md) guide for all the
 ```json
  {
   "Env": [
-    "inbound:serverAuth:tlsPolicy=enabled",
-    "inbound:serverAuth:serverCert:source=IoTEdge"
+    "inbound__serverAuth__tlsPolicy=enabled",
+    "inbound__serverAuth__serverCert__source=IoTEdge"
   ],
   "HostConfig": {
     "PortBindings": {

articles/event-grid/edge/configure-client-auth.md

@@ -13,7 +13,7 @@ services: event-grid
 
 # Configure client authentication of incoming calls
 
-This guide gives examples of the possible client authentication configurations for the Event Grid module. The Event Grid module supports two types of client authentication:-
+This guide gives examples of the possible client authentication configurations for the Event Grid module. The Event Grid module supports two types of client authentication:
 
 * Shared access signature (SAS) key-based
 * Certificate-based
@@ -25,10 +25,10 @@ See [Security and authentication](security-authentication.md) guide for all the
 ```json
  {
   "Env": [
-    "inbound:clientAuth:sasKeys:enabled=false",
-    "inbound:clientAuth:clientCert:enabled=true",
-    "inbound:clientAuth:clientCert:source=IoTEdge",
-    "inbound:clientAuth:clientCert:allowUnknownCA=false"
+    "inbound__clientAuth__sasKeys__enabled=false",
+    "inbound__clientAuth__clientCert__enabled=true",
+    "inbound__clientAuth__clientCert__source=IoTEdge",
+    "inbound__clientAuth__clientCert__allowUnknownCA=false"
   ]
 }
  ```
@@ -38,28 +38,28 @@ See [Security and authentication](security-authentication.md) guide for all the
 ```json
  {
   "Env": [
-    "inbound:clientAuth:sasKeys:enabled=false",
-    "inbound:clientAuth:clientCert:enabled=true",
-    "inbound:clientAuth:clientCert:source=IoTEdge",
-    "inbound:clientAuth:clientCert:allowUnknownCA=true"
+    "inbound__clientAuth__sasKeys__enabled=false",
+    "inbound__clientAuth__clientCert__enabled=true",
+    "inbound__clientAuth__clientCert__source=IoTEdge",
+    "inbound__clientAuth__clientCert__allowUnknownCA=true"
   ]
 }
 ```
 
 >[!NOTE]
->Set the property **inbound:clientAuth:clientCert:allowUnknownCA** to **true** only in test environments as you might typically use self-signed certificates. For production workloads, we recommend that you set this property to **false** and certificates from a certificate authority (CA).
+>Set the property **inbound__clientAuth__clientCert__allowUnknownCA** to **true** only in test environments as you might typically use self-signed certificates. For production workloads, we recommend that you set this property to **false** and certificates from a certificate authority (CA).
 
 ## Enable certificate-based and sas-key based client authentication
 
 ```json
  {
   "Env": [
-    "inbound:clientAuth:sasKeys:enabled=true",
-    "inbound:clientAuth:sasKeys:key1=<some-secret1-here>",
-    "inbound:clientAuth:sasKeys:key2=<some-secret2-here>",
-    "inbound:clientAuth:clientCert:enabled=true",
-    "inbound:clientAuth:clientCert:source=IoTEdge",
-    "inbound:clientAuth:clientCert:allowUnknownCA=true"
+    "inbound__clientAuth__sasKeys__enabled=true",
+    "inbound__clientAuth__sasKeys__key1=<some-secret1-here>",
+    "inbound__clientAuth__sasKeys__key2=<some-secret2-here>",
+    "inbound__clientAuth__clientCert__enabled=true",
+    "inbound__clientAuth__clientCert__source=IoTEdge",
+    "inbound__clientAuth__clientCert__allowUnknownCA=true"
   ]
 }
  ```

articles/event-grid/edge/configure-event-grid.md

@@ -21,56 +21,64 @@ To learn about client authentication in general, see [Security and Authenticatio
 
 | Property Name | Description |
 | ---------------- | ------------ |
-|`inbound:serverAuth:tlsPolicy`| TLS Policy of the Event Grid module. Default value is HTTPS only.
-|`inbound:serverAuth:serverCert:source`| Source of server certificate used by the Event Grid Module for its TLS configuration. Default value is IoT Edge.
+|`inbound__serverAuth__tlsPolicy`| TLS Policy of the Event Grid module. Default value is HTTPS only.
+|`inbound__serverAuth__serverCert__source`| Source of server certificate used by the Event Grid Module for its TLS configuration. Default value is IoT Edge.
 
 ## Incoming client authentication
 
 To learn about client authentication in general, see [Security and Authentication](security-authentication.md). Examples can be found in [this article](configure-client-auth.md).
 
 | Property Name | Description |
 | ---------------- | ------------ |
-|`inbound:clientAuth:clientCert:enabled`| To turn on/off certificate-based client authentication. Default value is true.
-|`inbound:clientAuth:clientCert:source`| Source for validating client certificates. Default value is IoT Edge.
-|`inbound:clientAuth:clientCert:allowUnknownCA`| Policy to allow a self-signed client certificate. Default value is true.
-|`inbound:clientAuth:sasKeys:enabled`| To turn on/off SAS key based client authentication. Default value is off.
-|`inbound:clientAuth:sasKeys:key1`| One of the values to validate incoming requests.
-|`inbound:clientAuth:sasKeys:key2`| Optional second value to validate incoming requests.
+|`inbound__clientAuth__clientCert__enabled`| To turn on/off certificate-based client authentication. Default value is true.
+|`inbound__clientAuth__clientCert__source`| Source for validating client certificates. Default value is IoT Edge.
+|`inbound__clientAuth__clientCert__allowUnknownCA`| Policy to allow a self-signed client certificate. Default value is true.
+|`inbound__clientAuth__sasKeys__enabled`| To turn on/off SAS key based client authentication. Default value is off.
+|`inbound__clientAuth__sasKeys__key1`| One of the values to validate incoming requests.
+|`inbound__clientAuth__sasKeys__key2`| Optional second value to validate incoming requests.
 
 ## Outgoing client authentication
 To learn about client authentication in general, see [Security and Authentication](security-authentication.md). Examples can be found in [this article](configure-identity-auth.md).
 
 | Property Name | Description |
 | ---------------- | ------------ |
-|`outbound:clientAuth:clientCert:enabled`| To turn on/off attaching an identity certificate for outgoing requests. Default value is true.
-|`outbound:clientAuth:clientCert:source`| Source for retrieving Event Grid module's outgoing certificate. Default value is IoT Edge.
+|`outbound__clientAuth__clientCert__enabled`| To turn on/off attaching an identity certificate for outgoing requests. Default value is true.
+|`outbound__clientAuth__clientCert__source`| Source for retrieving Event Grid module's outgoing certificate. Default value is IoT Edge.
 
 ## Webhook event handlers
 
 To learn about client authentication in general, see [Security and Authentication](security-authentication.md). Examples can be found in [this article](configure-webhook-subscriber-auth.md).
 
 | Property Name | Description |
 | ---------------- | ------------ |
-|`outbound:webhook:httpsOnly`| Policy to control whether only HTTPS subscribers will be allowed. Default value is true (only HTTPS).
-|`outbound:webhook:skipServerCertValidation`| Flag to control whether to validate the subscriber's certificate. Default value is true.
-|`outbound:webhook:allowUnknownCA`| Policy to control whether a self-signed certificate can be presented by a subscriber. Default value is true. 
+|`outbound__webhook__httpsOnly`| Policy to control whether only HTTPS subscribers will be allowed. Default value is true (only HTTPS).
+|`outbound__webhook__skipServerCertValidation`| Flag to control whether to validate the subscriber's certificate. Default value is true.
+|`outbound__webhook__allowUnknownCA`| Policy to control whether a self-signed certificate can be presented by a subscriber. Default value is true. 
 
 ## Delivery and retry
 
 To learn about this feature in general, see [Delivery and Retry](delivery-retry.md).
 
 | Property Name | Description |
 | ---------------- | ------------ |
-| `broker:defaultMaxDeliveryAttempts` | Maximum number of attempts to deliver an event. Default value is 30.
-| `broker:defaultEventTimeToLiveInSeconds` | Time-to-live (TTL) in seconds after which an event will be dropped if not delivered. Default value is  **7200** seconds
+| `broker__defaultMaxDeliveryAttempts` | Maximum number of attempts to deliver an event. Default value is 30.
+| `broker__defaultEventTimeToLiveInSeconds` | Time-to-live (TTL) in seconds after which an event will be dropped if not delivered. Default value is  **7200** seconds
 
 ## Output batching
 
 To learn about this feature in general, see [Delivery and Output batching](delivery-output-batching.md).
 
 | Property Name | Description |
 | ---------------- | ------------ |
-| `api:deliveryPolicyLimits:maxBatchSizeInBytes` | Maximum value allowed for the `ApproxBatchSizeInBytes` knob. Default value is `1_058_576`.
-| `api:deliveryPolicyLimits:maxEventsPerBatch` | Maximum value allowed for the `MaxEventsPerBatch` knob. Default value is `50`.
-| `broker:defaultMaxBatchSizeInBytes` | Maximum delivery request size when only `MaxEventsPerBatch` is specified. Default value is `1_058_576`.
-| `broker:defaultMaxEventsPerBatch` | Maximum number of events to add to a batch when only `MaxBatchSizeInBytes` is specified. Default value is `10`.
+| `api__deliveryPolicyLimits__maxBatchSizeInBytes` | Maximum value allowed for the `ApproxBatchSizeInBytes` knob. Default value is `1_058_576`.
+| `api__deliveryPolicyLimits__maxEventsPerBatch` | Maximum value allowed for the `MaxEventsPerBatch` knob. Default value is `50`.
+| `broker__defaultMaxBatchSizeInBytes` | Maximum delivery request size when only `MaxEventsPerBatch` is specified. Default value is `1_058_576`.
+| `broker__defaultMaxEventsPerBatch` | Maximum number of events to add to a batch when only `MaxBatchSizeInBytes` is specified. Default value is `10`.
+
+## Metrics
+
+To learn about using metrics with Event Grid on IoT Edge, see [monitor topics and subscriptions](monitor-topics-subscriptions.md)
+
+| Property Name | Description |
+| ---------------- | ------------ |
+| `metrics__reporterType` | Reporter type for metrics enpoint. Default is `none` and disables metrics. Setting to `prometheus` enables metrics in the Prometheus exposition format.

articles/event-grid/edge/configure-identity-auth.md

@@ -13,7 +13,7 @@ services: event-grid
 
 # Configure identity for the Event Grid module
 
-This article gives you examples of the possible identity configurations for an Event Grid module. By default, the Event Grid module will present its identity certificate as configured by the IoT security daemon. An identity certificate is presented by the Event Grid module on its outgoing calls that is, when it delivers events. A subscriber to an Event Grid event can then choose to validate that it's indeed the Event Grid module that sent the event before accepting the event.
+This article gives shows how to configure identity for Grid on Edge. By default, the Event Grid module presents its identity certificate as configured by the IoT security daemon. Event Grid on Edge presents its identity certificate with its outgoing calls when it delivers events. A subscriber  can then validate it's the Event Grid module that sent the event before accepting.
 
 See [Security and authentication](security-authentication.md) guide for all the possible configurations.
 
@@ -23,8 +23,8 @@ Here's an example configuration for always presenting an identity certificate on
 ```json
  {
   "Env": [
-    "outbound:clientAuth:clientCert:enabled=true",
-    "outbound:clientAuth:clientCert:source=IoTEdge"
+    "outbound__clientAuth__clientCert__enabled=true",
+    "outbound__clientAuth__clientCert__source=IoTEdge"
   ]
 }
  ```
@@ -35,7 +35,7 @@ Here's an example configuration for not presenting an identity certificate on ou
 ```json
  {
   "Env": [
-    "outbound:clientAuth:clientCert:enabled=false"
+    "outbound__clientAuth__clientCert__enabled=false"
   ]
 }
  ```