From d81c6341e9aebc9af32fdbcd845849fdfd974d3b Mon Sep 17 00:00:00 2001
From: Clayton Kramer <clayton.kramer@rrd.com>
Date: Thu, 15 May 2014 16:40:02 -0400
Subject: [PATCH] Added support for MySQL hashed user password. Also added some
 improved YAML quoting around passwords.

---
 README.rst         | 12 ++++++++++--
 mysql/database.sls |  2 +-
 mysql/user.sls     | 10 +++++++---
 pillar.example     |  6 +++---
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/README.rst b/README.rst
index 9970943..5807fe5 100644
--- a/README.rst
+++ b/README.rst
@@ -28,11 +28,19 @@ Install the MySQL server package and start the service.
 Debian OS family supports setting MySQL root password during install via debconf.
 
 ``mysql.database``
-----------------
+------------------
 
 Create and manage MySQL databases.
 
 ``mysql.user``
 ----------------
 
-Create and manage MySQL database users with definable GRANT privileges.
\ No newline at end of file
+Create and manage MySQL database users with definable GRANT privileges.
+
+The state accepts MySQL hashed passwords or clear text. Hashed password have priority.
+
+.. note::
+    See the `salt.states.mysql_user <http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_user.html#module-salt.states.mysql_user>`_ docs for additional information on configuring hashed passwords.
+    
+    Make sure the **quote the passwords** in the pillar so YAML doesn't throw an exception.
+
diff --git a/mysql/database.sls b/mysql/database.sls
index f81741d..24c3bcd 100644
--- a/mysql/database.sls
+++ b/mysql/database.sls
@@ -5,7 +5,7 @@
   mysql_database.present:
     - host: localhost
     - connection_user: root
-    - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}
+    - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
     - connection_charset: utf8
 {% endfor %}
 
diff --git a/mysql/user.sls b/mysql/user.sls
index 4f0186e..2e4f935 100644
--- a/mysql/user.sls
+++ b/mysql/user.sls
@@ -4,10 +4,14 @@
 {{ user['name'] }}:
   mysql_user.present:
     - host: {{ user['host'] }}
-    - password: {{ user['password'] }}
+  {%- if user['password_hash'] is defined %}
+    - password_hash: '{{ user['password_hash'] }}'
+  {% else %}
+    - password: '{{ user['password'] }}'
+  {% endif %}
     - connection_host: localhost
     - connection_user: root
-    - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}
+    - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
     - connection_charset: utf8
 
 {% for db in user['databases'] %}
@@ -19,7 +23,7 @@
     - host: {{ user['host'] }}
     - connection_host: localhost
     - connection_user: root
-    - connection_pass: {{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}
+    - connection_pass: '{{ salt['pillar.get']('mysql:server:root_password', 'somepass') }}'
     - connection_charset: utf8
     - require:
       - mysql_user: {{ user['name'] }}
diff --git a/pillar.example b/pillar.example
index 0c5f9e7..7567fc3 100644
--- a/pillar.example
+++ b/pillar.example
@@ -1,6 +1,6 @@
 mysql:
   server:
-    root_password: somepass
+    root_password: 'somepass'
     bind-address: 127.0.0.1
     port: 3306
     user: mysql
@@ -13,7 +13,7 @@ mysql:
   # Manage users
   user:
     - name: frank
-      password: somepass
+      password: 'somepass'
       host: localhost
       databases:
         - database: foo
@@ -21,7 +21,7 @@ mysql:
         - database: bar
           grants: ['all privileges']
     - name: bob
-      password: someotherpass
+      password_hash: '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4'
       host: localhost
       databases:
         - database: foo