]> git.openstreetmap.org Git - chef.git/blob - cookbooks/postgresql/providers/user.rb
put dulcy in production mode and enable backups
[chef.git] / cookbooks / postgresql / providers / user.rb
1 #
2 # Cookbook Name:: postgresql
3 # Provider:: postgresql_user
4 #
5 # Copyright 2012, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     http://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 require "shellwords"
21
22 use_inline_resources
23
24 def load_current_resource
25   @pg = Chef::PostgreSQL.new(new_resource.cluster)
26
27   @current_resource = Chef::Resource::PostgresqlUser.new(new_resource.name)
28   @current_resource.user(new_resource.user)
29   @current_resource.cluster(new_resource.cluster)
30   if (pg_user = @pg.users[@current_resource.user])
31     @current_resource.superuser(pg_user[:superuser])
32     @current_resource.createdb(pg_user[:createdb])
33     @current_resource.createrole(pg_user[:createrole])
34     @current_resource.replication(pg_user[:replication])
35   end
36   @current_resource
37 end
38
39 action :create do
40   password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : ""
41   superuser = new_resource.superuser ? "SUPERUSER" : "NOSUPERUSER"
42   createdb = new_resource.createdb ? "CREATEDB" : "NOCREATEDB"
43   createrole = new_resource.createrole ? "CREATEROLE" : "NOCREATEROLE"
44   replication = new_resource.replication ? "REPLICATION" : "NOREPLICATION"
45
46   if !@pg.users.include?(new_resource.user)
47     @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}")
48     new_resource.updated_by_last_action(true)
49   else
50     if new_resource.superuser != @current_resource.superuser
51       @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}")
52       new_resource.updated_by_last_action(true)
53     end
54
55     unless new_resource.superuser
56       if new_resource.createdb != @current_resource.createdb
57         @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}")
58         new_resource.updated_by_last_action(true)
59       end
60
61       if new_resource.createrole != @current_resource.createrole
62         @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}")
63         new_resource.updated_by_last_action(true)
64       end
65
66       if new_resource.replication != @current_resource.replication
67         @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}")
68         new_resource.updated_by_last_action(true)
69       end
70     end
71   end
72 end
73
74 action :drop do
75   if @pg.users.include?(new_resource.user)
76     @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"")
77     new_resource.updated_by_last_action(true)
78   end
79 end