Describe the Bug
The postgresql::server::default_privileges defined type does not quote the role name, leading to a faulty SQL query for the unless clause when the role name contains a hyphen. This makes the ALTER DEFAULT PRIVILEGES grant fail with a Postgres error message like this, when the role name is something like monitoring-role:
Could not evaluate: Error evaluating 'unless' clause, returned pid 891642 exit 1: 'ERROR: unrecognized key word: "monitoring"
LINE 1: ...amespace AS n ON da.defaclnamespace = n.oid WHERE 'monitori...
^
HINT: ACL key word must be "group" or "user".
'
Expected Behavior
The unless clause should quote the role name in the SQL query and not depend on the name being an SQL-compatible bare identifier. This module takes great care of quoting such role or database names throughout the many SQL commands it constructs, but this seems to have been missed.
I will submit a PR to fix.
Describe the Bug
The
postgresql::server::default_privilegesdefined type does not quote the role name, leading to a faulty SQL query for theunlessclause when the role name contains a hyphen. This makes the ALTER DEFAULT PRIVILEGES grant fail with a Postgres error message like this, when the role name is something likemonitoring-role:Expected Behavior
The
unlessclause should quote the role name in the SQL query and not depend on the name being an SQL-compatible bare identifier. This module takes great care of quoting such role or database names throughout the many SQL commands it constructs, but this seems to have been missed.I will submit a PR to fix.