From 87b3d3a9c51b2504134503cf02f80beff8548a57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 13 Mar 2019 17:38:24 +0100
Subject: [PATCH] Set postgresql password from an encrypted data bag

---
 data_bags/credentials/postgresql.json           | 17 +++++++++++++++++
 .../kosmos-postgresql/recipes/default.rb        | 12 ++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 data_bags/credentials/postgresql.json

diff --git a/data_bags/credentials/postgresql.json b/data_bags/credentials/postgresql.json
new file mode 100644
index 0000000..87a3edf
--- /dev/null
+++ b/data_bags/credentials/postgresql.json
@@ -0,0 +1,17 @@
+{
+  "id": "postgresql",
+  "ejabberd_user_password": {
+    "encrypted_data": "S/vdx+qZ4FWtbM29yDRoIgjvFORoArJVlanPm/el1nCM0se0pnxw\n",
+    "iv": "ARRo7yYYb7fve7Fv\n",
+    "auth_tag": "q7AGIahxB50jHjD+/9po0g==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "server_password": {
+    "encrypted_data": "guWsuw7EqHQGMawW9P77Q12P8tUslpXE3AwRbobJlaTClVU08kcz\n",
+    "iv": "ELRNrSW+zKYfL/eb\n",
+    "auth_tag": "zayCIjABap1NsOewJDzapA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}
\ No newline at end of file
diff --git a/site-cookbooks/kosmos-postgresql/recipes/default.rb b/site-cookbooks/kosmos-postgresql/recipes/default.rb
index b6b7472..3eaaea6 100644
--- a/site-cookbooks/kosmos-postgresql/recipes/default.rb
+++ b/site-cookbooks/kosmos-postgresql/recipes/default.rb
@@ -4,9 +4,21 @@
 #
 # Copyright:: 2019, Kosmos, All Rights Reserved.
 
+node.override['build-essential']['compile_time'] = true
+include_recipe 'build-essential::default'
+
+package("libpq-dev") { action :nothing }.run_action(:install)
+
+chef_gem 'pg' do
+  compile_time true
+end
+
+postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
+
 postgresql_server_install "main" do
   version "10"
   setup_repo false
+  password postgresql_data_bag_item['server_password']
   action :install
 end