From 524b6e981c894ee5b9b1bc337eef7e60a193b61d Mon Sep 17 00:00:00 2001
From: "Matthew X. Economou" <xenophon@irtnog.org>
Date: Mon, 18 May 2015 10:33:27 -0400
Subject: [PATCH 1/2] Allow changing connection_user by setting the
 'mysql:server:root_user' Pillar key

In some MySQL server configurations (e.g., Amazon RDS), the root account
may not be available.  Instead, one may need to use a different account
in order to perform database administration.  This change replaced hard-
coded references to the root account with a Pillar lookup that defaults
to 'root'.  Existing users of this formula should see no change in its
behavior.
---
 mysql/database.sls             | 3 ++-
 mysql/remove_test_database.sls | 3 ++-
 mysql/server.sls               | 7 +++++--
 mysql/user.sls                 | 5 +++--
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/mysql/database.sls b/mysql/database.sls
index 31d68c9..35caa21 100644
--- a/mysql/database.sls
+++ b/mysql/database.sls
@@ -1,6 +1,7 @@
 {% from "mysql/defaults.yaml" import rawmap with context %}
 {%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:lookup')) %}
 
+{% set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %}
 {% set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
 {% set mysql_host = salt['pillar.get']('mysql:server:host', 'localhost') %}
 {% set db_states = [] %}
@@ -14,7 +15,7 @@ include:
   mysql_database.present:
     - name: {{ database }}
     - connection_host: '{{ mysql_host }}'
-    - connection_user: root
+    - connection_user: '{{ mysql_root_user }}'
     {% if mysql_root_pass %}
     - connection_pass: '{{ mysql_root_pass }}'
     {% endif %}
diff --git a/mysql/remove_test_database.sls b/mysql/remove_test_database.sls
index 8a336d2..052bd97 100644
--- a/mysql/remove_test_database.sls
+++ b/mysql/remove_test_database.sls
@@ -1,3 +1,4 @@
+{% set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %}
 {% set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
 {% set mysql_host = salt['pillar.get']('mysql:server:host', 'localhost') %}
 
@@ -8,7 +9,7 @@ mysql remove test database:
   mysql_database.absent:
     - name: test
     - host: '{{ mysql_host }}'
-    - connection_user: root
+    - connection_user: '{{ mysql_root_user }}'
     {% if mysql_root_pass %}
     - connection_pass: '{{ mysql_root_pass }}'
     {% endif %}
diff --git a/mysql/server.sls b/mysql/server.sls
index 1830328..9ad93a2 100644
--- a/mysql/server.sls
+++ b/mysql/server.sls
@@ -3,6 +3,7 @@
 
 {% set os = salt['grains.get']('os', None) %}
 {% set os_family = salt['grains.get']('os_family', None) %}
+{% set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %}
 {% set mysql_root_password = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
 {% set mysql_host = salt['pillar.get']('mysql:server:host', 'localhost') %}
 
@@ -41,8 +42,10 @@ mysql_delete_anonymous_user_{{ host }}:
     - host: {{ host or "''" }}
     - name: ''
     - connection_host: '{{ mysql_host }}'
-    - connection_user: root
-    - connection_pass: {{ mysql_root_password }}
+    - connection_user: '{{ mysql_root_user }}'
+    {% if mysql_root_password %}
+    - connection_pass: '{{ mysql_root_password }}'
+    {% endif %}
     - connection_charset: utf8
     - require:
       - service: mysqld
diff --git a/mysql/user.sls b/mysql/user.sls
index 1c43838..12f57d1 100644
--- a/mysql/user.sls
+++ b/mysql/user.sls
@@ -1,5 +1,6 @@
 {% from "mysql/defaults.yaml" import rawmap with context %}
 {%- set mysql = salt['grains.filter_by'](rawmap, grain='os', merge=salt['pillar.get']('mysql:server:lookup')) %}
+{%- set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %}
 {%- set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', 'somepass') %}
 {%- set mysql_host = salt['pillar.get']('mysql:server:host', 'localhost') %}
 
@@ -33,7 +34,7 @@ include:
     - allow_passwordless: True
   {%- endif %}
     - connection_host: '{{ mysql_host }}'
-    - connection_user: root
+    - connection_user: '{{ mysql_root_user }}'
     {% if mysql_root_pass %}
     - connection_pass: '{{ mysql_root_pass }}'
     {% endif %}
@@ -49,7 +50,7 @@ include:
     - user: {{ name }}
     - host: '{{ host }}'
     - connection_host: '{{ mysql_host }}'
-    - connection_user: root
+    - connection_user: '{{ mysql_root_user }}'
     {% if mysql_root_pass -%}
     - connection_pass: '{{ mysql_root_pass }}'
     {% endif %}

From 026c5cea4aad2bd4d47f9cf3b3cd0d593efd131f Mon Sep 17 00:00:00 2001
From: "Matthew X. Economou" <xenophon@irtnog.org>
Date: Mon, 18 May 2015 10:49:17 -0400
Subject: [PATCH 2/2] Add example 'mysql:server:root_user' key-value pair.

---
 pillar.example | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pillar.example b/pillar.example
index fccdcfe..65a70b7 100644
--- a/pillar.example
+++ b/pillar.example
@@ -1,5 +1,7 @@
 mysql:
   server:
+    # Use this account for database admin (defaults to root)
+    root_user: 'admin'
     # root_password: False - to have root@localhost without password
     root_password: 'somepass'
     user: mysql