Re: activemq artemis users on queue level

Fri, 06 May 2022 05:29:12 -0700 

Thanks Domenico

Is there a possibility to encrypt/obfuscate  the passwords for the users in
kind: ActiveMQArtemisSecurity ?
Or can these be stored in an Openshift secret/Hashicorp Vault/...

Best Regards,
Jo

Op vr 6 mei 2022 om 11:30 schreef Domenico Francesco Bruscino <
[email protected]>:

> Hi Jo,
>
> Apache ActiveMQ Artemis contains a flexible role-based security model for
> applying security to queues, based on their addresses, see the
> documentation [1] for further details.
>
> Suppose you have userA with the roleA that can only consume queueA and
> userB with roleB that can only consume queueB:
>
> apiVersion: broker.amq.io/v1alpha1
> kind: ActiveMQArtemisSecurity
> metadata:
>   name: ex-prop
> spec:
>   loginModules:
>     propertiesLoginModules:
>     - name: 'prop-module'
>       users:
>       - name: userA
>         password: userA
>         roles:
>         - roleA
>       - name: userB
>         password: userB
>         roles:
>         - roleB
>   securityDomains:
>     brokerDomain:
>       name: 'activemq'
>       loginModules:
>       - name: 'prop-module'
>         flag: 'sufficient'
>   securitySettings:
>     broker:
>     - match: 'queue1'
>       permissions:
>       - operationType: 'consume'
>         roles:
>         - roleA
>     - match: 'queue2'
>       permissions:
>       - operationType: 'consume'
>         roles:
>         - roleB
>
> [1]
>
> https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses
>
> Regards,
> Domenico
>
> On Fri, 6 May 2022 at 10:37, Jo De Troy <[email protected]> wrote:
>
> > Hello,
> >
> > I'm pretty new to the ActiveMQ (Artemis) world.
> > I was wondering if it's possible to define different users per queue when
> > using e.g. PropertiesLoginModule.
> > So userA would be able to only produce on queueA but not on queueB
> > Suppose you have a broker with a few 50 different queues you don't want
> all
> > clients to use the same credentials if they only need access to 1 queue.
> >
> > If it's possible would there be an example I can find somewhere for this
> > type of configuration?
> > I'm trying to use the ActiveMQ Artemis running on a container platform,
> so
> > the security config would hopefully be created by using the
> > ActiveMQArtemisSecurity CRD
> >
> > Best Regards,
> > Jo
> >
>

Reply via email to