terraform-provider-postgresql icon indicating copy to clipboard operation
terraform-provider-postgresql copied to clipboard

Published 20 hours ago verified publisher icon cyrilgdn

Connection error message leaks Postgres password

Open SanjayVas opened this issue 1 year ago • 1 comments

Hi there,

Thank you for opening an issue. Please provide the following information:

Terraform Version

1.7.5

Affected Resource(s)

  • postgresql_grant

Terraform Configuration Files

https://github.com/world-federation-of-advertisers/cross-media-measurement/tree/main/src/main/terraform/gcloud/cmms

Debug Output

Avoiding adding full debug output to do sensitivity. See edited snippet:

Error: Error connecting to PostgreSQL server  (scheme: gcppostgres): gcppostgres: open gcppostgres://postgres:<URL-escaped plaintext password>:5432/postgres?fallback_application_name=Terraform+provider: :5432/postgres is not in the form project/region/instance/dbname

The text <URL-escaped plaintext password> instead had my actual URL-escaped DB password.

Expected Behavior

Password is obfuscated in error message.

Actual Behavior

Password shown in error message.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform plan -replace google_sql_database_instance.postgres

References

It looks like there's an attempt at using string.Replace in https://github.com/cyrilgdn/terraform-provider-postgresql/blob/f46ec221181b09b153c7fc816e75c7030a3e8ab9/postgresql/config.go#L291, but it does not appear to take into account that the password may be URL-escaped.

SanjayVas avatar Apr 09 '24 23:04 SanjayVas

We just now encountered the same issue. Also using GCP

gojanpaolo avatar Jul 22 '24 22:07 gojanpaolo