Set Authorization

Flags

Flag

Type/Options

Default

Description

--authorization-enabled

string

false

Enable authorization configuration

--authorization-policy-data

string

Set authorization policy data

--authorization-policy-file

string

set authorization policy filename

--authorization-url

string url

Set authorization policy loading url

--authorization-auto-reload

int

Set auto reload policy data from url

Examples

Set predefined authorization rules policy where policy.json is json array of access control rules:

kubemqctl create cluster --authorization-enabled --authorization-policy-file ./policy.json

Set authorization web service rules source:

kubemqctl create cluster --authorization-enabled --authorization-url "http://your.url.rules/" --authorization-auto-reload 120

KubeMQ will call "http://your.url.rules" every 120 seconds and pulls the Authorization policy json array

Values

Value

Type/Options

Default

Description

authorization.PolicyData

string

Set Authorization policy data

authorization.url

string url

Set Optional authorization server url for policy data

authorization.autoReload

int

Set auto reload policy data from url

Examples

Set predefined authorization rules policy where policy.json is json array of access control rules:

helm install kubemq-cluster --set-file authorization.policyData=./policy.json kubemq-charts/kubemq

Set authorization web service rules source:

helm install kubemq-cluster --set authorization.url="http://your.url.rules/",authorization.autoReload=120 kubemq-charts/kubemq

Fields

Field

Type/Options

Default

Description

policyData

string

Set Authorization policy data

url

string url

Set Optional authorization server url for policy data

autoReload

int

Set auto reload policy data from url

Examples

Set predefined authorization rules policy where policy.json is json array of access control rules:

Run:

kubectl apply -f {below-yaml-file}

apiVersion: core.k8s.kubemq.io/v1alpha1
kind: KubemqCluster
metadata:
  name: kubemq-cluster
  namesapce: kubemq
  labels:
    app: kubemq-cluster
spec:
  replicas: 3
  authorization:
    policy: |-
      [
         {
            "ClientID":"client-1",
            "Events":true,
            "EventsStore": false,
            "Queues": false,
            "Commands": false,
            "Queries": false,
            "Channel":"foo.bar.1",
            "Read":false,
            "Write": true
         },
         {
            "ClientID":"client-2",
            "Events":true,
            "EventsStore": false,
            "Queues": false,
            "Commands": false,
            "Queries": false,
            "Channel":"foo.bar.2",
            "Read":false,
            "Write": true
         },
      ]

Set authorization web service rules source:

Run:

kubectl apply -f {below-yaml-file}

apiVersion: core.k8s.kubemq.io/v1alpha1
kind: KubemqCluster
metadata:
  name: kubemq-cluster
  namesapce: kubemq
  labels:
    app: kubemq-cluster
spec:
  replicas: 3
  authorization:
    url: "http://your.url.rules/"
    autoReload: 120

Learn Access Control - Authorization Feature

PreviousSet Authentication NextSet Notification

Last updated 4 years ago