Details
-
Story
-
Resolution: Done
-
Major
-
None
-
False
-
None
-
False
-
Compatibility/Configuration, User Experience
-
+
-
Develop
Description
The security CR exposes some of the capability of JAAS, however it is incomplete and always will be because JAAS is extensible by definition.
A user should be able to provided a complete JAAS config in a secret and reference this via the Artemis CR extra mounts directive.
A config map the ends in "-jaas-config" will be treated as JAAS config and configured for the broker
Upstream: extra mounts secret xx-jaas-config in https://github.com/artemiscloud/activemq-artemis-operator/issues/356
By externalising the full login.config, there are no limits on what can be configured and the existing jaas login.config confirmation format does not need to be replicated in a CR.
All of the available login modules can be configured in this way.
There is one potential catch, the operator still needs to securely access the broker, so it needs an identity in user provided configuration if the login is required.
Attachments
Issue Links
- clones
-
ENTMQBR-7128 Avoid application restart upon user management (security) updates
- Closed
- depends on
-
ENTMQBR-6980 properties config - allow role configuration
- Verified
-
ENTMQBR-6983 properties config - treat url with / as directory of alphabetically ordered <..>.properties files
- Verified
- incorporates
-
ENTMQBR-3413 [Operator] Provide TLS authentication as CR configuration parameter
- Backlog
-
ENTMQBR-7517 AMQ 7 operator should support client certificate authentication
- Refinement
-
ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication
- Closed
-
ENTMQBR-5144 Support for more login modules in security config
- Closed
-
ENTMQBR-5918 Allow to configure TextFileCertificateLoginModule
- Closed
-
ENTMQBR-7054 consoleDomain.name in ActiveMQArtemisSecurity is not reflected in artemis.profile ( -Dhawtio.realm is not changed)
- Closed
-
ENTMQBR-7447 KeycloakLoginModule's configuration credentials should have an option to store the client-secret in an Openshift secret.
- Closed
- is related to
-
ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication
- Closed
-
ENTMQBR-4468 Encrypting amq broker pod credentials from env variables
- Closed
-
ENTMQBR-5203 Create Custom Resources variables to overwrite StatefulSet environment variables or JVM options
- Closed
- relates to
-
ENTMQBR-8318 Allow broker classpath extension - additional jaas or jdbc jar(s)
- Verified
1.
|
Support security configuration merge | New | Unassigned |