Permission denied for database during migration

patrick-GH commented 7 months ago

Describe your question/ trying to upgrade authentik to the current version, however during the db migration I get django.db.utils.ProgrammingError: permission denied for database authentikdb

I tried adding the following permissions found in another thread:

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO authentik_test_user; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO authentik_test_user; GRANT CREATE ON SCHEMA public TO authentik_test_user;

I've verified the login for my db user works, however after getting the permission denied the authentik container just stops.

Relevant info authentik: 2024.2.1 postgresql: 12.18

Logs Not sure if this is the start of it:

=== Starting migration
Operations to perform:
  Apply all migrations: auth, authentik_blueprints, authentik_brands, authentik_core, authentik_crypto, authentik_enterprise, authentik_events, authentik_flows, authentik_outposts, authentik_policies, authentik_policies_dummy, authentik_policies_event_matcher, authentik_policies_expiry, authentik_policies_expression, authentik_policies_password, authentik_policies_reputation, authentik_providers_ldap, authentik_providers_oauth2, authentik_providers_proxy, authentik_providers_rac, authentik_providers_radius, authentik_providers_saml, authentik_providers_scim, authentik_rbac, authentik_sources_ldap, authentik_sources_oauth, authentik_sources_plex, authentik_sources_saml, authentik_stages_authenticator_duo, authentik_stages_authenticator_sms, authentik_stages_authenticator_static, authentik_stages_authenticator_totp, authentik_stages_authenticator_validate, authentik_stages_authenticator_webauthn, authentik_stages_captcha, authentik_stages_consent, authentik_stages_deny, authentik_stages_dummy, authentik_stages_email, authentik_stages_identification, authentik_stages_invitation, authentik_stages_password, authentik_stages_prompt, authentik_stages_user_delete, authentik_stages_user_login, authentik_stages_user_logout, authentik_stages_user_write, authentik_tenants, contenttypes, guardian, sessions
Running migrations:
  Applying authentik_tenants.0001_initial...
Traceback (most recent call last):
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 103, in _execute
    return self.cursor.execute(sql)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 69, in execute
    return super().execute(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/psycopg/cursor.py", line 732, in execute
    raise ex.with_traceback(None)
psycopg.errors.InsufficientPrivilege: permission denied for database authentikdb

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/lifecycle/migrate.py", line 112, in <module>
    execute_from_command_line(["", "migrate_schemas"])
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/__init__.py", line 436, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/base.py", line 413, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/base.py", line 459, in execute
    output = self.handle(*args, **options)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/management/commands/migrate_schemas.py", line 63, in handle
    executor.run_migrations(tenants=[self.PUBLIC_SCHEMA_NAME])
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/migration_executors/standard.py", line 11, in run_migrations
    run_migrations(self.args, self.options, self.codename, self.PUBLIC_SCHEMA_NAME)
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/migration_executors/base.py", line 59, in run_migrations
    migrate_command_class(stdout=stdout, stderr=stderr).execute(*args, **options)
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/base.py", line 459, in execute
    output = self.handle(*args, **options)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/base.py", line 107, in wrapper
    res = handle_func(*args, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/commands/migrate.py", line 356, in handle
    post_migrate_state = executor.migrate(
                         ^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/executor.py", line 135, in migrate
    state = self._migrate_all_forwards(
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/executor.py", line 167, in _migrate_all_forwards
    state = self.apply_migration(
            ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/executor.py", line 252, in apply_migration
    state = migration.apply(state, schema_editor)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/migration.py", line 132, in apply
    operation.database_forwards(
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/operations/special.py", line 106, in database_forwards
    self._run_sql(schema_editor, self.sql)
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/operations/special.py", line 133, in _run_sql
    schema_editor.execute(statement, params=None)
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/postgresql/schema.py", line 45, in execute
    return super().execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/schema.py", line 201, in execute
    cursor.execute(sql, params)
  File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/integrations/django/__init__.py", line 641, in execute
    result = real_execute(self, sql, params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 79, in execute
    return self._execute_with_wrappers(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 92, in _execute_with_wrappers
    return executor(sql, params, many, context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 100, in _execute
    with self.db.wrap_database_errors:
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 103, in _execute
    return self.cursor.execute(sql)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 69, in execute
    return super().execute(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/psycopg/cursor.py", line 732, in execute
    raise ex.with_traceback(None)
django.db.utils.ProgrammingError: permission denied for database authentikdb

Version and Deployment (please complete the following information):

authentik: 2024.2.1
postgresql: 12.18
Deployment: unraid docker

Additional context Add any other context about the problem here.

rissson commented 7 months ago

Could you provide the following from psql: \d, \dn, \l (only the authentik line)

patrick-GH commented 7 months ago

Didn't realize the rest of the data didn't get added

authentikdb=# \d
                                        List of relations
 Schema |                              Name                               |   Type   |   Owner   
--------+-----------------------------------------------------------------+----------+-----------
 public | auth_group                                                      | table    | authentik
 public | auth_group_id_seq                                               | sequence | authentik
 public | auth_group_permissions                                          | table    | authentik
 public | auth_group_permissions_id_seq                                   | sequence | authentik
 public | auth_permission                                                 | table    | authentik
 public | auth_permission_id_seq                                          | sequence | authentik
 public | authentik_blueprints_blueprintinstance                          | table    | authentik
 public | authentik_brands_brand                                          | table    | authentik
 public | authentik_core_application                                      | table    | authentik
 public | authentik_core_authenticatedsession                             | table    | authentik
 public | authentik_core_group                                            | table    | authentik
 public | authentik_core_group_roles                                      | table    | authentik
 public | authentik_core_group_roles_id_seq                               | sequence | authentik
 public | authentik_core_propertymapping                                  | table    | authentik
 public | authentik_core_provider                                         | table    | authentik
 public | authentik_core_provider_id_seq                                  | sequence | authentik
 public | authentik_core_provider_property_mappings                       | table    | authentik
 public | authentik_core_provider_property_mappings_id_seq                | sequence | authentik
 public | authentik_core_source                                           | table    | authentik
 public | authentik_core_source_property_mappings                         | table    | authentik
 public | authentik_core_source_property_mappings_id_seq                  | sequence | authentik
 public | authentik_core_token                                            | table    | authentik
 public | authentik_core_user                                             | table    | authentik
 public | authentik_core_user_ak_groups                                   | table    | authentik
 public | authentik_core_user_groups                                      | table    | authentik
 public | authentik_core_user_groups_id_seq                               | sequence | authentik
 public | authentik_core_user_id_seq                                      | sequence | authentik
 public | authentik_core_user_pb_groups_id_seq                            | sequence | authentik
 public | authentik_core_user_user_permissions                            | table    | authentik
 public | authentik_core_user_user_permissions_id_seq                     | sequence | authentik
 public | authentik_core_usersourceconnection                             | table    | authentik
 public | authentik_core_usersourceconnection_id_seq                      | sequence | authentik
 public | authentik_crypto_certificatekeypair                             | table    | authentik
 public | authentik_enterprise_license                                    | table    | authentik
 public | authentik_enterprise_licenseusage                               | table    | authentik
 public | authentik_events_event                                          | table    | authentik
 public | authentik_events_notification                                   | table    | authentik
 public | authentik_events_notificationrule                               | table    | authentik
 public | authentik_events_notificationrule_transports                    | table    | authentik
 public | authentik_events_notificationrule_transports_id_seq             | sequence | authentik
 public | authentik_events_notificationtransport                          | table    | authentik
 public | authentik_events_notificationwebhookmapping                     | table    | authentik
 public | authentik_events_systemtask                                     | table    | authentik
 public | authentik_flows_flow                                            | table    | authentik
 public | authentik_flows_flowstagebinding                                | table    | authentik
 public | authentik_flows_flowtoken                                       | table    | authentik
 public | authentik_flows_stage                                           | table    | authentik
 public | authentik_install_id                                            | table    | authentik
 public | authentik_outposts_dockerserviceconnection                      | table    | authentik
 public | authentik_outposts_kubernetesserviceconnection                  | table    | authentik
 public | authentik_outposts_outpost                                      | table    | authentik
 public | authentik_outposts_outpost_providers                            | table    | authentik
 public | authentik_outposts_outpost_providers_id_seq                     | sequence | authentik
 public | authentik_outposts_outpostserviceconnection                     | table    | authentik
 public | authentik_policies_dummy_dummypolicy                            | table    | authentik
 public | authentik_policies_event_matcher_eventmatcherpolicy             | table    | authentik
 public | authentik_policies_expiry_passwordexpirypolicy                  | table    | authentik
 public | authentik_policies_expression_expressionpolicy                  | table    | authentik
 public | authentik_policies_password_passwordpolicy                      | table    | authentik
 public | authentik_policies_policy                                       | table    | authentik
 public | authentik_policies_policybinding                                | table    | authentik
 public | authentik_policies_policybindingmodel                           | table    | authentik
 public | authentik_policies_reputation_reputation                        | table    | authentik
 public | authentik_policies_reputation_reputationpolicy                  | table    | authentik
 public | authentik_providers_ldap_ldapprovider                           | table    | authentik
 public | authentik_providers_oauth2_accesstoken                          | table    | authentik
 public | authentik_providers_oauth2_accesstoken_id_seq                   | sequence | authentik
 public | authentik_providers_oauth2_authorizationcode                    | table    | authentik
 public | authentik_providers_oauth2_authorizationcode_id_seq             | sequence | authentik
 public | authentik_providers_oauth2_devicetoken                          | table    | authentik
 public | authentik_providers_oauth2_devicetoken_id_seq                   | sequence | authentik
 public | authentik_providers_oauth2_oauth2provider                       | table    | authentik
 public | authentik_providers_oauth2_oauth2provider_jwks_sources          | table    | authentik
 public | authentik_providers_oauth2_oauth2provider_jwks_sources_id_seq   | sequence | authentik
 public | authentik_providers_oauth2_refreshtoken                         | table    | authentik
 public | authentik_providers_oauth2_refreshtoken_id_seq                  | sequence | authentik
 public | authentik_providers_oauth2_scopemapping                         | table    | authentik
 public | authentik_providers_proxy_proxyprovider                         | table    | authentik
 public | authentik_providers_rac_connectiontoken                         | table    | authentik
 public | authentik_providers_rac_endpoint                                | table    | authentik
 public | authentik_providers_rac_endpoint_property_mappings              | table    | authentik
 public | authentik_providers_rac_endpoint_property_mappings_id_seq       | sequence | authentik
 public | authentik_providers_rac_racpropertymapping                      | table    | authentik
 public | authentik_providers_rac_racprovider                             | table    | authentik
 public | authentik_providers_radius_radiusprovider                       | table    | authentik
 public | authentik_providers_saml_samlpropertymapping                    | table    | authentik
 public | authentik_providers_saml_samlprovider                           | table    | authentik
 public | authentik_providers_scim_scimgroup                              | table    | authentik
 public | authentik_providers_scim_scimmapping                            | table    | authentik
 public | authentik_providers_scim_scimprovider                           | table    | authentik
 public | authentik_providers_scim_scimprovider_property_mappings__id_seq | sequence | authentik
 public | authentik_providers_scim_scimprovider_property_mappings_group   | table    | authentik
 public | authentik_providers_scim_scimuser                               | table    | authentik
 public | authentik_rbac_role                                             | table    | authentik
 public | authentik_sources_ldap_ldappropertymapping                      | table    | authentik
 public | authentik_sources_ldap_ldapsource                               | table    | authentik
 public | authentik_sources_ldap_ldapsource_property_mappings_grou_id_seq | sequence | authentik
 public | authentik_sources_ldap_ldapsource_property_mappings_group       | table    | authentik
 public | authentik_sources_oauth_oauthsource                             | table    | authentik
 public | authentik_sources_oauth_useroauthsourceconnection               | table    | authentik
 public | authentik_sources_plex_plexsource                               | table    | authentik
 public | authentik_sources_plex_plexsourceconnection                     | table    | authentik
 public | authentik_sources_saml_samlsource                               | table    | authentik
 public | authentik_sources_saml_usersamlsourceconnection                 | table    | authentik
 public | authentik_stages_authenticator_duo_authenticatorduostage        | table    | authentik
 public | authentik_stages_authenticator_duo_duodevice                    | table    | authentik
 public | authentik_stages_authenticator_duo_duodevice_id_seq             | sequence | authentik
 public | authentik_stages_authenticator_sms_authenticatorsmsstage        | table    | authentik
 public | authentik_stages_authenticator_sms_smsdevice                    | table    | authentik
 public | authentik_stages_authenticator_sms_smsdevice_id_seq             | sequence | authentik
 public | authentik_stages_authenticator_static_authenticatorstaticstage  | table    | authentik
 public | authentik_stages_authenticator_static_staticdevice              | table    | authentik
 public | authentik_stages_authenticator_static_staticdevice_id_seq       | sequence | authentik
 public | authentik_stages_authenticator_static_statictoken               | table    | authentik
 public | authentik_stages_authenticator_static_statictoken_id_seq        | sequence | authentik
 public | authentik_stages_authenticator_totp_authenticatortotpstage      | table    | authentik
 public | authentik_stages_authenticator_totp_totpdevice                  | table    | authentik
 public | authentik_stages_authenticator_totp_totpdevice_id_seq           | sequence | authentik
 public | authentik_stages_authenticator_validate_authenticatorval_id_seq | sequence | authentik
 public | authentik_stages_authenticator_validate_authenticatorvalida3e25 | table    | authentik
 public | authentik_stages_authenticator_validate_authenticatorvalida499c | table    | authentik
 public | authentik_stages_authenticator_webauthn_authenticatewebauth4bbe | table    | authentik
 public | authentik_stages_authenticator_webauthn_webauthndevice          | table    | authentik
 public | authentik_stages_authenticator_webauthn_webauthndevice_id_seq   | sequence | authentik
 public | authentik_stages_captcha_captchastage                           | table    | authentik
 public | authentik_stages_consent_consentstage                           | table    | authentik
 public | authentik_stages_consent_userconsent                            | table    | authentik
 public | authentik_stages_consent_userconsent_id_seq                     | sequence | authentik
 public | authentik_stages_deny_denystage                                 | table    | authentik
 public | authentik_stages_dummy_dummystage                               | table    | authentik
 public | authentik_stages_email_emailstage                               | table    | authentik
 public | authentik_stages_identification_identificationstage             | table    | authentik
 public | authentik_stages_identification_identificationstage_sour_id_seq | sequence | authentik
 public | authentik_stages_identification_identificationstage_sources     | table    | authentik
 public | authentik_stages_invitation_invitation                          | table    | authentik
 public | authentik_stages_invitation_invitationstage                     | table    | authentik
 public | authentik_stages_password_passwordstage                         | table    | authentik
 public | authentik_stages_prompt_prompt                                  | table    | authentik
 public | authentik_stages_prompt_promptstage                             | table    | authentik
 public | authentik_stages_prompt_promptstage_fields                      | table    | authentik
 public | authentik_stages_prompt_promptstage_fields_id_seq               | sequence | authentik
 public | authentik_stages_prompt_promptstage_validation_policies         | table    | authentik
 public | authentik_stages_prompt_promptstage_validation_policies_id_seq  | sequence | authentik
 public | authentik_stages_user_delete_userdeletestage                    | table    | authentik
 public | authentik_stages_user_login_userloginstage                      | table    | authentik
 public | authentik_stages_user_logout_userlogoutstage                    | table    | authentik
 public | authentik_stages_user_write_userwritestage                      | table    | authentik
 public | django_content_type                                             | table    | authentik
 public | django_content_type_id_seq                                      | sequence | authentik
 public | django_migrations                                               | table    | authentik
 public | django_migrations_id_seq                                        | sequence | authentik
 public | django_session                                                  | table    | authentik
 public | guardian_groupobjectpermission                                  | table    | authentik
 public | guardian_groupobjectpermission_id_seq                           | sequence | authentik
 public | guardian_userobjectpermission                                   | table    | authentik
 public | guardian_userobjectpermission_id_seq                            | sequence | authentik
(156 rows)

authentikdb=# \dn
List of schemas
  Name  | Owner 
--------+-------
 public | admin
(1 row)

  Name     | Owner | Encoding |  Collate   |   Ctype    | Access privileges 
-------------+-------+----------+------------+------------+-------------------
authentikdb | admin | UTF8     | en_US.utf8 | en_US.utf8 | =Tc/admin        +
             |       |          |            |            | admin=CTc/admin  +
             |       |          |            |            | authentik=c/admin

stefan-matic commented 7 months ago

Experiencing the same problem on my unraid after updating to 2024.2.1 PostgreSQL v15.6

It looks to be related to the breaking change of renaming tenants to brands.

authentik=# \d
                                        List of relations
 Schema |                              Name                               |   Type   |   Owner   
--------+-----------------------------------------------------------------+----------+-----------
 public | auth_group                                                      | table    | authentik
 public | auth_group_id_seq                                               | sequence | authentik
 public | auth_group_permissions                                          | table    | authentik
 public | auth_group_permissions_id_seq                                   | sequence | authentik
 public | auth_permission                                                 | table    | authentik
 public | auth_permission_id_seq                                          | sequence | authentik
 public | authentik_blueprints_blueprintinstance                          | table    | authentik
 public | authentik_brands_brand                                          | table    | authentik
 public | authentik_core_application                                      | table    | authentik
 public | authentik_core_authenticatedsession                             | table    | authentik
 public | authentik_core_group                                            | table    | authentik
 public | authentik_core_group_roles                                      | table    | authentik
 public | authentik_core_group_roles_id_seq                               | sequence | authentik
 public | authentik_core_propertymapping                                  | table    | authentik
 public | authentik_core_provider                                         | table    | authentik
 public | authentik_core_provider_id_seq                                  | sequence | authentik
 public | authentik_core_provider_property_mappings                       | table    | authentik
 public | authentik_core_provider_property_mappings_id_seq                | sequence | authentik
 public | authentik_core_source                                           | table    | authentik
 public | authentik_core_source_property_mappings                         | table    | authentik
 public | authentik_core_source_property_mappings_id_seq                  | sequence | authentik
 public | authentik_core_token                                            | table    | authentik
 public | authentik_core_user                                             | table    | authentik
 public | authentik_core_user_ak_groups                                   | table    | authentik
 public | authentik_core_user_groups                                      | table    | authentik
 public | authentik_core_user_groups_id_seq                               | sequence | authentik
 public | authentik_core_user_id_seq                                      | sequence | authentik
 public | authentik_core_user_pb_groups_id_seq                            | sequence | authentik
 public | authentik_core_user_user_permissions                            | table    | authentik
 public | authentik_core_user_user_permissions_id_seq                     | sequence | authentik
 public | authentik_core_usersourceconnection                             | table    | authentik
 public | authentik_core_usersourceconnection_id_seq                      | sequence | authentik
 public | authentik_crypto_certificatekeypair                             | table    | authentik
 public | authentik_enterprise_license                                    | table    | authentik
 public | authentik_enterprise_licenseusage                               | table    | authentik
 public | authentik_events_event                                          | table    | authentik
 public | authentik_events_notification                                   | table    | authentik
 public | authentik_events_notificationrule                               | table    | authentik
 public | authentik_events_notificationrule_transports                    | table    | authentik
 public | authentik_events_notificationrule_transports_id_seq             | sequence | authentik
 public | authentik_events_notificationtransport                          | table    | authentik
 public | authentik_events_notificationwebhookmapping                     | table    | authentik
 public | authentik_events_systemtask                                     | table    | authentik
 public | authentik_flows_flow                                            | table    | authentik
 public | authentik_flows_flowstagebinding                                | table    | authentik
 public | authentik_flows_flowtoken                                       | table    | authentik
 public | authentik_flows_stage                                           | table    | authentik
 public | authentik_install_id                                            | table    | authentik
 public | authentik_outposts_dockerserviceconnection                      | table    | authentik
 public | authentik_outposts_kubernetesserviceconnection                  | table    | authentik
 public | authentik_outposts_outpost                                      | table    | authentik
 public | authentik_outposts_outpost_providers                            | table    | authentik
 public | authentik_outposts_outpost_providers_id_seq                     | sequence | authentik
 public | authentik_outposts_outpostserviceconnection                     | table    | authentik
 public | authentik_policies_dummy_dummypolicy                            | table    | authentik
 public | authentik_policies_event_matcher_eventmatcherpolicy             | table    | authentik
 public | authentik_policies_expiry_passwordexpirypolicy                  | table    | authentik
 public | authentik_policies_expression_expressionpolicy                  | table    | authentik
 public | authentik_policies_password_passwordpolicy                      | table    | authentik
 public | authentik_policies_policy                                       | table    | authentik
 public | authentik_policies_policybinding                                | table    | authentik
 public | authentik_policies_policybindingmodel                           | table    | authentik
 public | authentik_policies_reputation_reputation                        | table    | authentik
 public | authentik_policies_reputation_reputationpolicy                  | table    | authentik
 public | authentik_providers_ldap_ldapprovider                           | table    | authentik
 public | authentik_providers_oauth2_accesstoken                          | table    | authentik
 public | authentik_providers_oauth2_accesstoken_id_seq                   | sequence | authentik
 public | authentik_providers_oauth2_authorizationcode                    | table    | authentik
 public | authentik_providers_oauth2_authorizationcode_id_seq             | sequence | authentik
 public | authentik_providers_oauth2_devicetoken                          | table    | authentik
 public | authentik_providers_oauth2_devicetoken_id_seq                   | sequence | authentik
 public | authentik_providers_oauth2_oauth2provider                       | table    | authentik
 public | authentik_providers_oauth2_oauth2provider_jwks_sources          | table    | authentik
 public | authentik_providers_oauth2_oauth2provider_jwks_sources_id_seq   | sequence | authentik
 public | authentik_providers_oauth2_refreshtoken                         | table    | authentik
 public | authentik_providers_oauth2_refreshtoken_id_seq                  | sequence | authentik
 public | authentik_providers_oauth2_scopemapping                         | table    | authentik
 public | authentik_providers_proxy_proxyprovider                         | table    | authentik
 public | authentik_providers_rac_connectiontoken                         | table    | authentik
 public | authentik_providers_rac_endpoint                                | table    | authentik
 public | authentik_providers_rac_endpoint_property_mappings              | table    | authentik
 public | authentik_providers_rac_endpoint_property_mappings_id_seq       | sequence | authentik
 public | authentik_providers_rac_racpropertymapping                      | table    | authentik
 public | authentik_providers_rac_racprovider                             | table    | authentik
 public | authentik_providers_radius_radiusprovider                       | table    | authentik
 public | authentik_providers_saml_samlpropertymapping                    | table    | authentik
 public | authentik_providers_saml_samlprovider                           | table    | authentik
 public | authentik_providers_scim_scimgroup                              | table    | authentik
 public | authentik_providers_scim_scimmapping                            | table    | authentik
 public | authentik_providers_scim_scimprovider                           | table    | authentik
 public | authentik_providers_scim_scimprovider_property_mappings__id_seq | sequence | authentik
 public | authentik_providers_scim_scimprovider_property_mappings_group   | table    | authentik
 public | authentik_providers_scim_scimuser                               | table    | authentik
 public | authentik_rbac_role                                             | table    | authentik
 public | authentik_sources_ldap_ldappropertymapping                      | table    | authentik
 public | authentik_sources_ldap_ldapsource                               | table    | authentik
 public | authentik_sources_ldap_ldapsource_property_mappings_grou_id_seq | sequence | authentik
 public | authentik_sources_ldap_ldapsource_property_mappings_group       | table    | authentik
 public | authentik_sources_oauth_oauthsource                             | table    | authentik
 public | authentik_sources_oauth_useroauthsourceconnection               | table    | authentik
 public | authentik_sources_plex_plexsource                               | table    | authentik
 public | authentik_sources_plex_plexsourceconnection                     | table    | authentik
 public | authentik_sources_saml_samlsource                               | table    | authentik
 public | authentik_sources_saml_usersamlsourceconnection                 | table    | authentik
 public | authentik_stages_authenticator_duo_authenticatorduostage        | table    | authentik
 public | authentik_stages_authenticator_duo_duodevice                    | table    | authentik
 public | authentik_stages_authenticator_duo_duodevice_id_seq             | sequence | authentik
 public | authentik_stages_authenticator_sms_authenticatorsmsstage        | table    | authentik
 public | authentik_stages_authenticator_sms_smsdevice                    | table    | authentik
 public | authentik_stages_authenticator_sms_smsdevice_id_seq             | sequence | authentik
 public | authentik_stages_authenticator_static_authenticatorstaticstage  | table    | authentik
 public | authentik_stages_authenticator_static_staticdevice              | table    | authentik
 public | authentik_stages_authenticator_static_staticdevice_id_seq       | sequence | authentik
 public | authentik_stages_authenticator_static_statictoken               | table    | authentik
 public | authentik_stages_authenticator_static_statictoken_id_seq        | sequence | authentik
 public | authentik_stages_authenticator_totp_authenticatortotpstage      | table    | authentik
 public | authentik_stages_authenticator_totp_totpdevice                  | table    | authentik
 public | authentik_stages_authenticator_totp_totpdevice_id_seq           | sequence | authentik
 public | authentik_stages_authenticator_validate_authenticatorval_id_seq | sequence | authentik
 public | authentik_stages_authenticator_validate_authenticatorvalida3e25 | table    | authentik
 public | authentik_stages_authenticator_validate_authenticatorvalida499c | table    | authentik
 public | authentik_stages_authenticator_webauthn_authenticatewebauth4bbe | table    | authentik
 public | authentik_stages_authenticator_webauthn_webauthndevice          | table    | authentik
 public | authentik_stages_authenticator_webauthn_webauthndevice_id_seq   | sequence | authentik
 public | authentik_stages_captcha_captchastage                           | table    | authentik
 public | authentik_stages_consent_consentstage                           | table    | authentik
 public | authentik_stages_consent_userconsent                            | table    | authentik
 public | authentik_stages_consent_userconsent_id_seq                     | sequence | authentik
 public | authentik_stages_deny_denystage                                 | table    | authentik
 public | authentik_stages_dummy_dummystage                               | table    | authentik
 public | authentik_stages_email_emailstage                               | table    | authentik
 public | authentik_stages_identification_identificationstage             | table    | authentik
 public | authentik_stages_identification_identificationstage_sour_id_seq | sequence | authentik
 public | authentik_stages_identification_identificationstage_sources     | table    | authentik
 public | authentik_stages_invitation_invitation                          | table    | authentik
 public | authentik_stages_invitation_invitationstage                     | table    | authentik
 public | authentik_stages_password_passwordstage                         | table    | authentik
 public | authentik_stages_prompt_prompt                                  | table    | authentik
 public | authentik_stages_prompt_promptstage                             | table    | authentik
 public | authentik_stages_prompt_promptstage_fields                      | table    | authentik
 public | authentik_stages_prompt_promptstage_fields_id_seq               | sequence | authentik
 public | authentik_stages_prompt_promptstage_validation_policies         | table    | authentik
 public | authentik_stages_prompt_promptstage_validation_policies_id_seq  | sequence | authentik
 public | authentik_stages_user_delete_userdeletestage                    | table    | authentik
 public | authentik_stages_user_login_userloginstage                      | table    | authentik
 public | authentik_stages_user_logout_userlogoutstage                    | table    | authentik
 public | authentik_stages_user_write_userwritestage                      | table    | authentik
 public | django_content_type                                             | table    | authentik
 public | django_content_type_id_seq                                      | sequence | authentik
 public | django_migrations                                               | table    | authentik
 public | django_migrations_id_seq                                        | sequence | authentik
 public | django_session                                                  | table    | authentik
 public | guardian_groupobjectpermission                                  | table    | authentik
 public | guardian_groupobjectpermission_id_seq                           | sequence | authentik
 public | guardian_userobjectpermission                                   | table    | authentik
 public | guardian_userobjectpermission_id_seq                            | sequence | authentik
(156 rows)

authentik=# \dn
      List of schemas
  Name  |       Owner       
--------+-------------------
 public | pg_database_owner
(1 row)

authentik=# \l
                                                  List of databases
   Name    |   Owner   | Encoding |  Collate   |   Ctype    | ICU Locale | Locale Provider |    Access privileges    
-----------+-----------+----------+------------+------------+------------+-----------------+-------------------------
 authentik | matic_dba | UTF8     | en_US.utf8 | en_US.utf8 |            | libc            |

rissson commented 7 months ago

It seems that the user authentik is using to connect to Postgres does not have permissions to create/update schemas. I recommend you make it owner of the database.

stefan-matic commented 7 months ago

@rissson Thank you, it seems that fixed it.

ALTER DATABASE authentik OWNER TO authentik;

goauthentik / authentik

Permission denied for database during migration #8760