From 703388ec0574e02540ace0f2e0e35d8de0e07355 Mon Sep 17 00:00:00 2001
From: Joe Julian <me@joejulian.name>
Date: Wed, 7 Sep 2016 09:20:10 -0700
Subject: [PATCH] Fix broken GRANT when not ssl

if ssl_option is not False, mysql_grant.present adds "REQUIRE" to the
grant command but since all the ssl sub options are false or missing,
there is a null string appended to the requirements. This causes the
grant command to fail.

This tests to see if ssl or X509 are set. If they're not, it skips the
entire ssl_option section leaving ssl_option==False to prevent that
error.
---
 mysql/user.sls | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mysql/user.sls b/mysql/user.sls
index b937343..e4f2ebe 100644
--- a/mysql/user.sls
+++ b/mysql/user.sls
@@ -79,6 +79,7 @@ include:
     - grant: {{db['grants']|join(",")}}
     - database: '{{ db['database'] }}.{{ db['table'] | default('*') }}'
     - grant_option: {{ db['grant_option'] | default(False) }}
+    {% if 'ssl' in user or 'ssl-X509' in user %}
     - ssl_option:
       - SSL: {{ user['ssl'] | default(False) }}
     {% if user['ssl-X509'] is defined %}
@@ -93,6 +94,7 @@ include:
     {% if user['ssl-CIPHER'] is defined %}
       - CIPHER: {{ user['ssl-CIPHER'] }}
     {% endif %}
+    {% endif %}
     - user: {{ name }}
     - host: '{{ host }}'
     - connection_host: '{{ mysql_host }}'