Grant pg_monitor to the prometheus-postgres-exporter database user

The exporter's wal collector (enabled by default) calls pg_ls_waldir(),
which Postgres restricts to superusers and members of the pg_monitor
role. The exporter user is created as a plain managed-database user, so
scraping logged "permission denied for function pg_ls_waldir" on every
run.

Grant pg_monitor via the managed database's additional_sql_queries,
which the Postgres role applies both on initial creation and on
subsequent runs, covering existing installations too.

Fixes #3039

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Slavi Pantaleev
2026-07-13 13:21:19 +03:00
parent 506d4ab4c9
commit ee38b3aac2
+1
View File
@@ -4248,6 +4248,7 @@ postgres_managed_databases_auto: |
'name': prometheus_postgres_exporter_database_name,
'username': prometheus_postgres_exporter_database_username,
'password': prometheus_postgres_exporter_database_password,
'additional_sql_queries': ['GRANT pg_monitor TO "' + prometheus_postgres_exporter_database_username + '";'],
}] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname) else [])
+
([{