How to change Zookeeper node permissions in AMQ Streams ?

Solution Verified - Updated -

Issue

  • We have an AMQStreams environment. We see that in Zookeeper the configured ACLs are r for all znodes, except for 3 (consumers, zookeeper and zookeeper/quota), which are open to everything.

    getAcl /brokers
    'sasl,'AMQSTbroker
    : cdrwa
    'world,'anyone
    : r
    getAcl /config
    'sasl,'AMQSTbroker
    : cdrwa
    'world,'anyone
    : r
    getAcl /consumers
    'world,'anyone
    : cdrwa
    getAcl /zookeeper
    'world,'anyone
    : cdrwa
    getAcl /zookeeper/quota
    'world,'anyone
    : cdrwa
    

We have configure SASL authentication with Zookeeper. We need to know if this is an expected behavior, and if it would be possible to limit these ACLs or on the contrary it is a requirement of the application.
All zNodes are set to r (READ) by default, except 3 zNodes, which are set to CDRWA, and opened to 'world' ("/consumers", "/zookeeper", "/zookeeper/quota" ).
Our query comes because we are concerned about the security of the 3 elements with CDRWA permissions, open to modification for everyone.
What we want is to change the permissions from CDRWA to READ if possible, unless it is a requirement of the application itself.

Environment

  • Red Hat AMQ Streams
    • 1.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content