Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-8387

Custom login.config file could not be used with AMQ Broker Operator due to a validation error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • AMQ 7.11.1.OPR.1.GA
    • operator
    • False
    • None
    • False
    • User Experience
    • Hide

      If the offending line is removed from the login.config file

      roleSearchMatching="(&(objectCategory=group)(groupType:1.1.111.111111.1.1.111:=1111111111)(member:1.1.111.111111.1.1.1111:=\{0})(sAMAccountName=AAA AAA AAA*))"
      

      the ActiveMQArtemis CR is created successfully. Later, the secret is recreated by adding the offending line, and the Operator does not complain

      Show
      If the offending line is removed from the login.config file roleSearchMatching= "(&(objectCategory=group)(groupType:1.1.111.111111.1.1.111:=1111111111)(member:1.1.111.111111.1.1.1111:=\{0})(sAMAccountName=AAA AAA AAA*))" the ActiveMQArtemis CR is created successfully. Later, the secret is recreated by adding the offending line, and the Operator does not complain
    • Hide

      Below are the command used, and the files' contents, to reproduce the issue. The files are also attached

      commands used

      $ oc create secret generic custom-jaas-config --from-file=login.config
      $ oc create -f artemisCR.yaml
      

      login.config

      activemq
      
      {    org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule sufficient         debug=true         initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory         connectionURL="ldap://blabla"         connectionUsername="bla"         connectionPassword="bla"         connectionTimeout="5000"         connectionProtocol="simple"         readTimeout="5000"         authentication="simple"         userBase="DC=aa,DC=aaa,DC=aaaaa,DC=aa,DC=aa"         userSearchMatching="(&(objectCategory=user)(SAMAccountName=\\{0}
      
      ))"
              userSearchSubtree=true
              roleBase="DC=aa,DC=aaa,DC=aaaaa,DC=aa,DC=aa"
              roleName=sAMAccountName
              roleSearchMatching="(&(objectCategory=group)(groupType:1.1.111.111111.1.1.111:=1111111111)(member:1.1.111.111111.1.1.1111:=\{0})(sAMAccountName=AAA AAA AAA*))"
              roleSearchSubtree=true
              referral=follow;
      };
      

      artemisCR.yaml

      apiVersion: broker.amq.io/v1beta1
      kind: ActiveMQArtemis
      metadata:
        name: test-login-config
      spec:
        console:
          expose: true
        adminUser: "user1"
        adminPassword: "1234"
        deploymentPlan:
          image: placeholder
          jolokiaAgentEnabled: false
          journalType: nio
          managementRBACEnabled: true
          messageMigration: false
          persistenceEnabled: false
          requireLogin: false
          size: 1
          extraMounts:
            secrets:
            - "custom-jaas-config"
      
      Show
      Below are the command used, and the files' contents, to reproduce the issue. The files are also attached commands used $ oc create secret generic custom-jaas-config --from-file=login.config $ oc create -f artemisCR.yaml login.config activemq {    org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule sufficient         debug= true         initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory         connectionURL= "ldap: //blabla"         connectionUsername= "bla"         connectionPassword= "bla"         connectionTimeout= "5000"         connectionProtocol= "simple"         readTimeout= "5000"         authentication= "simple"         userBase= "DC=aa,DC=aaa,DC=aaaaa,DC=aa,DC=aa"         userSearchMatching="(&(objectCategory=user)(SAMAccountName=\\{0} ))"         userSearchSubtree= true         roleBase= "DC=aa,DC=aaa,DC=aaaaa,DC=aa,DC=aa"         roleName=sAMAccountName         roleSearchMatching= "(&(objectCategory=group)(groupType:1.1.111.111111.1.1.111:=1111111111)(member:1.1.111.111111.1.1.1111:=\{0})(sAMAccountName=AAA AAA AAA*))"         roleSearchSubtree= true         referral=follow; }; artemisCR.yaml apiVersion: broker.amq.io/v1beta1 kind: ActiveMQArtemis metadata:   name: test-login-config spec:   console:     expose: true   adminUser: "user1"   adminPassword: "1234"   deploymentPlan:     image: placeholder     jolokiaAgentEnabled: false     journalType: nio     managementRBACEnabled: true     messageMigration: false     persistenceEnabled: false     requireLogin: false     size: 1     extraMounts:       secrets:       - "custom-jaas-config"
    • Moderate

      When creating an ActiveMQArtemis custom resource definition with a particular custom login.config file, the following message is seen on the CR  status:

      message: .Spec.DeploymentPlan.ExtraMounts.Secrets, content of login.config key in secret custom-jaas-config does not match supported jaas config file syntax

      I tried to use the same login.config on a standalone broker installation, and it is parsed correctly when the customer tries to log in

       

        1. artemisCR.yaml
          0.4 kB
          Alfredo Narvaez
        2. login.config
          0.9 kB
          Alfredo Narvaez

              gtully@redhat.com Gary Tully
              rhn-support-anarvaez Alfredo Narvaez
              Michal Toth Michal Toth
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: