X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/18e12b0e123fc3e5f344682f884feabc12da0f5a..7f055e6aa4bcecd6f19da3efe0f89ece84a5f5a2:/cookbooks/postgresql/resources/user.rb?ds=sidebyside diff --git a/cookbooks/postgresql/resources/user.rb b/cookbooks/postgresql/resources/user.rb index 0bfc80536..6d0e07e47 100644 --- a/cookbooks/postgresql/resources/user.rb +++ b/cookbooks/postgresql/resources/user.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: postgresql +# Cookbook:: postgresql # Resource:: postgresql_user # -# Copyright 2012, OpenStreetMap Foundation +# Copyright:: 2012, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,15 +19,18 @@ require "shellwords" +unified_mode true + default_action :create -property :user, :kind_of => String, :name_attribute => true +property :user, :kind_of => String, :name_property => true property :cluster, :kind_of => String, :required => true property :password, :kind_of => String -property :superuser, :default => false -property :createdb, :default => false -property :createrole, :default => false -property :replication, :default => false +property :superuser, :kind_of => [TrueClass, FalseClass], :default => false +property :createdb, :kind_of => [TrueClass, FalseClass], :default => false +property :createrole, :kind_of => [TrueClass, FalseClass], :default => false +property :replication, :kind_of => [TrueClass, FalseClass], :default => false +property :roles, :kind_of => [String, Array] action :create do password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : "" @@ -40,6 +43,12 @@ action :create do converge_by "create role #{new_resource.user}" do cluster.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}") end + + Array(new_resource.roles).each do |role| + converge_by "grant #{role} to #{new_resource.user}" do + cluster.execute(:command => "GRANT \"#{role}\" TO \"#{new_resource.user}\"") + end + end else current_user = cluster.users[new_resource.user] @@ -68,6 +77,24 @@ action :create do end end end + + roles = Array(new_resource.roles) + + roles.each do |role| + next if current_user[:roles].include?(role) + + converge_by "grant #{role} to #{new_resource.user}" do + cluster.execute(:command => "GRANT \"#{role}\" TO \"#{new_resource.user}\"") + end + end + + current_user[:roles].each do |role| + next if roles.include?(role) + + converge_by "revoke #{role} from #{new_resource.user}" do + cluster.execute(:command => "REVOKE \"#{role}\" FROM \"#{new_resource.user}\"") + end + end end end