Required ".initialized" key in external etcd gives sensu user access to all key spaces #5047
Description
Expected Behavior
We want to use an external etcd for our sensu backen. We expected that after configuring it as described in the documentation is enough.
Current Behavior
While initializing the sensu backend, it fails with "permission denied" error. Because it requires the access to ".initialized" key too. After giving access to that key, initialization goes through without problem, but then the problem is that the sensu user has access to / key space too.
Possible Solution
Move the required ".initialized" key to "/sensu.io/.initialized".
Steps to Reproduce (for bugs)
- Deploy an etcd cluster
- Create sensu user and its roles as described in documentation
- Init the sensu backend as described in documentation
Context
We want to limit the acces of sensu user to /sensu.io/ key space only, because we plan to have other applications using other key spaces.
Your Environment
- Sensu version used (sensuctl, sensu-backend, and/or sensu-agent): 6.10.0
- etcd version: 3.5.11
- Installation method (packages, binaries, docker etc.): docker
Metadata
Metadata
Assignees
Labels
No labels