[jira] [Work logged] (ARTEMIS-4754) Make configuring security for AMQP federation user accounts simpler

Wed, 01 May 2024 13:47:09 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4754?focusedWorklogId=917197&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-917197
 ]

ASF GitHub Bot logged work on ARTEMIS-4754:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 01/May/24 20:46
            Start Date: 01/May/24 20:46
    Worklog Time Spent: 10m 
      Work Description: tabish121 opened a new pull request, #4916:
URL: https://github.com/apache/activemq-artemis/pull/4916

   When creating internal temporary queues for the federation control links and 
the events link we should use a structured naming convention to ease in 
configuring security for the federation user where all internal names fall 
under a root prefix which can be used to grant read and write access for the 
federation user. This change allows security on the wildcarded address 
"$ACTIVEMQ_ARTEMIS_FEDERATION.#". This change also includes some further 
restrictions added to federation resources and adds support for wildcarding '$' 
prefixed addresses.




Issue Time Tracking
-------------------

            Worklog Id:     (was: 917197)
    Remaining Estimate: 0h
            Time Spent: 10m

> Make configuring security for AMQP federation user accounts simpler
> -------------------------------------------------------------------
>
>                 Key: ARTEMIS-4754
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4754
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: AMQP
>    Affects Versions: 2.33.0
>            Reporter: Timothy A. Bish
>            Assignee: Timothy A. Bish
>            Priority: Major
>             Fix For: 2.34.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When creating the user account used to restrict access when securing an AMQP 
> federation account the currently implementation requires giving the 
> federation overly broad access so that it can create control and event queues 
> used for its internal mechanisms.  We should make this easier and more narrow 
> so that a federation user can be granted access to a more limited set of 
> resources for internal federation mechanics besides access to those addresses 
> and queues which will be targets of federation.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to