From 55dac2a3193d9eb3bbccecb8e4ce57f9901c3ebb Mon Sep 17 00:00:00 2001
From: Lee Boynton <lee@lboynton.com>
Date: Thu, 26 Sep 2024 22:08:14 +0100
Subject: [PATCH] Fix potential error revoking privileges in postgres secret
 engine (#28519)

* Fix potential error revoking privileges in postgres secret engine

* add changelog entry

* fix changelog format

---------

Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
---
 changelog/28519.txt                       | 3 +++
 plugins/database/postgresql/postgresql.go | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changelog/28519.txt

diff --git a/changelog/28519.txt b/changelog/28519.txt
new file mode 100644
index 0000000000..9cd11f74ff
--- /dev/null
+++ b/changelog/28519.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+database/postgresql: Fix potential error revoking privileges in postgresql database secrets engine when a schema contains special characters
+```
diff --git a/plugins/database/postgresql/postgresql.go b/plugins/database/postgresql/postgresql.go
index 004ca27dfc..ffe460f45c 100644
--- a/plugins/database/postgresql/postgresql.go
+++ b/plugins/database/postgresql/postgresql.go
@@ -529,7 +529,7 @@ func (p *PostgreSQL) defaultDeleteUser(ctx context.Context, username string) err
 		}
 		revocationStmts = append(revocationStmts, fmt.Sprintf(
 			`REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA %s FROM %s;`,
-			(schema),
+			dbutil.QuoteIdentifier(schema),
 			dbutil.QuoteIdentifier(username)))
 
 		revocationStmts = append(revocationStmts, fmt.Sprintf(