Merge pull request #14 from ninjix/master

Added support for MySQL hashed user password.

README.rst

@@ -28,11 +28,19 @@ Install the MySQL server package and start the service.
 Debian OS family supports setting MySQL root password during install via debconf.
 
 ``mysql.database``
-----------------
+------------------
 
 Create and manage MySQL databases.
 
 ``mysql.user``
 ----------------
 
-Create and manage MySQL database users with definable GRANT privileges.
+Create and manage MySQL database users with definable GRANT privileges.
+
+The state accepts MySQL hashed passwords or clear text. Hashed password have priority.
+
+.. note::
+    See the `salt.states.mysql_user <http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_user.html#module-salt.states.mysql_user>`_ docs for additional information on configuring hashed passwords.
+    
+    Make sure to **quote the passwords** in the pillar so YAML doesn't throw an exception.
+

mysql/database.sls

@@ -1,11 +1,14 @@
 {% from "mysql/map.jinja" import mysql with context %}
 
+include:
+  - mysql.python
+
 {% for database in salt['pillar.get']('mysql:database', []) %}
 {{ database }}:
   mysql_database.present:
     - host: localhost
     - connection_user: root
-    - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}
+    - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
     - connection_charset: utf8
 {% endfor %}
 

mysql/server.sls

@@ -50,11 +50,6 @@ mysqld:
     - watch:
       - pkg: mysqld
 
-mysql-python:
-  pkg:
-    - installed
-    - name: {{ mysql.python }}
-
 {% if grains['os'] in ['Ubuntu', 'Debian', 'Gentoo', 'CentOS'] %}
 my.cnf:
   file.managed:

mysql/user.sls

@@ -1,13 +1,20 @@
 {% from "mysql/map.jinja" import mysql with context %}
 
+include:
+  - mysql.python
+
 {% for user in salt['pillar.get']('mysql:user', []) %}
 {{ user['name'] }}:
   mysql_user.present:
     - host: {{ user['host'] }}
-    - password: {{ user['password'] }}
+  {%- if user['password_hash'] is defined %}
+    - password_hash: '{{ user['password_hash'] }}'
+  {% else %}
+    - password: '{{ user['password'] }}'
+  {% endif %}
     - connection_host: localhost
     - connection_user: root
-    - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}
+    - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
     - connection_charset: utf8
 
 {% for db in user['databases'] %}
@@ -19,7 +26,7 @@
     - host: {{ user['host'] }}
     - connection_host: localhost
     - connection_user: root
-    - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}
+    - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
     - connection_charset: utf8
     - require:
       - mysql_user: {{ user['name'] }}

pillar.example

@@ -1,6 +1,6 @@
 mysql:
   server:
-    root_password: somepass
+    root_password: 'somepass'
     bind-address: 127.0.0.1
     port: 3306
     user: mysql
@@ -13,7 +13,7 @@ mysql:
   # Manage users
   user:
     - name: frank
-      password: somepass
+      password: 'somepass'
       host: localhost
       databases:
         - database: foo
@@ -21,7 +21,7 @@ mysql:
         - database: bar
           grants: ['all privileges']
     - name: bob
-      password: someotherpass
+      password_hash: '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'
       host: localhost
       databases:
         - database: foo