Connection error message leaks Postgres password

[SanjayVas]

Hi there,

Thank you for opening an issue. Please provide the following information:

Terraform Version

1.7.5

Affected Resource(s)

• postgresql_grant

Terraform Configuration Files

https://github.com/world-federation-of-advertisers/cross-media-measurement/tree/main/src/main/terraform/gcloud/cmms

Debug Output

Avoiding adding full debug output to do sensitivity. See edited snippet:

Error: Error connecting to PostgreSQL server  (scheme: gcppostgres): gcppostgres: open gcppostgres://postgres:<URL-escaped plaintext password>:5432/postgres?fallback_application_name=Terraform+provider: :5432/postgres is not in the form project/region/instance/dbname

The text <URL-escaped plaintext password> instead had my actual URL-escaped DB password.

Expected Behavior

Password is obfuscated in error message.

Actual Behavior

Password shown in error message.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform plan -replace google_sql_database_instance.postgres

References

It looks like there's an attempt at using string.Replace in

terraform-provider-postgresql/postgresql/config.go

Line 291 in f46ec22

errString := strings.Replace(err.Error(), c.config.Password, "XXXX", 2)

, but it does not appear to take into account that the password may be URL-escaped.

[gojanpaolo]

We just now encountered the same issue. Also using GCP