I try to connect my Spring-Boot-Application with new PostgreSQL USER (named : localX_deletion), but when i run it, that return me FlywaySqlException :
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flywayInitializer' defined in class path resource [org/springframework/boot/autoconfigure/flyway/FlywayAutoConfiguration$FlywayConfiguration.class]: Invocation of init method failed; nested exception is org.flywaydb.core.internal.exception.FlywaySqlException:
Unable to obtain connection from database: FATAL: password authentication failed for user "localX_deletion"
SQL State : 28P01 Error Code : 0 Message : FATAL : password authentication failed for user "localX_deletion"
I dont understand because i can connect with this user in command-line : psql -U localX_deletion -h localhost and when i specify in spring.datasource another account the application run as excepted.
How i create Database/Role:
CREATE USER localx_deletion;
CREATE DATABASE localx_deletion OWNER localx_deletion;
ALTER USER localx_deletion WITH ENCRYPTED PASSWORD 'localx_deletion';
ALTER DATABASE localx_deletion OWNER TO localx_deletion;
GRANT ALL PRIVILEGES ON DATABASE localx_deletion TO localx_deletion;
What i have already tried to fix it:
For each tasks bellow i have restart postgresql service.
Update password/name role.
Delete all and re-create all.
Setting in pg_hba.conf local and host as trust (that works but i dont like update this file, because the old config work fine with the others roles/databases).
Purge, remove and reinstall Postgresql
Someone have an idea for fix it please ?
\du - List of roles
Role name | Attributes | Member of
------------------------+------------------------------------------------------------+-----------
localx | Create DB | {}
localx_standalone | Create DB | {}
localx_standalone_test | Create DB | {}
localx_deletion | Create DB | {}
localx_test | Create DB | {}
postgr
\l - List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
------------------------+------------------------+----------+-------------+-------------+-----------------------------------
localx | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | =Tc/postgres +
| | | | | postgres=CTc/postgres +
| | | | | localx=CTc/postgres
localx_standalone | localx_standalone | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 |
localx_standalone_test | localx_standalone_test | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 |
localx_deletion | localx_deletion | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | =Tc/localx_deletion +
| | | | | localx_deletion=CTc/localx_deletion
localx_test | localx_test | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 |
postgres | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 |
template0 | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
pg_hba.conf
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
Operating System : Ubuntu 20.04.1 LTS (Focal Fossa), Postgresql : 12
Related
In our application we have components that can modify DB structure. At times it is desirable to prohibit this and to do this we reduce the level of privilege of the Postgres group role that owns all of our DB structures (tables, sequences, views, etc.). Additionally, because owners can still do whatever they want to existing structure they own, we reassign ownership of all the structures to a temporary user role who cannot login. The latter step is accomplished by issuing a REASSIGN OWNED BY XXX TO YYY; command. Recently, when testing, we noticed that for one of our databases this command was failing with a "permission denied for schema public" error message. This is odd since all of our DBs define equivalent group roles for reading, writing, and administrative/DDL operations and this operation continues to work fine for other DBs on the same Postgres host. Furthermore I can see no inconsistencies in schema privileges or object ownership. Is there a way to get more information from Postgres about what it is objecting to?
I have run the \dn+ command on both the affected / failing DB and on one behaving normally and see no difference in the privilege of the "superuser" I'm using to issue the commands, not to mention create and administer the roles in question. Most of my searches on the subject yield results where the REASSIGN OWNED BY command is used to help remedy permission denied errors and I've yet to find any information on what to look for if that command itself is throwing such an error. Any help would be greatly appreciated.
The user I'm using is the highest privileged user AWS Aurora provides us. The output from \du for the role is basically unusable since that role is a member of ALL groups for all the DBs on our system resulting in a membership list that is hundreds of elements long and almost unreadable in the terminal let alone here. I'll try and provide more selective information using the pg_roles and pg_auth_members views below.
d0000000033_0000000031=> select current_user;
current_user
--------------
datamart
(1 row)
d0000000033_0000000031=> select * from pg_roles where rolname = 'datamart';
rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolconnlimit | rolpassword | rolvaliduntil | rolbypassrls | rolconfig | oid
----------+----------+------------+---------------+-------------+-------------+----------------+--------------+-------------+---------------+--------------+-----------+-------
datamart | f | t | t | t | t | f | -1 | ******** | infinity | f | | 16393
(1 row)
The schema privileges for the DB are as follows:
d0000000033_0000000031=> \dn+ public
List of schemas
Name | Owner | Access privileges | Description
--------+----------+---------------------------------------------+------------------------
public | rdsadmin | datamart=UC/rdsadmin +| standard public schema
| | d0000000033_0000000031_g_admins=UC/rdsadmin+|
| | d0000000033_0000000031_g_writers=U/rdsadmin+|
| | d0000000033_0000000031_g_readers=U/rdsadmin |
(1 row)
The memberships for the associated group roles are:
d0000000033_0000000031=> select r1.rolname as role, r2.rolname as member, r3.rolname as grantor, am.admin_option
from pg_roles r1
inner join pg_auth_members am on r1.oid = am.roleid
inner join pg_roles r2 on r2.oid = am.member
inner join pg_roles r3 on r3.oid = am.grantor
where r1.rolname like 'd0000000033_0000000031_g%';
role | member | grantor | admin_option
----------------------------------+---------------------------------+----------+--------------
d0000000033_0000000031_g_admins | datamart | datamart | t
d0000000033_0000000031_g_admins | clari_global_admins | datamart | f
d0000000033_0000000031_g_admins | d0000000033_0000000031_u_admin | datamart | f
d0000000033_0000000031_g_readers | datamart | datamart | t
d0000000033_0000000031_g_readers | clari_global_readers | datamart | f
d0000000033_0000000031_g_readers | d0000000033_0000000031_u_reader | datamart | f
d0000000033_0000000031_g_writers | datamart | datamart | t
d0000000033_0000000031_g_writers | clari_global_writers | datamart | f
d0000000033_0000000031_g_writers | d0000000033_0000000031_u_writer | datamart | f
(9 rows)
The details for the associated roles are:
d0000000033_0000000031=> select * from pg_roles where rolname like 'd0000000033_0000000031%' or rolname like 'clari_global%';
rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolconnlimit | rolpassword | rolvaliduntil | rolbypassrls | rolconfig | oid
----------------------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+-------------+---------------+--------------+-----------+-------
clari_global_admins | f | f | f | f | f | f | -1 | ******** | | f | | 25971
clari_global_readers | f | t | f | f | f | f | -1 | ******** | | f | | 25973
clari_global_writers | f | f | f | f | f | f | -1 | ******** | | f | | 25972
d0000000033_0000000031_g_admins | f | f | f | f | f | f | -1 | ******** | | f | | 96724
d0000000033_0000000031_g_readers | f | f | f | f | f | f | -1 | ******** | | f | | 96730
d0000000033_0000000031_g_writers | f | f | f | f | f | f | -1 | ******** | | f | | 96725
d0000000033_0000000031_u_admin | f | t | f | f | t | f | -1 | ******** | | f | | 97411
d0000000033_0000000031_u_reader | f | t | f | f | t | f | -1 | ******** | | f | | 97078
d0000000033_0000000031_u_writer | f | t | f | f | t | f | -1 | ******** | | f | | 96731
(9 rows)
I just realized I missed an important piece of information RE the user I'm reassigning ownership to:
d0000000033_0000000031=> \du d0000000033_0000000031_u_restricted;
List of roles
Role name | Attributes | Member of
-------------------------------------+--------------+-----------
d0000000033_0000000031_u_restricted | Cannot login | {}
The flow of commands leading up to the failure of the REASSIGN OWNED BY is this:
REVOKE ALL ON SCHEMA public FROM d0000000033_0000000031_g_admins;
GRANT USAGE ON SCHEMA public TO d0000000033_0000000031_g_admins;
CREATE ROLE d0000000033_0000000031_u_restricted WITH ADMIN datamart;
GRANT ALL ON SCHEMA public TO d0000000033_0000000031_u_restricted;
REASSIGN OWNED BY d0000000033_0000000031_g_admins TO d0000000033_0000000031_u_restricted;
Executing these for the affected DB I get:
d0000000033_0000000031=> REVOKE ALL ON SCHEMA public FROM d0000000033_0000000031_g_admins;
WARNING: no privileges could be revoked for "public"
REVOKE
d0000000033_0000000031=> GRANT USAGE ON SCHEMA public TO d0000000033_0000000031_g_admins;
WARNING: no privileges were granted for "public"
GRANT
d0000000033_0000000031=> CREATE ROLE d0000000033_0000000031_u_restricted WITH ADMIN datamart;
CREATE ROLE
d0000000033_0000000031=> GRANT ALL ON SCHEMA public TO d0000000033_0000000031_u_restricted;
WARNING: no privileges were granted for "public"
GRANT
d0000000033_0000000031=> REASSIGN OWNED BY d0000000033_0000000031_g_admins TO d0000000033_0000000031_u_restricted;
ERROR: permission denied for schema public
Executing the same for my unaffected DB I get:
d0000000033_0000000029=> REVOKE ALL ON SCHEMA public FROM d0000000033_0000000029_g_admins;
WARNING: no privileges could be revoked for "public"
REVOKE
d0000000033_0000000029=> GRANT USAGE ON SCHEMA public TO d0000000033_0000000029_g_admins;
WARNING: no privileges were granted for "public"
GRANT
d0000000033_0000000029=> CREATE ROLE d0000000033_0000000029_u_restricted WITH ADMIN datamart;
CREATE ROLE
d0000000033_0000000029=> GRANT ALL ON SCHEMA public TO d0000000033_0000000029_u_restricted;
WARNING: no privileges were granted for "public"
GRANT
d0000000033_0000000029=> REASSIGN OWNED BY d0000000033_0000000029_g_admins TO d0000000033_0000000029_u_restricted;
REASSIGN OWNED
Please help me to solve the problem with psql Shell. When i am working inside the SQL Shell the column headers don't display correctly (this should be display in more nicely, do you know to solve it? My operating system is windows 7 ultimate SP1
Like in this example:
╤яшёюъ срч фрээ√ї
╚ь | ┬ырфхыхЎ | ╩юфшЁютър | LC_COLLATE | LC_CTYPE |
╧Ёртр фюёЄєяр
or like this:
╤яшёюъ юЄэю°хэшщ
╤їхьр | ╚ь | ╥шя | ┬ырфхыхЎ
The full commands that I wrote in SQL Shell:
Server [localhost]:
Database [postgres]:
Port [5432]:
Username [postgres]:
Пароль пользователя postgres:
psql (10.11)
ПРЕДУПРЕЖДЕНИЕ: Кодовая страница консоли (866) отличается от основной
страницы Windows (1251).
8-битовые (русские) символы могут отображаться некорректно.
Подробнее об этом смотрите документацию psql, раздел
"Notes for Windows users".
Введите "help", чтобы получить справку.
postgres=# \l
╤яшёюъ срч фрээ√ї
╚ь | ┬ырфхыхЎ | ╩юфшЁютър | LC_COLLATE | LC_CTYPE |
╧Ёртр фюёЄєяр
-----------+----------+-----------+---------------------+---------------------+-
----------------------
postgres | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
template0 | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
=c/postgres +
| | | | |
postgres=CTc/postgres
template1 | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
=c/postgres +
| | | | |
postgres=CTc/postgres
(3 ёЄЁюъш)
postgres=# CREATE TABLE flights ( id SERIAL PRIMARY KEY, origin VARCHAR NO
T NULL, destination VARCHAR NOT NULL, duration INTEGER NOT NULL);
CREATE TABLE
postgres=# \d
╤яшёюъ юЄэю°хэшщ
╤їхьр | ╚ь | ╥шя | ┬ырфхыхЎ
--------+----------------+--------------------+----------
public | flights | ЄрсышЎр | postgres
public | flights_id_seq | яюёыхфютрЄхы№эюёЄ№ | postgres
(2 ёЄЁюъш)
postgres=#
I guess, i am not sure, maybe problem is here? But how to add a new fonts to this table?
postgres=# \l
╤яшёюъ срч фрээ√ї
╚ь | ┬ырфхыхЎ | ╩юфшЁютър | LC_COLLATE | LC_CTYPE |
╧Ёртр фюёЄєяр
-----------+----------+-----------+---------------------+---------------------+-
----------------------
postgres | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
template0 | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
=c/postgres +
| | | | |
postgres=CTc/postgres
template1 | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
=c/postgres +
| | | | |
postgres=CTc/postgres
(3 ёЄЁюъш)
I read this website https://www.postgresql.org/docs/8.4/multibyte.html#AEN29822 this is pretty close to my problem, but according to these information I could only change the text fonts only inside tables, it couldn't change the fonts of the column headers.
Here i found a permanent solution:
Start -> Run -> regedit
Go to [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
Add new String Value named: Autorun
Change the value to 'chcp 1251'
The solution is:
Step 1. I changed the fonts style of cmd.exe to Lucida Console!
Step 2. I used command: chcp 1251
Step 3. I use command: psql -d postgres -U postgres
Now this display correctly and like it should to be!
But every time when you relaunch cmd I need to use chcp 1251, I don't how to save and let it stay permanently. May be you know?
C:\Users\zubr>chcp 1251
Текущая кодовая страница: 1251
C:\Users\zubr>psql -d postgres -U postgres
Пароль пользователя postgres:
psql (10.11)
Введите "help", чтобы получить справку.
postgres=# \l
Список баз данных
Имя | Владелец | Кодировка | LC_COLLATE | LC_CTYPE |
Права доступа
-----------+----------+-----------+---------------------+---------------------+-
----------------------
postgres | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
template0 | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
=c/postgres +
| | | | |
postgres=CTc/postgres
template1 | postgres | UTF8 | Russian_Russia.1251 | Russian_Russia.1251 |
=c/postgres +
| | | | |
postgres=CTc/postgres
(3 строки)
postgres=# \d
Список отношений
Схема | Имя | Тип | Владелец
--------+----------------+--------------------+----------
public | flights | таблица | postgres
public | flights_id_seq | последовательность | postgres
(2 строки)
postgres=#
I am using Heroku Automated Certificate Management and Namecheap Basic DNS.
My problem is that my non-SSL domains are still reachable.
Here is how they map in practice:
|---------------------|------------------------------|
| Entered Domain | Result Domain |
|---------------------|------------------------------|
| name.tld | https://www.name.tld/ |
|---------------------|------------------------------|
| www.name.tld | http://www.name.tld/ |
|---------------------|------------------------------|
| http://www.name.tld | http://www.name.tld/ |
|---------------------|------------------------------|
|https://www.name.tld | https://www.name.tld/ |
|---------------------|------------------------------|
| http://name.tld | https://www.name.tld/ |
|---------------------|------------------------------|
| https://name.tld | error: does not resolve |
|---------------------|------------------------------|
My Heroku Domains settings are:
|---------------------|-------------------|
| Domain Name | DNS Target |
|---------------------|-------------------|
| name.tld |name1.herokudns.com|
|---------------------|-------------------|
| www.name.tld |name2.herokudns.com|
|---------------------|-------------------|
My Namecheap Redirect Domain settings are:
|---------------------|---------------------|
| Source URL | Destination URL |
|---------------------|---------------------|
| name.tld |https://www.name.tld/|
|---------------------|---------------------|
| www.name.tld |https://www.name.tld/|
|---------------------|---------------------|
And my Namecheap Host Records settings are:
|---------------------|---------------------|---------------------|
| Type | Host | Value |
|---------------------|---------------------|---------------------|
| CNAME Record | www | name1.herokudns.com.|
|---------------------|---------------------|---------------------|
| URL Redirect Record | # |https://www.name.tld/|
|---------------------|---------------------|---------------------|
Something to note is I do not put name2.herokudns.com into Namecheap because it would conflict, I think.
This is my output on console:
+---------------+---------------------------------------------------+
| Summary for cert 2.96.1 |
+---------------+---------------------------------------------------+
| development | false |
| force | false |
| username | correctappleid#gmail.com |
| team_id | CSCORRECTTEAMID |
| keychain_path | /Users/bartek/Library/Keychains/login.keychain-db |
| platform | ios |
+---------------+---------------------------------------------------+
[09:01:23]: Starting login with user 'correctappleid#gmail.com'
[09:01:27]: Successfully logged in
[09:01:28]: Certificate 98TLCZS7BR (iOS Distribution) can't be found on your local computer
[09:01:29]: Found the certificate 6K5C2MFHUL (iOS Distribution) which is installed on the local machine. Using this one.
[09:01:30]: Verifying the certificate is properly installed locally...
[09:01:30]: Successfully installed certificate 6K5C2MFHUL
[09:01:30]: Use signing certificate '6K5C2MFHUL' from now on!
[09:01:30]: --------------------------------------
[09:01:30]: --- Step: get_provisioning_profile ---
[09:01:30]: --------------------------------------
+-------------------------------------+-------------------------------------------+
| Summary for sigh 2.96.1 |
+-------------------------------------+-------------------------------------------+
| adhoc | false |
| development | false |
| skip_install | false |
| force | false |
| app_identifier | my.app.identifier |
| username | wrongname#company.com |
| team_id | CSTEAMID |
| ignore_profiles_with_different_name | false |
| cert_id | 6K5C2MFHUL |
| skip_fetch_profiles | false |
| skip_certificate_verification | false |
| platform | ios |
| readonly | false |
+-------------------------------------+-------------------------------------------+
[09:01:30]: Starting login with user 'wrongname#company.com'
-------------------------------------------------------------------------------------
Please provide your Apple Developer Program account credentials
The login information you enter will be stored in your macOS Keychain
You can also pass the password using the `FASTLANE_PASSWORD` environment variable
See more information about it on GitHub: https://github.com/fastlane/fastlane/tree/master/credentials_manager
Why fastlane try to fetch provisionings with wrong user account?
How can I force it to change it?
Where it is defined?
Have you tried setting the user account directly?
https://docs.fastlane.tools/actions/upload_to_app_store/#parameters
https://docs.fastlane.tools/actions/sigh/#parameters
Complete database newbie here. I installed postgres on my laptop to run some local apps and stuff. However the fact that postgres is setup using myname instead of root is quite a hinderance. Any way I cant replace it with root?
I open psql with this:
psql -h localhost
myname=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
--------------+--------------+----------+-------------+-------------+-------------------------------
myname | myname | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
pixelmanager | myname | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | myname | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | myname | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/myname +
| | | | | myname=CTc/myname
template1 | myname | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/myname +
| | | | | myname=CTc/myname
(5 rows)
Thanks for the help
Simply set the two default databases (template1 / template0) to the user you want, and all future / new databases would be created with this new user.
For e.g.
ALTER DATABASE template0 OWNER TO newname1;
ALTER DATABASE template1 OWNER TO newname1;