From d8f3fd60b232baaf93b3d40860e92f477480f213 Mon Sep 17 00:00:00 2001
From: Jakob Havstein Eriksen <jakob.havstein.eriksen@nav.no>
Date: Mon, 12 Jan 2026 12:48:18 +0100
Subject: [PATCH] fix: quote username in db queries

---
 internal/postgres/iam.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/postgres/iam.go b/internal/postgres/iam.go
index 0850c97d..7b4b7ec2 100644
--- a/internal/postgres/iam.go
+++ b/internal/postgres/iam.go
@@ -271,18 +271,18 @@ func AddUser(ctx context.Context, appName, username, password string, cluster fl
 		return err
 	}
 
-	_, err = db.ExecContext(ctx, fmt.Sprintf("CREATE USER %v WITH ENCRYPTED PASSWORD '%v' NOCREATEDB;", username, password))
+	_, err = db.ExecContext(ctx, fmt.Sprintf("CREATE USER '%v' WITH ENCRYPTED PASSWORD '%v' NOCREATEDB;", username, password))
 	if err != nil {
 		return formatInvalidGrantError(err)
 	}
 	out.Printf("Created user: %v", username)
 
-	_, err = db.ExecContext(ctx, fmt.Sprintf("alter default privileges in schema public grant %v on tables to %q;", privilege, username))
+	_, err = db.ExecContext(ctx, fmt.Sprintf("alter default privileges in schema public grant %v on tables to '%q';", privilege, username))
 	if err != nil {
 		return formatInvalidGrantError(err)
 	}
 
-	_, err = db.ExecContext(ctx, fmt.Sprintf("grant %v on all tables in schema public to %q;", privilege, username))
+	_, err = db.ExecContext(ctx, fmt.Sprintf("grant %v on all tables in schema public to '%q';", privilege, username))
 	if err != nil {
 		return formatInvalidGrantError(err)
 	}
@@ -306,7 +306,7 @@ func DropUser(ctx context.Context, appName string, username string, cluster flag
 		return err
 	}
 
-	_, err = db.ExecContext(ctx, fmt.Sprintf("drop role %v;", username))
+	_, err = db.ExecContext(ctx, fmt.Sprintf("drop role '%v';", username))
 	if err != nil {
 		return formatInvalidGrantError(err)
 	}