search

voxpupuli / crafty

CRAFTY - Containerized Resources And Funky Tools (in) YAML
GNU Affero General Public License v3.0
9 stars 5 forks source link

Postgres user puppetdb has too many privileges #60

Open Heap0017 opened 1 month ago

Heap0017 commented 1 month ago

From the puppetdb logs:

ERROR [p.p.c.services] The read-database user is not configured properly because it has privileges other than SELECT on the puppetdb tables
ERROR [p.p.c.services] The read-database user is not configured properly because it has ownership of tables
ERROR [p.p.c.services] The read-database user is not configured properly because it is a superuser

I believe we should crete user puppetdb (and potentially another, dedicated read-user) on startup (initdb) with appropriate limited privileges. See also https://www.puppet.com/docs/puppetdb/7/configure_postgres.html#using-ssl-with-postgresql.

bastelfreak commented 1 month ago

@Heap0017 thanks for raising the issue! Are you able to provide a patch for this?

Heap0017 commented 1 month ago

@bastelfreak I tried to fix it but couldn't manage to. I cannot promise to provide a patch.

rwaffen commented 1 month ago

hmm i think this pays into #49 ... have to put more time into this 😅

Heap0017 commented 1 month ago

@rwaffen I don't see how these issues are related. System user and postgres user should be distinct concepts.

rwaffen commented 1 month ago

oh than i got confused, sry.

thought system and db users are created together in most case. but i'm not so used to postgres.