X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/4f7fa07759cca622d60b960f1337c2a65ab0e667..5f259f2b4c4642dbb43158ab49a9675c2d8ddce7:/cookbooks/postgresql/resources/user.rb diff --git a/cookbooks/postgresql/resources/user.rb b/cookbooks/postgresql/resources/user.rb index ad8fed4d5..31194fedc 100644 --- a/cookbooks/postgresql/resources/user.rb +++ b/cookbooks/postgresql/resources/user.rb @@ -19,6 +19,8 @@ require "shellwords" +unified_mode true + default_action :create property :user, :kind_of => String, :name_property => true @@ -28,6 +30,7 @@ property :superuser, :kind_of => [TrueClass, FalseClass], :default => false property :createdb, :kind_of => [TrueClass, FalseClass], :default => false property :createrole, :kind_of => [TrueClass, FalseClass], :default => false property :replication, :kind_of => [TrueClass, FalseClass], :default => false +property :roles, :kind_of => [String, Array] action :create do password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : "" @@ -68,6 +71,24 @@ action :create do end end end + + roles = Array(new_resource.roles) + + roles.each do |role| + next if current_user[:roles].include?(role) + + converge_by "grant #{role} to #{new_resource.user}" do + cluster.execute(:command => "GRANT \"#{role}\" TO \"#{new_resource.user}\"") + end + end + + current_user[:roles].each do |role| + next if roles.include?(role) + + converge_by "revoke #{role} from #{new_resource.user}" do + cluster.execute(:command => "REVOKE \"#{role}\" FROM \"#{new_resource.user}\"") + end + end end end