Hello again, I've tried creating 2 propertiesLoginModules using an ActiveMQArtemisSecurity CR and I do see both of them created in the login.conf but both reference the same properties files (artemis-users.properties and artemis-roles.properties) Is that as expected or am I doing something wrong? I also tried adding the hawtioRoles.
Best Regards, Jo Op vr 13 mei 2022 om 10:12 schreef Domenico Francesco Bruscino < [email protected]>: > Hi Jo, > > yes, the ArtemisCloud.io [1] operator will take care of the needed changes > in etc/login.config and in etc/artemis.profile but you need to define > hawtio roles too, i.e. > > apiVersion: broker.amq.io/v1beta1 > kind: ActiveMQArtemisSecurity > metadata: > name: ex-prop > spec: > loginModules: > propertiesLoginModules: > - name: 'activemq' > users: > - name: admin > roles: > - amq > - name: 'console' > users: > - name: bob > roles: > - amq-console > > * hawtioRoles:* > * - console* > > [1] https://artemiscloud.io/ > [2] > > https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml > > Regards, > Domenico > > On Fri, 13 May 2022 at 09:44, Jo De Troy <[email protected]> wrote: > > > Domenico, > > > > my excuses for the stupid questions but would the operator also take care > > of the needed changes in etc/login.config and in etc/artemis.profile as > > mentioned in your first reply? > > > > Best Regards, > > Jo > > > > Op vr 13 mei 2022 om 09:20 schreef Domenico Francesco Bruscino < > > [email protected]>: > > > > > Hi Jo, > > > > > > the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides > the > > > ActiveMQArtemisSecurity CRD [2] to define multiple login modules, i.e. > > > > > > apiVersion: broker.amq.io/v1beta1 > > > kind: ActiveMQArtemisSecurity > > > metadata: > > > name: ex-prop > > > spec: > > > loginModules: > > > propertiesLoginModules: > > > - name: 'activemq' > > > users: > > > - name: admin > > > roles: > > > - amq > > > - name: 'console' > > > users: > > > - name: bob > > > roles: > > > - amq-console > > > > > > > > > [1] https://artemiscloud.io/ > > > [2] > > > > > > > > > https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml > > > > > > Regards, > > > Domenico > > > > > > > > > On Thu, 12 May 2022 at 17:09, Jo De Troy <[email protected]> wrote: > > > > > > > Thanks for the explanation Justin > > > > I wonder if the artemis cloud operator allows me to do that > > > > > > > > Best Regards, > > > > Jo > > > > > > > > Op do 12 mei 2022 om 16:40 schreef Justin Bertram < > [email protected] > > >: > > > > > > > > > Yes, it is possible to configure multiple PropertiesLoginModules to > > > > > separate console users from broker users. You'd need to create > > multiple > > > > > entries in your etc/login.config, e.g.: > > > > > > > > > > activemq { > > > > > > > > > > > > > > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule > > > > > required > > > > > debug=false > > > > > reload=true > > > > > > > > > > > org.apache.activemq.jaas.properties.user="artemis-users.properties" > > > > > > > > > > > org.apache.activemq.jaas.properties.role="artemis-roles.properties"; > > > > > }; > > > > > > > > > > console { > > > > > > > > > > > > > > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule > > > > > required > > > > > debug=false > > > > > reload=true > > > > > > > > > > > org.apache.activemq.jaas.properties.user="console-users.properties" > > > > > > > > > > > org.apache.activemq.jaas.properties.role="console-roles.properties"; > > > > > }; > > > > > > > > > > Then in your etc/artemis.profile you'd need to change the value of > > the > > > > > "hawtio.realm" system property to use the new entry, e.g.: > > > > > > > > > > -Dhawtio.realm=console > > > > > > > > > > Keep in mind that all the user management commands will only work > on > > > the > > > > > broker-specific entry. You'll have to manage console users > manually. > > > > > > > > > > > > > > > Justin > > > > > > > > > > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <[email protected]> > > > wrote: > > > > > > > > > > > Hello, > > > > > > > > > > > > is it possible to create multiple propertiesLoginModules, e.g. 1 > > for > > > > > broker > > > > > > access and 1 for console access? Or how should/can you separate > > users > > > > > > between broker and console? > > > > > > I've tried it but it seems like I only see 1 of the > > > > > propertiesLoginModules > > > > > > user/roles back in the artemis-{users/roles}.properties > > > > > > > > > > > > Best Regards, > > > > > > Jo > > > > > > > > > > > > > > > > > > > > >
