Escape passwords when creating postgres users
[chef.git] / cookbooks / postgresql / providers / user.rb
index 11c783e22264f1b132dae4b1c8ec7ce0c1d41df1..5df0f3847845d07a19fb188bc25b97540587e5cb 100644 (file)
 # limitations under the License.
 #
 
+require "shellwords"
+
+use_inline_resources
+
 def load_current_resource
   @pg = Chef::PostgreSQL.new(new_resource.cluster)
 
   @current_resource = Chef::Resource::PostgresqlUser.new(new_resource.name)
   @current_resource.user(new_resource.user)
   @current_resource.cluster(new_resource.cluster)
-  if pg_user = @pg.users[@current_resource.user]
+  if (pg_user = @pg.users[@current_resource.user])
     @current_resource.superuser(pg_user[:superuser])
     @current_resource.createdb(pg_user[:createdb])
     @current_resource.createrole(pg_user[:createrole])
@@ -33,13 +37,13 @@ def load_current_resource
 end
 
 action :create do
-  password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password}'" : ""
+  password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : ""
   superuser = new_resource.superuser ? "SUPERUSER" : "NOSUPERUSER"
   createdb = new_resource.createdb ? "CREATEDB" : "NOCREATEDB"
   createrole = new_resource.createrole ? "CREATEROLE" : "NOCREATEROLE"
   replication = new_resource.replication ? "REPLICATION" : "NOREPLICATION"
 
-  unless @pg.users.include?(new_resource.user)
+  if !@pg.users.include?(new_resource.user)
     @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}")
     new_resource.updated_by_last_action(true)
   else