X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/069e33163e0b09a7d647a98c2fde284a16a43b99..6bf5013e5d298962c5a54bc395b53a5ec1a8a5ba:/cookbooks/postgresql/providers/user.rb?ds=sidebyside

diff --git a/cookbooks/postgresql/providers/user.rb b/cookbooks/postgresql/providers/user.rb
index 791368255..22d01a4dc 100644
--- a/cookbooks/postgresql/providers/user.rb
+++ b/cookbooks/postgresql/providers/user.rb
@@ -17,13 +17,17 @@
 # limitations under the License.
 #
 
+require "shellwords"
+
+use_inline_resources
+
 def load_current_resource
   @pg = Chef::PostgreSQL.new(new_resource.cluster)
 
   @current_resource = Chef::Resource::PostgresqlUser.new(new_resource.name)
   @current_resource.user(new_resource.user)
   @current_resource.cluster(new_resource.cluster)
-  if pg_user = @pg.users[@current_resource.user]
+  if (pg_user = @pg.users[@current_resource.user])
     @current_resource.superuser(pg_user[:superuser])
     @current_resource.createdb(pg_user[:createdb])
     @current_resource.createrole(pg_user[:createrole])
@@ -33,35 +37,40 @@ def load_current_resource
 end
 
 action :create do
-  password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password}'" : ""
+  password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : ""
   superuser = new_resource.superuser ? "SUPERUSER" : "NOSUPERUSER"
   createdb = new_resource.createdb ? "CREATEDB" : "NOCREATEDB"
   createrole = new_resource.createrole ? "CREATEROLE" : "NOCREATEROLE"
   replication = new_resource.replication ? "REPLICATION" : "NOREPLICATION"
 
   if !@pg.users.include?(new_resource.user)
-    @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}")
-    new_resource.updated_by_last_action(true)
+    converge_by "create role #{new_resource.user}" do
+      @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}")
+    end
   else
     if new_resource.superuser != @current_resource.superuser
-      @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}")
-      new_resource.updated_by_last_action(true)
+      converge_by "alter role #{new_resource.user}" do
+        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}")
+      end
     end
 
     unless new_resource.superuser
       if new_resource.createdb != @current_resource.createdb
-        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}")
-        new_resource.updated_by_last_action(true)
+        converge_by "alter role #{new_resource.user}" do
+          @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}")
+        end
       end
 
       if new_resource.createrole != @current_resource.createrole
-        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}")
-        new_resource.updated_by_last_action(true)
+        converge_by "alter role #{new_resource.user}" do
+          @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}")
+        end
       end
 
       if new_resource.replication != @current_resource.replication
-        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}")
-        new_resource.updated_by_last_action(true)
+        converge_by "alter role #{new_resource.user}" do
+          @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}")
+        end
       end
     end
   end
@@ -69,7 +78,8 @@ end
 
 action :drop do
   if @pg.users.include?(new_resource.user)
-    @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"")
-    new_resource.updated_by_last_action(true)
+    converge_by "drop role #{new_resource.user}" do
+      @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"")
+    end
   end
 end