Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-7545

[Docs] Support JAAS config via extra mount config map reference

XMLWordPrintable

      The security CR exposes some of the capability of JAAS, however it is incomplete and always will be because JAAS is extensible by definition.

      A user should be able to provided a complete JAAS config in a secret and reference this via the Artemis CR extra mounts directive.

      A config map the ends in "-jaas-config" will be treated as JAAS config and configured for the broker

       

      Upstream: extra mounts secret xx-jaas-config in https://github.com/artemiscloud/activemq-artemis-operator/issues/356

       

      By externalising the full login.config, there are no limits on what can be configured and the existing jaas login.config confirmation format does not need to be replicated in a CR.

      All of the available login modules can be configured in this way.

       

      There is one potential catch, the operator still needs to securely access the broker, so it needs an identity in user provided configuration if the login is required.

              jcliffor@redhat.com John Clifford
              gtully@redhat.com Gary Tully
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: