Merge pull request #290361 from PatAltimore/patricka-scrub-authorization-release-aio-ga

Add MQTT authorization feedback

Author: prmerger-automator[bot]

articles/iot-operations/connect-to-cloud/concept-dataflow-enrich.md

@@ -32,7 +32,7 @@ For example, consider the following dataset with a few records, represented as J
 }
 ```
 
-The mapper accesses the reference dataset stored in the Azure IoT Operations [distributed state store (DSS)](../create-edge-apps/concept-about-state-store-protocol.md) by using a key value based on a *condition* specified in the mapping configuration. Key names in the DSS correspond to a dataset in the dataflow configuration.
+The mapper accesses the reference dataset stored in the Azure IoT Operations [state store](../create-edge-apps/concept-about-state-store-protocol.md) by using a key value based on a *condition* specified in the mapping configuration. Key names in the state store correspond to a dataset in the dataflow configuration.
 
 # [Bicep](#tab/bicep)
 
@@ -64,7 +64,7 @@ datasets:
 
 When a new record is being processed, the mapper performs the following steps:
 
-* **Data request:** The mapper sends a request to the DSS to retrieve the dataset stored under the key `Position`.
+* **Data request:** The mapper sends a request to the state store to retrieve the dataset stored under the key `Position`.
 * **Record matching:** The mapper then queries this dataset to find the first record where the `Position` field in the dataset matches the `Position` field of the incoming record.
 
 # [Bicep](#tab/bicep)
@@ -102,7 +102,7 @@ When a new record is being processed, the mapper performs the following steps:
 
 ---
 
-In this example, the `WorkingHours` field is added to the output record, while the `BaseSalary` is used conditionally only when the incoming record doesn't contain the `BaseSalary` field (or the value is `null` if it's a nullable field). The request for the contextualization data doesn't happen with every incoming record. The mapper requests the dataset and then it receives notifications from DSS about the changes, while it uses a cached version of the dataset.
+In this example, the `WorkingHours` field is added to the output record, while the `BaseSalary` is used conditionally only when the incoming record doesn't contain the `BaseSalary` field (or the value is `null` if it's a nullable field). The request for the contextualization data doesn't happen with every incoming record. The mapper requests the dataset and then it receives notifications from the state store about the changes, while it uses a cached version of the dataset.
 
 It's possible to use multiple datasets:
 
@@ -169,7 +169,7 @@ inputs: [
 
 ---
 
-The input references use the key of the dataset like `position` or `permission`. If the key in DSS is inconvenient to use, you can define an alias:
+The input references use the key of the dataset like `position` or `permission`. If the key in state store is inconvenient to use, you can define an alias:
 
 # [Bicep](#tab/bicep)
 

articles/iot-operations/connect-to-cloud/howto-create-dataflow.md

@@ -6,7 +6,7 @@ ms.author: patricka
 ms.service: azure-iot-operations
 ms.subservice: azure-data-flows
 ms.topic: how-to
-ms.date: 11/06/2024
+ms.date: 11/11/2024
 ai-usage: ai-assisted
 
 #CustomerIntent: As an operator, I want to understand how to create a dataflow to connect data sources.
@@ -509,9 +509,9 @@ builtInTransformationSettings:
 
 ### Enrich: Add reference data
 
-To enrich the data, you can use the reference dataset in the Azure IoT Operations [distributed state store (DSS)](../create-edge-apps/concept-about-state-store-protocol.md). The dataset is used to add extra data to the source data based on a condition. The condition is specified as a field in the source data that matches a field in the dataset.
+To enrich the data, you can use the reference dataset in the Azure IoT Operations [state store](../create-edge-apps/concept-about-state-store-protocol.md). The dataset is used to add extra data to the source data based on a condition. The condition is specified as a field in the source data that matches a field in the dataset.
 
-You can load sample data into the DSS by using the [DSS set tool sample](https://github.com/Azure-Samples/explore-iot-operations/tree/main/samples/dss_set). Key names in the distributed state store correspond to a dataset in the dataflow configuration.
+You can load sample data into the state store by using the [DSS set tool sample](https://github.com/Azure-Samples/explore-iot-operations/tree/main/samples/dss_set). Key names in the state store correspond to a dataset in the dataflow configuration.
 
 # [Portal](#tab/portal)
 

articles/iot-operations/manage-mqtt-broker/howto-configure-authorization.md

@@ -7,7 +7,7 @@ ms.subservice: azure-mqtt-broker
 ms.topic: how-to
 ms.custom:
   - ignite-2023
-ms.date: 11/08/2024
+ms.date: 11/11/2024
 
 #CustomerIntent: As an operator, I want to configure authorization so that I have secure MQTT broker communications.
 ms.service: azure-iot-operations
@@ -21,7 +21,7 @@ Authorization policies determine what actions the clients can perform on the bro
 
 ## Link BrokerAuthorization to BrokerListener
 
-To link a *BrokerListener* to a *BrokerAuthorization* resource, specify the `authenticationRef` field in the `ports` setting of the *BrokerListener* resource. Similar to BrokerAuthentication, the *BrokerAuthorization* resource can be linked to multiple *BrokerListener* ports. The authorization policies apply to all linked listener ports. However, there's one key difference compared with BrokerAuthentication:
+To link a *BrokerListener* to a *BrokerAuthorization* resource, specify the `authorizationRef` field in the `ports` setting of the *BrokerListener* resource. Similar to BrokerAuthentication, the *BrokerAuthorization* resource can be linked to multiple *BrokerListener* ports. The authorization policies apply to all linked listener ports. However, there's one key difference compared with BrokerAuthentication:
 
 > [!IMPORTANT]
 > To have the *BrokerAuthorization* configuration apply to a listener port, at least one BrokerAuthentication must also be linked to that listener port.
@@ -176,34 +176,34 @@ In the broker authorization rules for your authorization policy, use the followi
 
 ```json
 [
-    {
-        "brokerResources": [
-            {
-                "clientIds": [
-                    "{principal.attributes.building}*"
-                ],
-                "method": "Connect",
-                "topics": []
-            },
-            {
-                "clientIds": [],
-                "method": "Publish",
-                "topics": [
-                    "sensors/{principal.attributes.building}/{principal.clientId}/telemetry"
-                ]
-            }
+  {
+    "brokerResources": [
+      {
+        "clientIds": [
+          "{principal.attributes.building}*"
         ],
-        "principals": {
-            "attributes": [
-                {
-                    "building": "building22"
-                },
-                {
-                    "building": "building23"
-                }
-            ]
+        "method": "Connect",
+        "topics": []
+      },
+      {
+        "clientIds": [],
+        "method": "Publish",
+        "topics": [
+          "sensors/{principal.attributes.building}/{principal.clientId}/telemetry"
+        ]
+      }
+    ],
+    "principals": {
+      "attributes": [
+        {
+          "building": "building22"
+        },
+        {
+          "building": "building23"
         }
+      ]
     }
+  }
 ]
 ```
 
@@ -339,36 +339,36 @@ In the Broker authorization rules for your authorization policy, use the followi
 
 ```json
 [
-    {
-        "brokerResources": [
-            {
-                "clientIds": [],
-                "method": "Connect",
-                "topics": []
-            },
-            {
-                "clientIds": [],
-                "method": "Publish",
-                "topics": [
-                    "odd-numbered-orders"
-                ]
-            },
-            {
-                "clientIds": [],
-                "method": "Subscribe",
-                "topics": [ 
-                    "orders" 
-                ]
-            }
-        ],
-        "principals": {
-            "attributes": [
-                {
-                    "group": "authz-sat"
-                }
-            ]
+  {
+    "brokerResources": [
+      {
+        "clientIds": [],
+        "method": "Connect",
+        "topics": []
+      },
+      {
+        "clientIds": [],
+        "method": "Publish",
+        "topics": [
+          "odd-numbered-orders"
+        ]
+      },
+      {
+        "clientIds": [],
+        "method": "Subscribe",
+        "topics": [
+          "orders"
+        ]
+      }
+    ],
+    "principals": {
+      "attributes": [
+        {
+          "group": "authz-sat"
         }
+      ]
     }
+  }
 ]
 ```
 
@@ -453,7 +453,7 @@ metadata:
   namespace: azure-iot-operations
 spec:
   authorizationPolicies:
-    enableCache: false
+    cache: Enabled
     rules:
       - principals:
           attributes:
@@ -472,11 +472,11 @@ spec:
 
 To learn more with an example, see [Set up Authorization Policy with Dapr Client](../create-edge-apps/howto-develop-dapr-apps.md).
 
-## Distributed state store
+## State store
 
-MQTT broker provides a distributed state store (DSS) that clients can use to store state. The DSS can also be configured to be highly available.
+MQTT broker provides a [state store](../create-edge-apps/concept-about-state-store-protocol.md) that clients can use to store state. The state store can also be configured to be highly available.
 
-To set up authorization for clients that use the DSS, provide the following permissions:
+To set up authorization for clients that use the state store, provide the following permissions:
 
 - Permission to publish to the system key value store `$services/statestore/_any_/command/invoke/request` topic
 - Permission to subscribe to the response-topic (set during initial publish as a parameter) `<response_topic>/#`