Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add custom codec configurations for masked passwords #95

Merged
merged 16 commits into from
Sep 6, 2023
Merged

Add custom codec configurations for masked passwords #95

merged 16 commits into from
Sep 6, 2023

Conversation

guidograzioli
Copy link
Member

@guidograzioli guidograzioli commented Sep 1, 2023
edited

Allow to configure password codec for masked password in JAAS property base files (artemis-users.properties) and broker.xml using a custom java class, by specifying the hash name and number of iterations (Default codec comes with hardcoded 'sha1' and 1024).

New parameters:

Variable Description Default
activemq_password_codec Fully qualified class name and its parameters for the Decoder used to decode the masked password. Ignored if activemq_mask_password is false. Can be postfixed with parameters in the key=value;... format org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec
activemq_mask_password Whether passwords in server configuration need to be masked. True
activemq_additional_libs List of jars to install in activemq classpath, read from playbook files lookup paths []
activemq_mask_password_hashname Name of algorithm used for masking password, will be passed to custom codec sha1
activemq_mask_password_iterations Number of iterations for masking password, will be passed to custom codec 1024

Choices for activemq_mask_password_hashname are: [ 'sha1', 'sha224', 'sha256', 'sha384', 'sha512' ]

NOTE This feature won't work without providing a custom password codec class packaged in jar format. See Implementing Custom Codes. The custom codec class used in tests is here for reference.

NOTE The full feature can only work with activemq 2.29.0+ (AMQ Broker 7.11.1+) because of ARTEMIS-4273, apache/activemq-artemis#4469

For a complete usage example, check the molecule test

Fix: #77

@guidograzioli guidograzioli changed the title Add more parameters to pbkdf filter Add more parameters to pbkdf filter (WIP) Sep 1, 2023
@guidograzioli guidograzioli added the minor_changes New parameters added to modules, or non-breaking behavior changes to existing parameters; no bugfix label Sep 5, 2023
@guidograzioli guidograzioli changed the title Add more parameters to pbkdf filter (WIP) Add custom codec configurations for masked passwords Sep 5, 2023
@guidograzioli guidograzioli merged commit 625662d into ansible-middleware:main Sep 6, 2023
14 checks passed
@guidograzioli guidograzioli mentioned this pull request Sep 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
minor_changes New parameters added to modules, or non-breaking behavior changes to existing parameters; no bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update crypto algorithm
1 participant
@guidograzioli