X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/faf8ae12e85eabb050b0f5eceb2cb67ad1de5261..847ffefc0606eae909ccc4abe752fa1629085011:/cookbooks/postgresql/providers/user.rb?ds=sidebyside diff --git a/cookbooks/postgresql/providers/user.rb b/cookbooks/postgresql/providers/user.rb index 11c783e22..22d01a4dc 100644 --- a/cookbooks/postgresql/providers/user.rb +++ b/cookbooks/postgresql/providers/user.rb @@ -17,13 +17,17 @@ # limitations under the License. # +require "shellwords" + +use_inline_resources + def load_current_resource @pg = Chef::PostgreSQL.new(new_resource.cluster) @current_resource = Chef::Resource::PostgresqlUser.new(new_resource.name) @current_resource.user(new_resource.user) @current_resource.cluster(new_resource.cluster) - if pg_user = @pg.users[@current_resource.user] + if (pg_user = @pg.users[@current_resource.user]) @current_resource.superuser(pg_user[:superuser]) @current_resource.createdb(pg_user[:createdb]) @current_resource.createrole(pg_user[:createrole]) @@ -33,35 +37,40 @@ def load_current_resource end action :create do - password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password}'" : "" + password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : "" superuser = new_resource.superuser ? "SUPERUSER" : "NOSUPERUSER" createdb = new_resource.createdb ? "CREATEDB" : "NOCREATEDB" createrole = new_resource.createrole ? "CREATEROLE" : "NOCREATEROLE" replication = new_resource.replication ? "REPLICATION" : "NOREPLICATION" - unless @pg.users.include?(new_resource.user) - @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}") - new_resource.updated_by_last_action(true) + if !@pg.users.include?(new_resource.user) + converge_by "create role #{new_resource.user}" do + @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}") + end else if new_resource.superuser != @current_resource.superuser - @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}") - new_resource.updated_by_last_action(true) + converge_by "alter role #{new_resource.user}" do + @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}") + end end unless new_resource.superuser if new_resource.createdb != @current_resource.createdb - @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}") - new_resource.updated_by_last_action(true) + converge_by "alter role #{new_resource.user}" do + @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}") + end end if new_resource.createrole != @current_resource.createrole - @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}") - new_resource.updated_by_last_action(true) + converge_by "alter role #{new_resource.user}" do + @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}") + end end if new_resource.replication != @current_resource.replication - @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}") - new_resource.updated_by_last_action(true) + converge_by "alter role #{new_resource.user}" do + @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}") + end end end end @@ -69,7 +78,8 @@ end action :drop do if @pg.users.include?(new_resource.user) - @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"") - new_resource.updated_by_last_action(true) + converge_by "drop role #{new_resource.user}" do + @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"") + end end end