User Management #3 and Bridge and Diverts ready #1

openlab-red · Dec 11, 2020 · 07f9f0f · 07f9f0f
1 parent 656c965
commit 07f9f0f
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 1 deletion.
diff --git a/README.adoc b/README.adoc
@@ -120,6 +120,7 @@ oc label secret/mycluster-amq-broker-all-secret app.kubernetes.io/managed-by=Hel
 [source,bash]
 -------
 ./artemis producer --user amq --password amq --message-count 10 --url="tcp://${AMQ_ENDPOINT}:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password"
+
 Connection brokerURL = tcp://mycluster-amq-broker-all-0-svc-rte-dxc.apps-crc.testing:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password
 Producer ActiveMQQueue[TEST], thread=0 Started to calculate elapsed time ...
 
@@ -133,6 +134,7 @@ Producer ActiveMQQueue[TEST], thread=0 Elapsed time in milli second : 79 milli s
 [source,bash]
 -------
 ./artemis consumer --user amq --password amq --message-count 10 --url="tcp://${AMQ_ENDPOINT}:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password"
+
 Connection brokerURL = tcp://mycluster-amq-broker-all-0-svc-rte-dxc.apps-crc.testing:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password
 Consumer:: filter = null
 Consumer ActiveMQQueue[TEST], thread=0 wait until 10 messages are consumed
@@ -173,7 +175,7 @@ Consumer ActiveMQQueue[TEST], thread=0 Consumer thread finished
 | Keystore and Truststore Password
 | DONE
 
-| SSL Custom CA Implementation, NOTE: if you create the certificate early it should work
+| SSL Custom CA Implementation
 | https://github.com/openlab-red/amq-broker-operator-helm/issues/2[#2]
 
 | User Management

diff --git a/amq-broker/templates/activeamqartemis.yaml b/amq-broker/templates/activeamqartemis.yaml
@@ -7,6 +7,8 @@ metadata:
 spec:
   acceptors:
     {{- toYaml .Values.acceptors | nindent 4 }}
+  connectors:
+    {{- toYaml .Values.connectors | nindent 4 }}
   addressSettings:
     {{- toYaml .Values.addressSettings | nindent 4 }}
   adminPassword: {{ .Values.adminPassword }}

diff --git a/amq-broker/templates/configmap.yaml b/amq-broker/templates/configmap.yaml
@@ -100,6 +100,21 @@ data:
                     <permission type="send" roles="admin" />
                     <permission type="manage" roles="admin" />
                 </security-setting>
+
+                {{- range .Values.securitySettings.securitySetting }}
+                <security-setting match="{{ .match }}">
+                    <permission type="createNonDurableQueue" roles="{{ .createNonDurableQueue }}" />
+                    <permission type="deleteNonDurableQueue" roles="{{ .deleteNonDurableQueue }}" />
+                    <permission type="createDurableQueue" roles="{{ .createDurableQueue }}" />
+                    <permission type="deleteDurableQueue" roles="{{ .deleteDurableQueue }}" />
+                    <permission type="createAddress" roles="{{ .createAddress }}" />
+                    <permission type="deleteAddress" roles="{{ .deleteAddress }}" />
+                    <permission type="consume" roles="{{ .consume }}" />
+                    <permission type="browse" roles="{{ .browse }}" />
+                    <permission type="send" roles="{{ .send }}in" />
+                    <permission type="manage" roles="{{ .manage }}" />
+                </security-setting>
+                {{- end }}
             </security-settings>
 
             <address-settings>
@@ -170,6 +185,21 @@ data:
 
             </addresses>
 
+            <diverts>
+                {{- range .Values.diverts }}
+                    <divert name="{{ .name }}">
+                        <address>{{ .address }}</address>
+                        <forwarding-address>{{ .forwardingAddress }}</forwarding-address>
+                        <exclusive>{{ .exclusive }}</exclusive>
+                    </divert>
+                {{- end }}
+            </diverts>
+
+            <bridges>
+                {{- range .Values.bridges }}
+                
+                {{- end}}
+            </bridges>
         </core>
 
     </configuration>
diff --git a/amq-broker/templates/post-install.yaml b/amq-broker/templates/post-install.yaml
@@ -103,6 +103,11 @@ spec:
             # Wait the rollout of AMQ Broker Statefulset
             oc rollout status sts/$AMQ_BROKER -w
             
+            # Security
+            {{- range  .Values.securitySettings.users }}
+            oc exec sts/$AMQ_BROKER -- /home/jboss/amq-broker/bin/artemis user add --user {{ .name }} --password {{ .password }} --role {{ .role }}
+            {{- end }}
+
             # Scale Down the Operator
             oc scale --replicas=0 deployments/amq-broker-operator
 

diff --git a/amq-broker/values.yaml b/amq-broker/values.yaml
@@ -66,6 +66,8 @@ acceptors:
   protocols: amqp
   port: 5672
 
+connectors: []
+
 addressSettings:
   addressSetting:
   - addressFullPolicy: PAGE
@@ -82,6 +84,24 @@ addresses:
   queueName: com.my.queue
   routingType: anycast
 
+securitySettings:
+ users:
+ - name: test
+   password: test
+   role: guest
+ securitySetting:
+ - match: 'ch.rtc.igt.#'
+   createNonDurableQueue: admin
+   deleteNonDurableQueue: admin
+   createDurableQueue: admin
+   deleteDurableQueue: admin
+   createAddress: admin
+   deleteAddress: admin
+   consume: admin
+   browse: admin
+   send: admin
+   manage: admin
+
 bridges: []
 
 diverts: []