From cb75292d7f5a5a5e81ace61749eb5019363308d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 13 Mar 2019 17:39:39 +0100
Subject: [PATCH] Set the ejabberd postgresql user from an encrypted data bag

---
 .../kosmos-ejabberd/recipes/default.rb        | 21 +++++++------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
index d43f5ce..2ccf5c6 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -27,25 +27,18 @@ dpkg_package "ejabberd" do
   notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
 end
 
-postgresql_connection_info = {
-    host:     '127.0.0.1',
-    port:     5432,
-    username: 'postgres',
-    password: node['postgresql']['password']['postgres']
-}
+postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
+ejabberd_user_password = postgresql_data_bag_item['ejabberd_user_password']
 
 postgresql_database 'ejabberd' do
-  connection postgresql_connection_info
   action :create
   notifies :run, "execute[create db schema]", :delayed
 end
 
-postgresql_database_user 'ejabberd' do
-  connection postgresql_connection_info
-  password   'super_secret'
-  database_name 'ejabberd'
-  privileges    [:all]
-  action     [:create, :grant]
+postgresql_user 'ejabberd' do
+  password ejabberd_user_password
+  database 'ejabberd'
+  action     [:create]
 end
 
 execute "create db schema" do
@@ -58,7 +51,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
   source    "ejabberd.yml.erb"
   mode      0640
   sensitive true
-  variables pgsql_password: "super_secret"
+  variables pgsql_password: ejabberd_user_password
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end