end
def users
- @users ||= query("SELECT * FROM pg_user").each_with_object({}) do |user, users|
+ @users ||= query("SELECT *, ARRAY(SELECT groname FROM pg_group WHERE usesysid = ANY(grolist)) AS roles FROM pg_user").each_with_object({}) do |user, users|
users[user[:usename]] = {
:superuser => user[:usesuper] == "t",
:createdb => user[:usercreatedb] == "t",
:createrole => user[:usecatupd] == "t",
- :replication => user[:userepl] == "t"
+ :replication => user[:userepl] == "t",
+ :roles => parse_array(user[:roles] || "{}")
}
end
end
private
+ def parse_array(array)
+ array.sub(/^\{(.*)\}$/, "\\1").split(",")
+ end
+
def parse_acl(acl)
- acl.sub(/^\{(.*)\}$/, "\\1").split(",").each_with_object({}) do |entry, permissions|
+ parse_array(acl).each_with_object({}) do |entry, permissions|
entry = entry.sub(/^"(.*)"$/) { Regexp.last_match[1].gsub(/\\"/, '"') }.sub(%r{/.*$}, "")
user, privileges = entry.split("=")
property :createdb, :kind_of => [TrueClass, FalseClass], :default => false
property :createrole, :kind_of => [TrueClass, FalseClass], :default => false
property :replication, :kind_of => [TrueClass, FalseClass], :default => false
+property :roles, :kind_of => [String, Array]
action :create do
password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : ""
end
end
end
+
+ roles = Array(new_resource.roles)
+
+ roles.each do |role|
+ next if current_user[:roles].include?(role)
+
+ converge_by "grant #{role} to #{new_resource.user}" do
+ cluster.execute(:command => "GRANT \"#{role}\" TO \"#{new_resource.user}\"")
+ end
+ end
+
+ current_user[:roles].each do |role|
+ next if roles.include?(role)
+
+ converge_by "revoke #{role} from #{new_resource.user}" do
+ cluster.execute(:command => "REVOKE \"#{role}\" FROM \"#{new_resource.user}\"")
+ end
+ end
end
end
projects / chef.git / commitdiff