Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: AMQ 7.11.0.GA
Affects Version/s: None
Component/s: container image
Labels:
- CR1
- upstream-test-coverage

Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Compatibility/Configuration, User Experience
GSS Priority:
QE Test Coverage:
+
Target Release:

AMQ 7.11.0.GA
Upstream Jira:
https://github.com/artemiscloud/activemq-artemis-operator/issues/356
Documentation Type:

Develop

SFDC Cases Counter:
SFDC Cases Links:

The security CR exposes some of the capability of JAAS, however it is incomplete and always will be because JAAS is extensible by definition.

A user should be able to provided a complete JAAS config in a secret and reference this via the Artemis CR extra mounts directive.

A config map the ends in "-jaas-config" will be treated as JAAS config and configured for the broker

Upstream: extra mounts secret xx-jaas-config in https://github.com/artemiscloud/activemq-artemis-operator/issues/356

By externalising the full login.config, there are no limits on what can be configured and the existing jaas login.config confirmation format does not need to be replicated in a CR.

All of the available login modules can be configured in this way.

There is one potential catch, the operator still needs to securely access the broker, so it needs an identity in user provided configuration if the login is required.

clones

ENTMQBR-7128 Avoid application restart upon user management (security) updates

Closed

depends on

ENTMQBR-6980 properties config - allow role configuration

Verified

ENTMQBR-6983 properties config - treat url with / as directory of alphabetically ordered <..>.properties files

Verified

incorporates

ENTMQBR-3413 [Operator] Provide TLS authentication as CR configuration parameter

Backlog

ENTMQBR-7517 AMQ 7 operator should support client certificate authentication

Refinement

ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication

Closed

ENTMQBR-5144 Support for more login modules in security config

Closed

ENTMQBR-5918 Allow to configure TextFileCertificateLoginModule

Closed

ENTMQBR-7054 consoleDomain.name in ActiveMQArtemisSecurity is not reflected in artemis.profile ( -Dhawtio.realm is not changed)

Closed

ENTMQBR-7447 KeycloakLoginModule's configuration credentials should have an option to store the client-secret in an Openshift secret.

Closed

is related to

ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication

Closed

ENTMQBR-4468 Encrypting amq broker pod credentials from env variables

Closed

ENTMQBR-5203 Create Custom Resources variables to overwrite StatefulSet environment variables or JVM options

Closed

relates to

ENTMQBR-8318 Allow broker classpath extension - additional jaas or jdbc jar(s)

Verified

(5 incorporates, 3 is related to, 1 relates to)

Support security configuration merge

New

Unassigned

Assignee:: Gary Tully

Reporter:: Gary Tully

Tester:: Michal Toth

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/12/19 10:22 AM

Updated:: 2023/08/23 10:57 AM

Resolved:: 2023/02/16 4:16 PM

Details

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates