Hi Jo, that isn't expected, can you raise an issue attaching your CR: https://github.com/artemiscloud/activemq-artemis-operator/issues
Thanks, Domenico On Tue, 17 May 2022 at 16:03, Jo De Troy <[email protected]> wrote: > Hello again, > > I've tried creating 2 propertiesLoginModules using an > ActiveMQArtemisSecurity CR and I do see both of them created in the > login.conf but both reference the same properties files > (artemis-users.properties and artemis-roles.properties) Is that as expected > or am I doing something wrong? > I also tried adding the hawtioRoles. > > Best Regards, > Jo > > Op vr 13 mei 2022 om 10:12 schreef Domenico Francesco Bruscino < > [email protected]>: > > > Hi Jo, > > > > yes, the ArtemisCloud.io [1] operator will take care of the needed > changes > > in etc/login.config and in etc/artemis.profile but you need to define > > hawtio roles too, i.e. > > > > apiVersion: broker.amq.io/v1beta1 > > kind: ActiveMQArtemisSecurity > > metadata: > > name: ex-prop > > spec: > > loginModules: > > propertiesLoginModules: > > - name: 'activemq' > > users: > > - name: admin > > roles: > > - amq > > - name: 'console' > > users: > > - name: bob > > roles: > > - amq-console > > > > * hawtioRoles:* > > * - console* > > > > [1] https://artemiscloud.io/ > > [2] > > > > > https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml > > > > Regards, > > Domenico > > > > On Fri, 13 May 2022 at 09:44, Jo De Troy <[email protected]> wrote: > > > > > Domenico, > > > > > > my excuses for the stupid questions but would the operator also take > care > > > of the needed changes in etc/login.config and in etc/artemis.profile > as > > > mentioned in your first reply? > > > > > > Best Regards, > > > Jo > > > > > > Op vr 13 mei 2022 om 09:20 schreef Domenico Francesco Bruscino < > > > [email protected]>: > > > > > > > Hi Jo, > > > > > > > > the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides > > the > > > > ActiveMQArtemisSecurity CRD [2] to define multiple login modules, > i.e. > > > > > > > > apiVersion: broker.amq.io/v1beta1 > > > > kind: ActiveMQArtemisSecurity > > > > metadata: > > > > name: ex-prop > > > > spec: > > > > loginModules: > > > > propertiesLoginModules: > > > > - name: 'activemq' > > > > users: > > > > - name: admin > > > > roles: > > > > - amq > > > > - name: 'console' > > > > users: > > > > - name: bob > > > > roles: > > > > - amq-console > > > > > > > > > > > > [1] https://artemiscloud.io/ > > > > [2] > > > > > > > > > > > > > > https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml > > > > > > > > Regards, > > > > Domenico > > > > > > > > > > > > On Thu, 12 May 2022 at 17:09, Jo De Troy <[email protected]> > wrote: > > > > > > > > > Thanks for the explanation Justin > > > > > I wonder if the artemis cloud operator allows me to do that > > > > > > > > > > Best Regards, > > > > > Jo > > > > > > > > > > Op do 12 mei 2022 om 16:40 schreef Justin Bertram < > > [email protected] > > > >: > > > > > > > > > > > Yes, it is possible to configure multiple PropertiesLoginModules > to > > > > > > separate console users from broker users. You'd need to create > > > multiple > > > > > > entries in your etc/login.config, e.g.: > > > > > > > > > > > > activemq { > > > > > > > > > > > > > > > > > > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule > > > > > > required > > > > > > debug=false > > > > > > reload=true > > > > > > > > > > > > > > org.apache.activemq.jaas.properties.user="artemis-users.properties" > > > > > > > > > > > > > > org.apache.activemq.jaas.properties.role="artemis-roles.properties"; > > > > > > }; > > > > > > > > > > > > console { > > > > > > > > > > > > > > > > > > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule > > > > > > required > > > > > > debug=false > > > > > > reload=true > > > > > > > > > > > > > > org.apache.activemq.jaas.properties.user="console-users.properties" > > > > > > > > > > > > > > org.apache.activemq.jaas.properties.role="console-roles.properties"; > > > > > > }; > > > > > > > > > > > > Then in your etc/artemis.profile you'd need to change the value > of > > > the > > > > > > "hawtio.realm" system property to use the new entry, e.g.: > > > > > > > > > > > > -Dhawtio.realm=console > > > > > > > > > > > > Keep in mind that all the user management commands will only work > > on > > > > the > > > > > > broker-specific entry. You'll have to manage console users > > manually. > > > > > > > > > > > > > > > > > > Justin > > > > > > > > > > > > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <[email protected] > > > > > > wrote: > > > > > > > > > > > > > Hello, > > > > > > > > > > > > > > is it possible to create multiple propertiesLoginModules, e.g. > 1 > > > for > > > > > > broker > > > > > > > access and 1 for console access? Or how should/can you separate > > > users > > > > > > > between broker and console? > > > > > > > I've tried it but it seems like I only see 1 of the > > > > > > propertiesLoginModules > > > > > > > user/roles back in the artemis-{users/roles}.properties > > > > > > > > > > > > > > Best Regards, > > > > > > > Jo > > > > > > > > > > > > > > > > > > > > > > > > > > > >
