Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-8110

.Spec.DeploymentPlan.ExtraMounts.Secrets, content of login.config key in secret does not match supported jaas config file syntax

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None

      *Describe the bug*
      The `login.config` example given in the [documentation](https://github.com/artemiscloud/activemq-artemis-operator/blob/main/docs/help/operator.md#configuring-jaas-for-brokers) does not work. The `ActiveMQArtemis` has a status condition of:
      ```
      .Spec.DeploymentPlan.ExtraMounts.Secrets, content of login.config key in secret msc-test-jaas-config does not match supported jaas config file syntax
      ```

      *To Reproduce*
      `secret.yaml`:
      ```yaml

      apiVersion: v1
      kind: Secret
      metadata:
      name: {{ printf "%s-jaas-config" .Release.Name }}
      data:
      {{- range $name, $value := .Values.secrets }}
      {{ $name }}: {{ $value | b64enc }}
      {{- end }}
      ```
      `artemis.yaml`:
      ```yaml

      apiVersion: broker.amq.io/v1beta1
      kind: ActiveMQArtemis
      metadata:
      name: {{ .Release.Name }}
      spec:
      acceptors:

      • name: {{ .Release.Name }}
        protocols: all
        port: 61616
        expose: true
        console:
        expose: false
        sslEnabled: false
        deploymentPlan:
        size: 2
        extraMounts:
        secrets:
      • {{ printf "%s-jaas-config" .Release.Name }}
        podSecurity:
        runAsUser: 185
        serviceAccountName: {{ printf "%s-sa" .Release.Name }}
        podSecurityContext:
        fsGroup: 185
        ```
        `values.yaml`:
        ```yaml
        secrets:
        login.config: |
        // a full login.config with the default activemq realm
        activemq { // ensure the operator can connect to the broker by referencing the existing properties config org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient org.apache.activemq.jaas.properties.user="artemis-users.properties" org.apache.activemq.jaas.properties.role="artemis-roles.properties" baseDir="/home/jboss/amq-broker/etc"; // a custom LoginModule that will reload from this secret org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient reload=true // these files will be provided by the secret org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.role="roles.properties"; // add any other supported LoginModule here }

        ;
        users.properties: |
        some_user = ENC(1024:B46A6AF6C49B06F81E3CB69DE0AC31A53A27C505410343C503363A2BDB1B6819:93FEFA7094EAA7137E6D88EC928D15D5C9857034D61BB125360E9FA750E491C4A6F2D5371460D1EDF206B275E95F96D3E74C1377C162513E9407A3CA3E1D198E)
        roles.properties: |
        some_role=some_user
        ```

      *Platform (please complete the following information):*

      • `helm`: `3.12.0`
      • `kubectl`: `1.24`

      *Expected behavior*
      I expect the example from the documentation to work.

              gaohoward Howard Gao
              rh-messaging-ci Messaging CI
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: