Fix bicep

PatAltimore · PatAltimore · commit df53c2cdeeb3 · 2024-11-01T10:39:33.000-07:00
diff --git a/articles/iot-operations/manage-mqtt-broker/howto-configure-authentication.md b/articles/iot-operations/manage-mqtt-broker/howto-configure-authentication.md
@@ -3,14 +3,14 @@ title: Configure MQTT broker authentication
 description: Configure MQTT broker authentication.
 author: PatAltimore
 ms.author: patricka
+ms.service: azure-iot-operations
 ms.subservice: azure-mqtt-broker
 ms.topic: how-to
 ms.custom:
   - ignite-2023
 ms.date: 10/30/2024
 
 #CustomerIntent: As an operator, I want to configure authentication so that I have secure MQTT broker communications.
-ms.service: azure-iot-operations
 ---
 
 # Configure MQTT broker authentication
diff --git a/articles/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener.md b/articles/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener.md
@@ -56,56 +56,7 @@ To view or edit the listener:
 
 # [Bicep](#tab/bicep)
 
-To edit the default listener, create a Bicep `.bicep` file with the following content. Update the settings as needed, and replace the placeholder values like `<AIO_INSTANCE_NAME>` with your own.
-
-```bicep
-param aioInstanceName string = '<AIO_INSTANCE_NAME>'
-param customLocationName string = '<CUSTOM_LOCATION_NAME>'
-
-resource aioInstance 'Microsoft.IoTOperations/instances/brokers/default@2024-09-15-preview' existing = {
-  name: aioInstanceName
-}
-resource customLocation 'Microsoft.ExtendedLocation/customLocations@2021-08-31-preview' existing = {
-  name: customLocationName
-}
-resource defaultBrokerListener 'Microsoft.IoTOperations/instances/brokers/default/listeners/default@2024-09-15-preview' = {
-  parent: aioInstance
-  name: 'default'
-  extendedLocation: {
-    name: customLocationName
-    type: 'CustomLocation'
-  }
-  properties: {
-    brokerRef: 'default'
-    serviceName: 'aio-broker'
-    serviceType: 'ClusterIp'
-    ports: [
-      {
-        authenticationRef: 'default'
-        port: 18883
-        protocol: 'Mqtt'
-        tls: {
-          certManagerCertificateSpec: {
-            issuerRef: {
-              group: 'cert-manager.io'
-              kind: 'Issuer'
-              name: 'mq-dmqtt-frontend'
-            }
-          }
-          mode: 'Automatic'
-        }
-      }
-    ]
-  }
-}
-
-```
-
-Deploy the Bicep file using Azure CLI.
-
-```azurecli
-az stack group create --name MyDeploymentStack --resource-group <RESOURCE_GROUP> --template-file <FILE>.bicep --dm None --aou deleteResources --yes
-```
+You should not modify the default listener using Bicep. Instead, create a new listener and configure it as needed.
 
 # [Kubernetes](#tab/kubernetes)
 
@@ -186,6 +137,7 @@ This example shows how to create a new *BrokerListener* resource named *loadbala
 ```bicep
 param aioInstanceName string = '<AIO_INSTANCE_NAME>'
 param customLocationName string = '<CUSTOM_LOCATION_NAME>'
+param listenerServiceName string = '<LISTENER_SERVICE_NAME>'
 param listenerName string = '<LISTENER_NAME>'
 
 resource aioInstance 'Microsoft.IoTOperations/instances@2024-09-15-preview' existing = {
@@ -196,17 +148,12 @@ resource customLocation 'Microsoft.ExtendedLocation/customLocations@2021-08-31-p
   name: customLocationName
 }
 
-resource broker 'Microsoft.IoTOperations/instances/brokers@2024-09-15-preview' = {
+resource defaultBroker 'Microsoft.IoTOperations/instances/brokers@2024-09-15-preview' existing = {
   parent: aioInstance
   name: 'default'
 }
 
-resource defaultBroker 'Microsoft.IoTOperations/instances/brokers/default@2024-09-15-preview' = {
-  parent: broker
-  name: 'default'
-}
-
-resource loadBalancerListener 'Microsoft.IoTOperations/instances/brokers/default/listeners@2024-09-15-preview' = {
+resource loadBalancerListener 'Microsoft.IoTOperations/instances/brokers/listeners@2024-09-15-preview' = {
   parent: defaultBroker
   name: listenerName
   extendedLocation: {
@@ -215,9 +162,8 @@ resource loadBalancerListener 'Microsoft.IoTOperations/instances/brokers/default
   }
 
   properties: {
-    brokerRef: 'default'
-    serviceName: 'aio-broker-loadbalancer'
-    serviceType: 'ClusterIp'
+    serviceName: listenerServiceName
+    serviceType: 'LoadBalancer'
     ports: [
       {
         authenticationRef: 'default'
@@ -239,6 +185,12 @@ resource loadBalancerListener 'Microsoft.IoTOperations/instances/brokers/default
 }
 ```
 
+Deploy the Bicep file using Azure CLI.
+
+```azurecli
+az deployment group create --resource-group <RESOURCE_GROUP> --template-file <FILE>.bicep
+```
+
 # [Kubernetes](#tab/kubernetes)
 
 To create these *BrokerListener* resources, apply this YAML manifest to your Kubernetes cluster:
@@ -467,34 +419,41 @@ The following is an example of a BrokerListener resource that enables TLS on por
 ```bicep
 param aioInstanceName string = '<AIO_INSTANCE_NAME>'
 param customLocationName string = '<CUSTOM_LOCATION_NAME>'
+param listenerServiceName string = '<LISTENER_SERVICE_NAME>'
+param listenerName string = '<LISTENER_NAME>'
 
 resource aioInstance 'Microsoft.IoTOperations/instances@2024-09-15-preview' existing = {
   name: aioInstanceName
 }
+
 resource customLocation 'Microsoft.ExtendedLocation/customLocations@2021-08-31-preview' existing = {
   name: customLocationName
 }
-resource BrokerListener 'Microsoft.IoTOperations/instances/dataflowEndpoints@2024-09-15-preview' = {
-  parent: aioInstanceName
-  name: endpointName
+
+resource defaultBroker 'Microsoft.IoTOperations/instances/brokers@2024-09-15-preview' existing = {
+  parent: aioInstance
+  name: 'default'
+}
+
+resource loadBalancerListener 'Microsoft.IoTOperations/instances/brokers/listeners@2024-09-15-preview' = {
+  parent: defaultBroker
+  name: listenerName
   extendedLocation: {
-    name: customLocationName
+    name: customLocation.id
     type: 'CustomLocation'
   }
+
   properties: {
-    brokerRef: 'default'
-    serviceType: 'loadBalancer'
-    serviceName: 'aio-broker-loadbalancer-tls'
+    serviceName: listenerServiceName
+    serviceType: 'LoadBalancer'
     ports: [
       {
+        authenticationRef: 'default'
         port: 8884
         tls: {
-          mode: 'Automatic'
-          certManagerCertificateSpec: {
-            issuerRef: {
-              name: 'my-issuer'
-              kind: 'Issuer'
-            }
+          mode: 'Manual'
+          manual: {
+            secretRef: 'server-cert-secret'
           }
         }
       }
@@ -504,6 +463,12 @@ resource BrokerListener 'Microsoft.IoTOperations/instances/dataflowEndpoints@202
 
 ```
 
+Deploy the Bicep file using Azure CLI.
+
+```azurecli
+az deployment group create --resource-group <RESOURCE_GROUP> --template-file <FILE>.bicep
+```
+
 #### Optional: Configure server certificate parameters
 
 The only required parameters are `issuerRef.name` and `issuerRef.kind`. All properties of the generated TLS server certificates are automatically chosen. However, MQTT broker allows certain properties to be customized by specifying them in the BrokerListener resource, under `tls.automatic.issuerRef`. The following is an example of all supported properties:
@@ -555,6 +520,7 @@ The only required parameters are `issuerRef.name` and `issuerRef.kind`. All prop
           }
         }
       }
+    ]
 
 ```
 
@@ -747,29 +713,36 @@ The following is an example of a BrokerListener resource that enables TLS on por
 ```bicep
 param aioInstanceName string = '<AIO_INSTANCE_NAME>'
 param customLocationName string = '<CUSTOM_LOCATION_NAME>'
+param listenerServiceName string = '<LISTENER_SERVICE_NAME>'
+param listenerName string = '<LISTENER_NAME>'
 
 resource aioInstance 'Microsoft.IoTOperations/instances@2024-09-15-preview' existing = {
   name: aioInstanceName
 }
+
 resource customLocation 'Microsoft.ExtendedLocation/customLocations@2021-08-31-preview' existing = {
   name: customLocationName
 }
-resource BrokerListener 'Microsoft.IoTOperations/instances/dataflowEndpoints@2024-09-15-preview' = {
-  parent: aioInstanceName
-  name: endpointName
+
+resource defaultBroker 'Microsoft.IoTOperations/instances/brokers@2024-09-15-preview' existing = {
+  parent: aioInstance
+  name: 'default'
+}
+
+resource loadBalancerListener 'Microsoft.IoTOperations/instances/brokers/listeners@2024-09-15-preview' = {
+  parent: defaultBroker
+  name: listenerName
   extendedLocation: {
-    name: customLocationName
+    name: customLocation.id
     type: 'CustomLocation'
   }
+
   properties: {
-    brokerRef: 'default'
-    // Optional, defaults to clusterIP
-    serviceType: 'loadBalancer'
-    // Match the SAN in the server certificate
-    serviceName: 'aio-broker-loadbalancer-tls'
+    serviceName: listenerServiceName
+    serviceType: 'LoadBalancer'
     ports: [
       {
-        // Avoid port conflict with default listener at 18883
+        authenticationRef: 'default'
         port: 8885
         tls: {
           mode: 'Manual'
@@ -784,6 +757,12 @@ resource BrokerListener 'Microsoft.IoTOperations/instances/dataflowEndpoints@202
 
 ```
 
+Deploy the Bicep file using Azure CLI.
+
+```azurecli
+az deployment group create --resource-group <RESOURCE_GROUP> --template-file <FILE>.bicep
+```
+
 # [Kubernetes](#tab/kubernetes)
 
 Modify the `tls` setting in a *BrokerListener* resource to specify manual TLS configuration referencing the Kubernetes secret. Note the name of the secret used for the TLS server certificate (`server-cert-secret` in the example previously).
diff --git a/articles/iot-operations/toc.yml b/articles/iot-operations/toc.yml
@@ -59,7 +59,7 @@ items:
         href: manage-mqtt-broker/overview-iot-mq.md
       - name: Configure core MQTT broker settings
         href: manage-mqtt-broker/howto-configure-availability-scale.md
-      - name: Secure MQTT communication endpoints
+      - name: Configure MQTT broker listener
         href: manage-mqtt-broker/howto-configure-brokerlistener.md
       - name: Configure authentication
         href: manage-mqtt-broker/howto-configure-authentication.md
