Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-7187

Cleanly separate operator channel to broker and inter broker comms from those of the application

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • AMQ 7.10.0.GA
    • operator, security
    • None
    • Operator control plane
    • False
    • None
    • False
    • User Experience
    • To Do
    • 27% To Do, 55% In Progress, 18% Done

      Currently the artemis operator uses jmx and cluster connections with plain credentials. these are uses for admin and for moving messages, jobs of the control plane.

      If a user wants to own auth, or if auth is delegated. The operator credentials need to be managed by the user. this is bad news.

      The operator should use a service account credential to authencicate to the broker, possibly only through a read only view of the jolokia agent... and for inter broker comms (cluster or federation) use mTLS with a service account.

            gtully@redhat.com Gary Tully
            gtully@redhat.com Gary Tully
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: