From 589a3751e1cf4d54eca38432fc7812d6d02b7464 Mon Sep 17 00:00:00 2001
From: kurokobo <2920259+kurokobo@users.noreply.github.com>
Date: Sun, 20 Mar 2022 16:13:12 +0900
Subject: [PATCH] fix: add quotes for PGPASSWORD for the backup and restore
 roles

---
 README.md                              | 2 +-
 roles/backup/tasks/postgres.yml        | 2 +-
 roles/installer/tasks/migrate_data.yml | 2 +-
 roles/restore/tasks/postgres.yml       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 736e1bda..d983150d 100644
--- a/README.md
+++ b/README.md
@@ -403,7 +403,7 @@ stringData:
 type: Opaque
 ```
 
-> Please ensure that the value for the variable "password" is wrapped in quotes if the password contains any special characters.
+> Please ensure that the value for the variable `password` should _not_ contain single or double quotes (`'`, `"`) or backslashes (`\`) to avoid any issues during deployment, backup or restoration.
 
 > It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.
 
diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml
index b8136303..7cc132d8 100644
--- a/roles/backup/tasks/postgres.yml
+++ b/roles/backup/tasks/postgres.yml
@@ -99,7 +99,7 @@
     command: |
       bash -c """
       set -e -o pipefail
-      PGPASSWORD={{ awx_postgres_pass }} {{ pgdump }} > {{ backup_dir }}/tower.db
+      PGPASSWORD='{{ awx_postgres_pass }}' {{ pgdump }} > {{ backup_dir }}/tower.db
       echo 'Successful'
       """
   register: data_migration
diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml
index d8db0fcd..7acc1d89 100644
--- a/roles/installer/tasks/migrate_data.yml
+++ b/roles/installer/tasks/migrate_data.yml
@@ -65,7 +65,7 @@
     command: |
       bash -c """
       set -e -o pipefail
-      PGPASSWORD={{ awx_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ pg_restore }}
+      PGPASSWORD='{{ awx_old_postgres_pass }}' {{ pgdump }} | PGPASSWORD='{{ awx_postgres_pass }}' {{ pg_restore }}
       echo 'Successful'
       """
   no_log: true
diff --git a/roles/restore/tasks/postgres.yml b/roles/restore/tasks/postgres.yml
index c4a7927b..a0c5d4ab 100644
--- a/roles/restore/tasks/postgres.yml
+++ b/roles/restore/tasks/postgres.yml
@@ -86,7 +86,7 @@
     command: |
       bash -c """
       set -e -o pipefail
-      cat {{ backup_dir }}/tower.db | PGPASSWORD={{ awx_postgres_pass }} {{ pg_restore }}
+      cat {{ backup_dir }}/tower.db | PGPASSWORD='{{ awx_postgres_pass }}' {{ pg_restore }}
       echo 'Successful'
       """
   register: data_migration