Open kkaarreell opened 1 year ago
This seems like an issue with the user creation rather than with keylime. It seems that now in Postgres 15 you need to give the user permissions to create within the public schema, which was just globally allowed in <15. Or am I missing something?
I believe you are right. The question is how to approach it on keylime side. Either update some docs we have, maybe drop a comment to keylime.conf. Or maybe handle the error a bit nicer. Or do nothing.
In my experience working with databases, from an application standpoint you assume the person knows how to configure the users on their database. If there were special permissions that are needed you would mention them in the docs, but I don't know how special this is. Schema creation is pretty necessary for most applications, but I guess it couldn't hurt to mention in the docs that the db user needs permissions to create tables in the configured database/namespace.
Is your issue a feature request? If so, please raise it as an enhancement
Environment
Description
With pgsql database backend there is a traceback when verifier and registrar start. This is most likely caused by a change introduced in PostgreSQL 15 https://www.cybertec-postgresql.com/en/error-permission-denied-schema-public/
Expected behavior vs. actual behavior
no traceback, verifier starts properly
Steps to reproduce problem
Scenario is automated in e2e test /functional/db-postgresql-sanity-on-localhost it is sufficient to schedule it on Fedora Rawhide (basically any keylime PR tested today through Packit CI will be failing on Rawhide because of it).