arkmq-org
diff --git a/‎locales/en/plugin__activemq-artemis-self-provisioning-plugin.json‎
Lines changed: 24 additions & 5 deletions b/‎locales/en/plugin__activemq-artemis-self-provisioning-plugin.json‎
Lines changed: 24 additions & 5 deletions
diff --git a/‎src/brokers/broker-details/components/Overview/Overview.container.tsx‎
Lines changed: 47 additions & 13 deletions b/‎src/brokers/broker-details/components/Overview/Overview.container.tsx‎
Lines changed: 47 additions & 13 deletions
diff --git a/‎src/k8s/types.ts‎
Lines changed: 9 additions & 1 deletion b/‎src/k8s/types.ts‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎src/reducers/7.13/reducer.test.ts‎
Lines changed: 54 additions & 2 deletions b/‎src/reducers/7.13/reducer.test.ts‎
Lines changed: 54 additions & 2 deletions
@@ -93,9 +93,12 @@
   "Memory Usage Metrics": "Memory Usage Metrics",
   "CPU Usage Metrics": "CPU Usage Metrics",
   "Metrics": "Metrics",
+  "Error loading secrets": "Error loading secrets",
   "Test the connection to": "Test the connection to",
-  "Download the secret:": "Download the secret:",
-  "Run the command with the secret": "Run the command with the secret",
+  "Download the cert:": "Download the cert:",
+  "Your setup requires having a username and password for connecting to the acceptor": "Your setup requires having a username and password for connecting to the acceptor",
+  "find one in the extra-users.properties entry of the jaas-config": "find one in the extra-users.properties entry of the jaas-config",
+  "Run the command below (it assumes that the cert is stored in /tmp)": "Run the command below (it assumes that the cert is stored in /tmp)",
   "Copy to clipboard": "Copy to clipboard",
   "Successfully copied to clipboard!": "Successfully copied to clipboard!",
   "Connectivity": "Connectivity",
@@ -178,10 +181,12 @@
   "No {{name}} configured": "No {{name}} configured",
   "There is no {{name}} in your configuration, to add one click on the button below.": "There is no {{name}} in your configuration, to add one click on the button below.",
   "Add": "Add",
-  "Enable RBAC": "Enable RBAC",
-  "enable RBAC": "enable RBAC",
-  "disable RBAC": "disable RBAC",
+  "RBAC enabled": "RBAC enabled",
+  "RBAC disabled": "RBAC disabled",
   "Configuration for the token authentication": "Configuration for the token authentication",
+  "Security roles": "Security roles",
+  "Configure which user can access which resources on the broker": "Configure which user can access which resources on the broker",
+  "Add a security role": "Add a security role",
   "Service account": "Service account",
   "Select a service account that has the permission to perform a token review": "Select a service account that has the permission to perform a token review",
   "The selected service account must within the same namespace as the broker you want to deploy and must have a cluster wide role binding to the `system:auth-delegator` role.": "The selected service account must within the same namespace as the broker you want to deploy and must have a cluster wide role binding to the `system:auth-delegator` role.",
@@ -196,7 +201,21 @@
   "This custom jaas config will allow the user specified as administrator to access the jolokia endpoint of the broker.": "This custom jaas config will allow the user specified as administrator to access the jolokia endpoint of the broker.",
   "Create the jaas config": "Create the jaas config",
   "Select a jaas config": "Select a jaas config",
+  "If during your editing of the jaas-config you changed the roles, you can rebuild the security roles in order to take into account your changes": "If during your editing of the jaas-config you changed the roles, you can rebuild the security roles in order to take into account your changes",
+  "edit": "edit",
+  "Rebuilding the security roles will override the ones that are already configured.": "Rebuilding the security roles will override the ones that are already configured.",
+  "rebuild security roles": "rebuild security roles",
   "Create a new jaas config": "Create a new jaas config",
+  "Show the jaas-config's roles and users": "Show the jaas-config's roles and users",
+  "Openshift users allowed to read the jolokia endpoint": "Openshift users allowed to read the jolokia endpoint",
+  "Group": "Group",
+  "OpenShift usernames (comma separated)": "OpenShift usernames (comma separated)",
+  "Users allowed to access the broker": "Users allowed to access the broker",
+  "Username": "Username",
+  "Password": "Password",
+  "Roles used for security rules": "Roles used for security rules",
+  "Role": "Role",
+  "Users (comma separated)": "Users (comma separated)",
   "Version:": "Version:",
   "Self Signed:": "Self Signed:",
   "SerialNumber:": "SerialNumber:",
 
@@ -4,6 +4,8 @@ import {
   useLabelsModal,
 } from '@openshift-console/dynamic-plugin-sdk';
 import {
+  Alert,
+  AlertVariant,
   Bullseye,
   Button,
   Card,
@@ -66,7 +68,7 @@ const useGetIssuerCa = (
 
 const useGetTlsSecret = (cr: BrokerCR, acceptor: Acceptor) => {
   const [secretName, hasSecretName] = useGetIssuerCa(cr, acceptor);
-  const [secrets] = useK8sWatchResource<SecretResource[]>({
+  const [secrets, loaded, loadError] = useK8sWatchResource<SecretResource[]>({
     groupVersionKind: {
       version: 'v1',
       kind: 'Secret',
@@ -76,23 +78,23 @@ const useGetTlsSecret = (cr: BrokerCR, acceptor: Acceptor) => {
     namespace: cr.metadata.namespace,
   });
 
+  const secret = secrets.find((secret) => secret.metadata?.name === secretName);
+
   if ((hasSecretName && !secretName) || !secrets) {
-    return undefined;
+    return [undefined, loaded, loadError];
   }
 
-  const secret = secrets.find((secret) => secret.metadata?.name === secretName);
-
-  if (!(secret && secret && secret.data && secret.data['tls.crt'])) {
-    return undefined;
+  if (!(secret && secret.data && secret.data['tls.crt'])) {
+    return [undefined, loaded, loadError];
   }
-  return secret;
+  return [secret, loaded, loadError];
 };
 
-type SecretDownloaLinkProps = {
+type SecretDownloadLinkProps = {
   secret: SecretResource;
 };
 
-const SecretDownloadLink: FC<SecretDownloaLinkProps> = ({ secret }) => {
+const SecretDownloadLink: FC<SecretDownloadLinkProps> = ({ secret }) => {
   return (
     <a
       href={
@@ -120,9 +122,10 @@ const HelpConnectAcceptor: FC<HelperConnectAcceptorProps> = ({
   acceptor,
 }) => {
   const { t } = useTranslation();
-  const secret = useGetTlsSecret(cr, acceptor);
+  const [secret, loaded, loadError] = useGetTlsSecret(cr, acceptor);
   const ingressHost = getIssuerIngressHostForAcceptor(cr, acceptor, 0);
   const [copied, setCopied] = useState(false);
+  const isSecuredByToken = cr.spec.adminUser === undefined;
 
   const clipboardCopyFunc = (text: string) => {
     navigator.clipboard.writeText(text.toString());
@@ -132,13 +135,20 @@ const HelpConnectAcceptor: FC<HelperConnectAcceptorProps> = ({
     clipboardCopyFunc(text);
     setCopied(true);
   };
-  if (!secret) {
+  if (!loaded || !secret) {
     return (
       <Bullseye>
         <Spinner size="lg" />
       </Bullseye>
     );
   }
+  if (loadError) {
+    return (
+      <Alert variant={AlertVariant.danger} title={t('Error loading secrets')}>
+        {loadError}
+      </Alert>
+    );
+  }
 
   const code =
     "./artemis check queue --name TEST --produce 10 --browse 10 --consume 10 --url 'tcp://" +
@@ -154,10 +164,34 @@ const HelpConnectAcceptor: FC<HelperConnectAcceptorProps> = ({
       <DescriptionListDescription>
         <List>
           <ListItem>
-            {t('Download the secret:')} <SecretDownloadLink secret={secret} />
+            {t('Download the cert:')} <SecretDownloadLink secret={secret} />
           </ListItem>
+          {isSecuredByToken && (
+            <ListItem>
+              {t(
+                'Your setup requires having a username and password for connecting to the acceptor',
+              )}
+              <Button
+                variant="link"
+                onClick={() =>
+                  window.open(
+                    'ns/' +
+                      cr.metadata.namespace +
+                      '/secrets/' +
+                      cr.spec.deploymentPlan.extraMounts.secrets[0],
+                  )
+                }
+              >
+                {t(
+                  'find one in the extra-users.properties entry of the jaas-config',
+                )}
+              </Button>
+            </ListItem>
+          )}
           <ListItem>
-            {t('Run the command with the secret')} (here in /tmp)
+            {t(
+              'Run the command below (it assumes that the cert is stored in /tmp)',
+            )}
             <CodeBlock
               actions={
                 <CodeBlockAction>
 
@@ -79,8 +79,14 @@ export type ResourceTemplate = {
   };
 };
 
+export type Env = {
+  name: string;
+  value: string;
+};
+
 export type BrokerCR = K8sResourceCommon & {
   spec?: {
+    env?: Env[];
     ingressDomain?: string;
     connectors?: Connector[];
     acceptors?: Acceptor[];
@@ -143,7 +149,9 @@ export type ConfigMapSecretResource = K8sResourceCommon & {
   kind: 'Secret';
   data?: {
     'login.config'?: string;
-    'k8s-roles.properties'?: string;
+    'k8s-users-to-roles-mapping.properties'?: string;
+    'extra-roles.properties'?: string;
+    'extra-users.properties'?: string;
   };
 };
 
 
@@ -13,29 +13,68 @@ describe('test the creation broker reducer', () => {
       payload: true,
     });
     expect(newState.cr.spec.adminUser).toBe(undefined);
+    expect(newState.cr.spec.env[0].name).toBe('JAVA_ARGS_APPEND');
+    expect(newState.cr.spec.env[0].value).toBe('-Dhawtio.realm=token');
     const newState2 = reducer713(newState, {
       operation: ArtemisReducerOperations713.isUsingToken,
       payload: false,
     });
     expect(newState2.cr.spec.adminUser).toBe('admin');
     expect(newState2.cr.spec.deploymentPlan.extraMounts).toBe(undefined);
     expect(newState2.cr.spec.deploymentPlan.podSecurity).toBe(undefined);
+    expect(newState2.cr.spec.env).toBe(undefined);
   });
-  it('test setting jaas config', () => {
+
+  it('test enabling token over an existing env', () => {
     const initialState = newArtemisCR('namespace');
+    initialState.cr.spec.env = [
+      { name: 'JAVA_ARGS_APPEND', value: '-Dtest=true' },
+      { name: 'OTHERPROP', value: 'TEST' },
+    ];
     const newState = reducer713(initialState, {
+      operation: ArtemisReducerOperations713.isUsingToken,
+      payload: true,
+    });
+    expect(newState.cr.spec.adminUser).toBe(undefined);
+    expect(newState.cr.spec.env[0].name).toBe('JAVA_ARGS_APPEND');
+    expect(newState.cr.spec.env[0].value).toBe(
+      '-Dtest=true -Dhawtio.realm=token',
+    );
+    const newState2 = reducer713(newState, {
+      operation: ArtemisReducerOperations713.isUsingToken,
+      payload: false,
+    });
+    expect(newState2.cr.spec.adminUser).toBe('admin');
+    expect(newState2.cr.spec.deploymentPlan.extraMounts).toBe(undefined);
+    expect(newState2.cr.spec.deploymentPlan.podSecurity).toBe(undefined);
+    expect(newState.cr.spec.env[0].name).toBe('JAVA_ARGS_APPEND');
+    expect(newState.cr.spec.env[0].value).toBe('-Dtest=true');
+    expect(newState.cr.spec.env[1].name).toBe('OTHERPROP');
+    expect(newState.cr.spec.env[1].value).toBe('TEST');
+  });
+
+  it('test setting jaas config', () => {
+    const initialState = newArtemisCR('namespace');
+    const newState0 = reducer713(initialState, {
+      operation: ArtemisReducerOperations713.setSecurityRoles,
+      payload: new Map([['securityRoles.test', 'true']]),
+    });
+    const newState = reducer713(newState0, {
       operation: ArtemisReducerOperations713.setJaasExtraConfig,
       payload: 'something',
     });
     expect(newState.cr.spec.deploymentPlan.extraMounts.secrets[0]).toBe(
       'something',
     );
+    expect(newState.cr.spec.brokerProperties.length).toBe(0);
     const newState2 = reducer713(newState, {
       operation: ArtemisReducerOperations713.setJaasExtraConfig,
       payload: undefined,
     });
     expect(newState2.cr.spec.deploymentPlan.extraMounts).toBe(undefined);
+    expect(newState.cr.spec.brokerProperties.length).toBe(0);
   });
+
   it('test setting service account', () => {
     const initialState = newArtemisCR('namespace');
     const newState = reducer713(initialState, {
@@ -51,14 +90,24 @@ describe('test the creation broker reducer', () => {
     });
     expect(newState2.cr.spec.deploymentPlan.podSecurity).toBe(undefined);
   });
+
   it('test resetting to 7.12 after setting 7.13 settings', () => {
     const initialState = newArtemisCR('namespace');
     const newState = reducer713(initialState, {
       operation: ArtemisReducerOperations713.isUsingToken,
       payload: true,
     });
+    // use the setSecurityRoles method to set a security role and also another
+    // generic broker property
+    const newState1 = reducer713(newState, {
+      operation: ArtemisReducerOperations713.setSecurityRoles,
+      payload: new Map([
+        ['something', 'else'],
+        ['securityRoles.test', 'true'],
+      ]),
+    });
     expect(newState.cr.spec.adminUser).toBe(undefined);
-    const newState2 = reducer713(newState, {
+    const newState2 = reducer713(newState1, {
       operation: ArtemisReducerOperations713.setJaasExtraConfig,
       payload: 'something',
     });
@@ -82,6 +131,9 @@ describe('test the creation broker reducer', () => {
     });
     expect(newState5.cr.spec.deploymentPlan.podSecurity).toBe(undefined);
     expect(newState5.cr.spec.deploymentPlan.extraMounts).toBe(undefined);
+    expect(newState5.cr.spec.env).toBe(undefined);
     expect(newState5.cr.spec.adminUser).toBe('admin');
+    expect(newState5.cr.spec.brokerProperties.length).toBe(1);
+    expect(newState5.cr.spec.brokerProperties[0]).toBe('something=else');
   });
 });