-
Story
-
Resolution: Duplicate
-
Undefined
-
None
-
False
-
None
-
False
-
Compatibility/Configuration, User Experience
-
-
Develop
The security CR exposes some of the capability of JAAS, however it is incomplete and always will be because JAAS is extensible by definition.
A user should be able to provided a complete JAAS config in a secret and reference this via the Artemis CR extra mounts directive.
A config map the ends in "-jaas-config" will be treated as JAAS config and configured for the broker
Upstream: extra mounts secret xx-jaas-config in https://github.com/artemiscloud/activemq-artemis-operator/issues/356
By externalising the full login.config, there are no limits on what can be configured and the existing jaas login.config confirmation format does not need to be replicated in a CR.
All of the available login modules can be configured in this way.
There is one potential catch, the operator still needs to securely access the broker, so it needs an identity in user provided configuration if the login is required.
- depends on
-
ENTMQBR-6980 properties config - allow role configuration
- Closed
-
ENTMQBR-6983 properties config - treat url with / as directory of alphabetically ordered <..>.properties files
- Closed
- incorporates
-
ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication
- Closed
-
ENTMQBR-5144 Support for more login modules in security config
- Closed
-
ENTMQBR-5918 Allow to configure TextFileCertificateLoginModule
- Closed
-
ENTMQBR-7447 KeycloakLoginModule's configuration credentials should have an option to store the client-secret in an Openshift secret.
- Closed
- is related to
-
ENTMQBR-3606 AMQ 7 Operator : provide way to configure the LDAP for authentication
- Closed
-
ENTMQBR-4468 Encrypting amq broker pod credentials from env variables
- Closed
-
ENTMQBR-5203 Create Custom Resources variables to overwrite StatefulSet environment variables or JVM options
- Closed