X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/9bca5f05185dde08efcf2d5f1a2bf66c8cdc9f00..e5f294d3dc676675b2803915571c28337468c3b3:/cookbooks/postgresql/providers/user.rb

diff --git a/cookbooks/postgresql/providers/user.rb b/cookbooks/postgresql/providers/user.rb
index 4f21b4d29..22d01a4dc 100644
--- a/cookbooks/postgresql/providers/user.rb
+++ b/cookbooks/postgresql/providers/user.rb
@@ -17,6 +17,10 @@
 # limitations under the License.
 #
 
+require "shellwords"
+
+use_inline_resources
+
 def load_current_resource
   @pg = Chef::PostgreSQL.new(new_resource.cluster)
 
@@ -33,35 +37,40 @@ def load_current_resource
 end
 
 action :create do
-  password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password}'" : ""
+  password = new_resource.password ? "ENCRYPTED PASSWORD '#{new_resource.password.shellescape}'" : ""
   superuser = new_resource.superuser ? "SUPERUSER" : "NOSUPERUSER"
   createdb = new_resource.createdb ? "CREATEDB" : "NOCREATEDB"
   createrole = new_resource.createrole ? "CREATEROLE" : "NOCREATEROLE"
   replication = new_resource.replication ? "REPLICATION" : "NOREPLICATION"
 
   if !@pg.users.include?(new_resource.user)
-    @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}")
-    new_resource.updated_by_last_action(true)
+    converge_by "create role #{new_resource.user}" do
+      @pg.execute(:command => "CREATE ROLE \"#{new_resource.user}\" LOGIN #{password} #{superuser} #{createdb} #{createrole}")
+    end
   else
     if new_resource.superuser != @current_resource.superuser
-      @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}")
-      new_resource.updated_by_last_action(true)
+      converge_by "alter role #{new_resource.user}" do
+        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{superuser}")
+      end
     end
 
     unless new_resource.superuser
       if new_resource.createdb != @current_resource.createdb
-        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}")
-        new_resource.updated_by_last_action(true)
+        converge_by "alter role #{new_resource.user}" do
+          @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createdb}")
+        end
       end
 
       if new_resource.createrole != @current_resource.createrole
-        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}")
-        new_resource.updated_by_last_action(true)
+        converge_by "alter role #{new_resource.user}" do
+          @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{createrole}")
+        end
       end
 
       if new_resource.replication != @current_resource.replication
-        @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}")
-        new_resource.updated_by_last_action(true)
+        converge_by "alter role #{new_resource.user}" do
+          @pg.execute(:command => "ALTER ROLE \"#{new_resource.user}\" #{replication}")
+        end
       end
     end
   end
@@ -69,7 +78,8 @@ end
 
 action :drop do
   if @pg.users.include?(new_resource.user)
-    @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"")
-    new_resource.updated_by_last_action(true)
+    converge_by "drop role #{new_resource.user}" do
+      @pg.execute(:command => "DROP ROLE \"#{new_resource.user}\"")
+    end
   end
 end