Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-7545

[Docs] Support JAAS config via extra mount config map reference

    XMLWordPrintable

Details

    Description

      The security CR exposes some of the capability of JAAS, however it is incomplete and always will be because JAAS is extensible by definition.

      A user should be able to provided a complete JAAS config in a secret and reference this via the Artemis CR extra mounts directive.

      A config map the ends in "-jaas-config" will be treated as JAAS config and configured for the broker

       

      Upstream: extra mounts secret xx-jaas-config in https://github.com/artemiscloud/activemq-artemis-operator/issues/356

       

      By externalising the full login.config, there are no limits on what can be configured and the existing jaas login.config confirmation format does not need to be replicated in a CR.

      All of the available login modules can be configured in this way.

       

      There is one potential catch, the operator still needs to securely access the broker, so it needs an identity in user provided configuration if the login is required.

      Attachments

        Issue Links

          depends on

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-6980 properties config - allow role configuration

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-6983 properties config - treat url with / as directory of alphabetically ordered <..>.properties files

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          incorporates

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-5144 Support for more login modules in security config

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-5918 Allow to configure TextFileCertificateLoginModule

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-7447 KeycloakLoginModule's configuration credentials should have an option to store the client-secret in an Openshift secret.

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-4468 Encrypting amq broker pod credentials from env variables

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-5203 Create Custom Resources variables to overwrite StatefulSet environment variables or JVM options

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jcliffor@redhat.com John Clifford
              gtully@redhat.com Gary Tully
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: