Hi Jo,
this is more a question for the ArtemisCloud.io community [1], I think the
passwords for the users in ActiveMQArtemisSecurity can be masked using the
mask command [2] but I have never tried, i.e.
$ ./broker/bin/artemis mask --hash user
result:
1024:C1475A2DBBCCC50D7EB75448555E408E99A71DA455E117552CD27FA57A0C864C:355874B12FB9ED6F2C9D4283A2072E99866EDAE1F9F0FD58A34AB441720BB4E070918EFE615E0C2276984EE674654BB856AE9257F1FB73A2ECAB6742B1789562
spec:
loginModules:
propertiesLoginModules:
- name: prop-module
users:
- name: userA
roles:
- roleA
password:
"ENC(1024:C1475A2DBBCCC50D7EB75448555E408E99A71DA455E117552CD27FA57A0C864C:355874B12FB9ED6F2C9D4283A2072E99866EDAE1F9F0FD58A34AB441720BB4E070918EFE615E0C2276984EE674654BB856AE9257F1FB73A2ECAB6742B1789562)"
[1] https://artemiscloud.io/community/
[2]
https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords
Regards,
Domenico
On Fri, 6 May 2022 at 14:29, Jo De Troy <[email protected]> wrote:
> Thanks Domenico
>
> Is there a possibility to encrypt/obfuscate the passwords for the users in
> kind: ActiveMQArtemisSecurity ?
> Or can these be stored in an Openshift secret/Hashicorp Vault/...
>
> Best Regards,
> Jo
>
> Op vr 6 mei 2022 om 11:30 schreef Domenico Francesco Bruscino <
> [email protected]>:
>
> > Hi Jo,
> >
> > Apache ActiveMQ Artemis contains a flexible role-based security model for
> > applying security to queues, based on their addresses, see the
> > documentation [1] for further details.
> >
> > Suppose you have userA with the roleA that can only consume queueA and
> > userB with roleB that can only consume queueB:
> >
> > apiVersion: broker.amq.io/v1alpha1
> > kind: ActiveMQArtemisSecurity
> > metadata:
> > name: ex-prop
> > spec:
> > loginModules:
> > propertiesLoginModules:
> > - name: 'prop-module'
> > users:
> > - name: userA
> > password: userA
> > roles:
> > - roleA
> > - name: userB
> > password: userB
> > roles:
> > - roleB
> > securityDomains:
> > brokerDomain:
> > name: 'activemq'
> > loginModules:
> > - name: 'prop-module'
> > flag: 'sufficient'
> > securitySettings:
> > broker:
> > - match: 'queue1'
> > permissions:
> > - operationType: 'consume'
> > roles:
> > - roleA
> > - match: 'queue2'
> > permissions:
> > - operationType: 'consume'
> > roles:
> > - roleB
> >
> > [1]
> >
> >
> https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses
> >
> > Regards,
> > Domenico
> >
> > On Fri, 6 May 2022 at 10:37, Jo De Troy <[email protected]> wrote:
> >
> > > Hello,
> > >
> > > I'm pretty new to the ActiveMQ (Artemis) world.
> > > I was wondering if it's possible to define different users per queue
> when
> > > using e.g. PropertiesLoginModule.
> > > So userA would be able to only produce on queueA but not on queueB
> > > Suppose you have a broker with a few 50 different queues you don't want
> > all
> > > clients to use the same credentials if they only need access to 1
> queue.
> > >
> > > If it's possible would there be an example I can find somewhere for
> this
> > > type of configuration?
> > > I'm trying to use the ActiveMQ Artemis running on a container platform,
> > so
> > > the security config would hopefully be created by using the
> > > ActiveMQArtemisSecurity CRD
> > >
> > > Best Regards,
> > > Jo
> > >
> >
>
