(maint) Add read-only user.#330
Conversation
puppetdb::database::postgresql is a classthat may have no external impact to Forge modules. This module is declared in 33 of 576 indexed public
|
Filipovici-Andrei
force-pushed
the
(maint)_add_user
branch
15 times, most recently
from
9da226b to
9d6dc8f
Compare
Filipovici-Andrei
force-pushed
the
(maint)_add_user
branch
11 times, most recently
from
ce40382 to
f7b7923
Compare
Filipovici-Andrei
force-pushed
the
(maint)_add_user
branch
from
f7b7923 to
f2fe8ed
Compare
| #### `read_database_username` | ||
|
|
||
| The name of the read database user to connect as. Defaults to `puppetdb`. This | ||
| The name of the read database user to connect as. Defaults to `puppetdb-read`. This |
There was a problem hiding this comment.
Does this always default to puppetdb-read? If managed is set to false will it still default to puppetdb-read or will it default to database_username?
There was a problem hiding this comment.
This always defaults to puppetdb-read
| #### `read_database_password` | ||
|
|
||
| The password for the read database user. Defaults to `puppetdb`. This option is | ||
| The password for the read database user. Defaults to `puppetdb-read`. This option is |
There was a problem hiding this comment.
Yes, this will also default to puppetdb-read as well.
Filipovici-Andrei
force-pushed
the
(maint)_add_user
branch
from
7b651fa to
1dc0660
Compare
Filipovici-Andrei
force-pushed
the
(maint)_add_user
branch
from
1dc0660 to
e15fe50
Compare
| { | ||
| database_name: 'puppetdb', | ||
| read_database_username: 'puppetdb-read', | ||
| create_read_user_rule: true, |
There was a problem hiding this comment.
I added the comma here to appease rubocop.
|
FWIW, I think this should have been labelled as a breaking change, not just a feature. If you weren't managing postgresql with this module, the change in puppetdb configuration stops puppetdb from starting (my case). |
puppetlabs#330 uses the namespaced `postgresql::postgresql_password` function that wasn't available until 6.5.0. (Even before that PR, I doubt this module worked with puppetlabs/postgresql 4.0.0 released in 2014).
|
I wonder if anyone is running into the following error? Error: /Stage[main]/Puppetdb::Database::Postgresql/Puppetdb::Database::Read_only_user[puppetdb-read]/Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read]/Postgresql_psql[grant default select permission for puppetdb-read]: Could not evaluate: Error evaluating 'unless' clause, returned pid 22961 exit 2: 'sh: 8: Syntax error: Unterminated quoted string Looks like there are mismatch quotes in the code. I've also opened up a ticket in puppet https://tickets.puppetlabs.com/browse/MODULES-11204, as "Issues" is not enabled for this repo in Github. |
puppetdb in default config tries to create a read-only user, however there is a bug[1] with the syntax to create a user. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment)
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment)
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Change-Id: Ifeb89602c40c21dab747536fe74dca4457215b26
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Change-Id: Ifeb89602c40c21dab747536fe74dca4457215b26
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Co-authored-by: Romain Tartière <romain@blogreen.org> Signed-off-by: Jake Yip <jake.yip@ardc.edu.au>
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Co-authored-by: Romain Tartière <romain@blogreen.org> Signed-off-by: Jake Yip <jake.yip@ardc.edu.au>
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Co-authored-by: Romain Tartière <romain@blogreen.org> Signed-off-by: Jake Yip <jake.yip@ardc.edu.au>
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Co-authored-by: Romain Tartière <romain@blogreen.org> Signed-off-by: Jake Yip <jake.yip@ardc.edu.au>
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Co-authored-by: Romain Tartière <romain@blogreen.org> Signed-off-by: Jake Yip <jake.yip@ardc.edu.au>
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] puppetlabs#330 (comment) [2] puppetlabs#339 (comment) Co-authored-by: Romain Tartière <romain@blogreen.org> Signed-off-by: Jake Yip <jake.yip@ardc.edu.au>
5 participants
There used to be only one user (puppetdb) which was used for all operations on the database.
This PR adds a read only user in PostgreSQL which will be used only for queries.