Actions
Bug #2828
closedOn Rudder 2.4.0~beta3, in distributePolicy/1.0/passwordCheck.st it seems that postgresql credentials are hardcoded
Status:
Rejected
Priority:
1 (highest)
Assignee:
Nicolas PERRON
Category:
System techniques
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
distributePolicy/1.0/passwordCheck.st is a CFEngine promise which permit to check that LDAP, PostgreSQL and WebDAV passwords are correct. Nevertheless, it seems that the test about PostgreSQL use hardcoded credentials:
"psql_cant_connect" not => returnszero("/usr/bin/psql --host localhost --username rudder --dbname rudder --quiet --output /dev/null --command 'select id from ruddersysevents limit 1'","noshell");
If I only change Postgresql User (in /opt/rudder/etc):
RUDDER_PSQL_USER:churk_norris
No change is made, since the wrong user (rudder) is checked:
# /var/rudder/cfengine-community/bin/cf-agent -KI -b root_password_check_psql !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58 !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/distributePolicy/1.0/passwordCheck.cf at/before line 295 >> Using command line specified bundlesequence R: @@DistributePolicy@@result_success@@root-DP@@root-distributePolicy@@21@@distributePolicy@@None@@2012-08-20 14:51:16+02:00##root@#The Rudder Webapp configuration files are OK (checked SQL password) R: @@DistributePolicy@@result_success@@root-DP@@root-distributePolicy@@21@@distributePolicy@@None@@2012-08-20 14:51:16+02:00##root@#The Rudder PostgreSQL user account's password is correct and works
Actions