Exec[update_pgpass] failed
src386 opened this issue · comments
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 6.27.1-1focal
- Ruby: 2.5.9p229
- Distribution: Ubuntu 20.04
- Module version: master (currently v9.2.0)
How to reproduce (e.g Puppet code you use)
Use Postgresql and set a custom password with special characters such as &.
class { 'apache':
mpm_module => 'prefork',
}
class { 'apache::mod::php': }
class { 'postgresql::server': }
class { 'zabbix':
zabbix_url => 'zabbix.example.com',
database_password => 'secret&password',
}
What are you seeing
Error: sh: 1: password: not found
localhost:5432:zabbix_server:zabbix_server:secret
Error: /Stage[main]/Zabbix::Database::Postgresql/Exec[update_pgpass]/returns: change from 'notrun' to ['0'] failed: sh: 1: password: not found
localhost:5432:zabbix_server:zabbix_server:secret
What behaviour did you expect instead
Notice: /Stage[main]/Zabbix::Database::Postgresql/Exec[update_pgpass]/returns: executed successfully
Output log
Any additional information you'd like to impart
The Exec[update_pgpass] is defined here: https://github.com/voxpupuli/puppet-zabbix/blob/master/manifests/database/postgresql.pp#L67
command => "echo ${database_host}:5432:${database_name}:${database_user}:${database_password} >> /root/.pgpass",
As we can see, the echoed string is not protected/escaped, resulting in some characters breaking the command.
Workaround:
command => "echo \"${database_host}:5432:${database_name}:${database_user}:${database_password}\" >> /root/.pgpass",
It is interesting to note that the unless => argument was already protected/escaped.