enhance topic space and permission binding for maestro server.

Signed-off-by: morvencao <[email protected]>
Azure · Jun 5, 2024 · 617cd28 · 617cd28
1 parent 003a6c8
commit 617cd28
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 13 deletions.
diff --git a/dev-infrastructure/docs/development-setup.md b/dev-infrastructure/docs/development-setup.md
@@ -130,7 +130,7 @@ To setup broker access for a maestro consumer on a mgmt-cluster, set the `deploy
 
 ```sh
 cd dev-infrastructure
-AKSCONFIG=mgmt-cluster make mgmt-cluster
+AKSCONFIG=mgmt-cluster make cluster
 AKSCONFIG=mgmt-cluster make aks.kubeconfig
 KUBECONFIG=mgmt-cluster.kubeconfig scripts/maestro-consumer.sh
 ```

diff --git a/dev-infrastructure/modules/maestro/maestro-infra.bicep b/dev-infrastructure/modules/maestro/maestro-infra.bicep
@@ -153,34 +153,47 @@ resource maestroServerMqttClientGroup 'Microsoft.EventGrid/namespaces/clientGrou
   }
 }
 
-// create a topic space for the maestro server
-resource maestroServerTopicspace 'Microsoft.EventGrid/namespaces/topicSpaces@2023-12-15-preview' = {
-  name: 'maestro-server'
+// create a topic space for the maestro server to subscribe to
+resource maestroServerSubscribeTopicspace 'Microsoft.EventGrid/namespaces/topicSpaces@2023-12-15-preview' = {
+  name: 'maestro-server-subscribe'
   parent: eventGridNamespace
   properties: {
     topicTemplates: [
-      'sources/#'
+      'sources/maestro/consumers/+/agentevents'
     ]
   }
 }
 
-resource maestroServerPermissionBindingPublish 'Microsoft.EventGrid/namespaces/permissionBindings@2023-12-15-preview' = {
-  name: 'maestro-server-publish'
+// ... and grant the maestro server client permission to subscribe to the topic space
+resource maestroServerPermissionBindingSubscribe 'Microsoft.EventGrid/namespaces/permissionBindings@2023-12-15-preview' = {
+  name: 'maestro-server-subscribe-binding'
   parent: eventGridNamespace
   properties: {
     clientGroupName: maestroServerMqttClientGroup.name
-    permission: 'Publisher'
-    topicSpaceName: maestroServerTopicspace.name
+    permission: 'Subscriber'
+    topicSpaceName: maestroServerSubscribeTopicspace.name
   }
 }
 
-resource maestroServerPermissionBindingSubscribe 'Microsoft.EventGrid/namespaces/permissionBindings@2023-12-15-preview' = {
-  name: 'maestro-server-subscribe'
+// create a topic space for the maestro server to publish to
+resource maestroServerPublishTopicspace 'Microsoft.EventGrid/namespaces/topicSpaces@2023-12-15-preview' = {
+  name: 'maestro-server-publish'
+  parent: eventGridNamespace
+  properties: {
+    topicTemplates: [
+      'sources/maestro/consumers/+/sourceevents'
+    ]
+  }
+}
+
+// ... and grant the maestro server client permission to publish to the topic space
+resource maestroServerPermissionBindingPublish 'Microsoft.EventGrid/namespaces/permissionBindings@2023-12-15-preview' = {
+  name: 'maestro-server-publish-binding'
   parent: eventGridNamespace
   properties: {
     clientGroupName: maestroServerMqttClientGroup.name
-    permission: 'Subscriber'
-    topicSpaceName: maestroServerTopicspace.name
+    permission: 'Publisher'
+    topicSpaceName: maestroServerPublishTopicspace.name
   }
 }