Hi,
what is the minimum user acl for the redis user used by icingadb?
Every time i restrict the user to keys in
~icinga:*
~icingadb:*
I get a backtrace that keys are not accessible. I tried running with ~* and dumped the keys and i fail to see keys not in those prefixes:
Dec 20 15:37:17 pax icingadb[15499]: NOPERM No permissions to access a key
can't execute Redis script
github.com/icinga/icingadb/pkg/icingadb/overdue.Sync.sync
github.com/icinga/icingadb/pkg/icingadb/overdue/sync.go:164
github.com/icinga/icingadb/pkg/icingadb/overdue.Sync.Sync.func4
github.com/icinga/icingadb/pkg/icingadb/overdue/sync.go:74
golang.org/x/sync/errgroup.(*Group).Go.func1
golang.org/x/sync@v0.12.0/errgroup/errgroup.go:78
runtime.goexit
runtime/asm_amd64.s:1700
users.acl in redis:
user icingadb >SecurePassword allchannels ~icinga:* ~icingadb:* allcommands on
A feature request would be to log the key which has been tried to access.
Flo