#!/bin/sh -e
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#

case $("${__explorer:?}/os")
in
	(netbsd)
		postgres_user='pgsql'
		;;
	(openbsd)
		postgres_user='_postgresql'
		;;
	(*)
		postgres_user='postgres'
		;;
esac

rolename=${__object_id:?}

role_properties=$(
	cmd=$(printf "psql -F '\034' -R '\036' -wAc \"SELECT * FROM pg_roles WHERE rolname='%s'\"" "${rolename}")
	su -l "${postgres_user}" -c "${cmd}" \
	| awk '
	  BEGIN { RS = "\036"; FS = "\034" }
	  /^\([0-9]+ rows?\)/ { exit }
	  NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next }
	  NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i }
	  '
)

if test -n "${role_properties}"
then
	# Check if the user's properties match the parameters
	for prop in login createdb createrole superuser
	do
		bool_should=$(test -f "${__object:?}/parameter/${prop}" && echo 't' || echo 'f')
		bool_is=$(
			printf '%s\n' "${role_properties}" |
			awk -F '=' -v key="${prop}" '
			BEGIN {
				if (key == "login")
					key = "canlogin"
				else if (key == "superuser")
					key = "super"
				key = "rol" key
			}
			$1 == key {
				sub(/^[^=]*=/, "")
				print
			}
			'
		)

		test "${bool_is}" = "${bool_should}" || {
			echo 'different'
			exit 0
		}
	done

	echo 'present'
else
	echo 'absent'
fi