How to change Zookeeper node permissions in AMQ Streams ?
Issue
-
We have an AMQStreams environment. We see that in Zookeeper the configured ACLs are
r
for all znodes, except for 3 (consumers, zookeeper and zookeeper/quota), which are open to everything.getAcl /brokers 'sasl,'AMQSTbroker : cdrwa 'world,'anyone : r getAcl /config 'sasl,'AMQSTbroker : cdrwa 'world,'anyone : r getAcl /consumers 'world,'anyone : cdrwa getAcl /zookeeper 'world,'anyone : cdrwa getAcl /zookeeper/quota 'world,'anyone : cdrwa
We have configure SASL authentication with Zookeeper. We need to know if this is an expected behavior, and if it would be possible to limit these ACLs or on the contrary it is a requirement of the application.
All zNodes are set to r (READ) by default, except 3 zNodes, which are set to CDRWA, and opened to 'world' ("/consumers", "/zookeeper", "/zookeeper/quota" ).
Our query comes because we are concerned about the security of the 3 elements with CDRWA permissions, open to modification for everyone.
What we want is to change the permissions from CDRWA to READ if possible, unless it is a requirement of the application itself.
Environment
- Red Hat AMQ Streams
- 1.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.