fix: escape the role and database names (#14)

greut · web-flow · commit 829734b0c2bd · 2022-03-14T14:35:21.000+01:00
Signed-off-by: Yoan Blanc &lt;yblanc@edgelab.ch&gt;
diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@ In particular:
 
 ```hcl
 module "foo" {
-  source = "git@github.com:edgelaboratories/terraform-postgresql-db?ref=v0.4.2"
+  source = "git@github.com:edgelaboratories/terraform-postgresql-db?ref=v0.4.3"
 
   database       = "foo"
   owner          = "admin"  # Optional, default to database name
diff --git a/vault.tf b/vault.tf
@@ -14,10 +14,10 @@ resource "vault_database_secret_backend_role" "owner" {
   db_name = var.vault_db_connection_name
 
   creation_statements = concat([
-    "CREATE ROLE \"{{name}}\" IN ROLE ${each.value} LOGIN PASSWORD '{{password}}' INHERIT VALID UNTIL '{{expiration}}';",
+    "CREATE ROLE \"{{name}}\" IN ROLE \"${each.value}\" LOGIN PASSWORD '{{password}}' INHERIT VALID UNTIL '{{expiration}}';",
 
     # Automatically SET ROLE to db owner at login
-    "ALTER ROLE \"{{name}}\" IN DATABASE ${postgresql_database.this.name} SET ROLE ${each.value}",
+    "ALTER ROLE \"{{name}}\" IN DATABASE \"${postgresql_database.this.name}\" SET ROLE \"${each.value}\";",
   ])
 
   renew_statements = [
