voxpupuli / container-puppetdb

Container image for PuppetDB
Apache License 2.0
9 stars 10 forks source link

read user has to many rights #43

Open tuxmea opened 7 months ago

tuxmea commented 7 months ago

Spinning up a PuppetDB container configures a single DB user only. PuppetDB can make use of write and read user. When not setting a read user, the permissions are to open.

Solution: configure read-user for PuppetDB.

# /etc/puppetlabs/puppetdb/conf.d/read_database.ini
[read-database]
username = puppetdb-read
password = puppetdb-read
classname = org.postgresql.Driver
subprotocol = postgresql
syntax_pgs = true
subname = //localhost:5432/puppetdb
log-slow-statements = 10
conn-max-age = 60
conn-keep-alive = 45
conn-lifetime = 0

Attn: PuppetDB container uses .conf for database and config instead of ini files