Closed john9x closed 1 month ago
gtully
commented
2 months ago There are some examples in the tests that can help here, the properties provide a way to configure the broker internal configuration beans via properties. The patterns reflect the organisation of those beans which makes it tricky to figure out at first. peek at: https://github.com/artemiscloud/activemq-artemis-operator/blob/main/controllers/activemqartemissecurity_broker_properties_test.go#L113
john9x
commented
1 month ago closed this as completed @brusdev Hi! What does it mean? I'm doing something wrong? Can you please explain why my config doesn't work?
brusdev
commented
1 month ago @john9x I closed the issue because I thought you had solved it with the suggestion of @gtully
john9x
commented
1 month ago @brusdev I'm sorry, I forget to reply on @gtully suggestion but I think
There are some examples in the tests that can help here, the properties provide a way to configure the broker internal configuration beans via properties.
relates to the second part of my question
Also I can't find any docs how to use spec.brokerProperties to configure security settings
brusdev
commented
1 month ago @john9x what error do you get when you try to login with some_user and another_user?
john9x
commented
1 month ago @brusdev hmmmm, I need to refresh my memory and reproduce the issue.
brusdev
commented
1 month ago @john9x I see 2 errors in your yaml:
admin = admin, some_userThe user some_user can login with the following yaml on my Kubernetes cluster:
apiVersion: v1
kind: Secret
metadata:
name: artemis-jaas-config
stringData:
login.config: |
activemq {
// ensure the operator can connect to the broker by referencing the existing properties config
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties"
baseDir="/home/jboss/amq-broker/etc";
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
reload=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.role="roles.properties";
};
users.properties: |
some_user = pass
another_user = pass
roles.properties: |
admin = admin,some_user
some_role = another_user
---
apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
name: artemis-broker
spec:
deploymentPlan:
size: 2
persistenceEnabled: true
messageMigration: true
requireLogin: true
extraMounts:
secrets:
- artemis-jaas-config@brusdev Thank you! I will check. Whitespace and dash! Unbelievable! :-)
john9x
commented
1 month ago @brusdev My bad. YAMLs makes me cry sometimes. Thank you very much for your patience.
P.S. using of spec.brokerProperties for configuring is a PAIN
Describe the bug Hi!
Custom login module from -jaas-config extraMount doesn't working.
some_userandanother_usercan't login to Artemis and I don't understand why. I see mounted files in the pods and don't see any problems in the logs.This works fine but with deprecation warning.
Also I can't find any docs how to use
spec.brokerPropertiesto configure security settings like this