CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-08 19:36:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Grant so_telegraf access to partman schema

Browse Source 
Telegraf calls partman.create_parent() on first write of each metric,
which needs USAGE on the partman schema, EXECUTE on its functions and
procedures, and DML on partman.part_config.
This commit is contained in:
Mike Reeves
2026-04-17 15:13:08 -04:00
parent af9330a9dd
commit 927eba566c
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/postgres/telegraf_users.sls
+8
View File
@@ -61,6 +61,14 @@ postgres_telegraf_group_role:
CREATE SCHEMA IF NOT EXISTS partman; CREATE SCHEMA IF NOT EXISTS partman;
CREATE EXTENSION IF NOT EXISTS pg_partman SCHEMA partman; CREATE EXTENSION IF NOT EXISTS pg_partman SCHEMA partman;
CREATE EXTENSION IF NOT EXISTS pg_cron; CREATE EXTENSION IF NOT EXISTS pg_cron;
-- Telegraf (running as so_telegraf) calls partman.create_parent()
-- on first write of each metric, which needs USAGE on the partman
-- schema, EXECUTE on its functions/procedures, and write access to
-- partman.part_config so it can register new partitioned parents.
GRANT USAGE ON SCHEMA partman TO so_telegraf;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA partman TO so_telegraf;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA partman TO so_telegraf;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA partman TO so_telegraf;
-- Hourly partman maintenance. cron.schedule is idempotent by jobname. -- Hourly partman maintenance. cron.schedule is idempotent by jobname.
SELECT cron.schedule( SELECT cron.schedule(
'telegraf-partman-maintenance', 'telegraf-partman-maintenance',