salt.states.mysql_user

Management of MySQL users

depends:
  • MySQLdb Python module

configuration:

See salt.modules.mysql for setup instructions.

frank:
  mysql_user.present:
    - host: localhost
    - password: bobcat

New in version 0.16.2: Authentication overrides have been added.

The MySQL authentication information specified in the minion config file can be overridden in states using the following arguments: connection_host, connection_port, connection_user, connection_pass, connection_db, connection_unix_socket, connection_default_file and connection_charset.

frank:
  mysql_user.present:
    - host: localhost
    - password: "bob@cat"
    - connection_user: someuser
    - connection_pass: somepass
    - connection_charset: utf8
    - saltenv:
      - LC_ALL: "en_US.utf8"

This state is not able to grant permissions for the user. See salt.states.mysql_grants for further instructions.

salt.states.mysql_user.absent(name, host='localhost', **connection_args)

Ensure that the named user is absent

name

The name of the user to remove

salt.states.mysql_user.present(name, host='localhost', password=None, password_hash=None, allow_passwordless=False, unix_socket=False, password_column=None, auth_plugin='mysql_native_password', **connection_args)

Ensure that the named user is present with the specified properties. A passwordless user can be configured by omitting password and password_hash, and setting allow_passwordless to True.

name

The name of the user to manage

host

Host for which this user/password combo applies

password

The password to use for this user. Will take precedence over the password_hash option if both are specified.

password_hash

The password in hashed form. Be sure to quote the password because YAML doesn't like the *. A password hash can be obtained from the mysql command-line client like so:

mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass')                        |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+
1 row in set (0.00 sec)
allow_passwordless

If True, then password and password_hash can be omitted to permit a passwordless login.

New in version 0.16.2.

unix_socket

If True and allow_passwordless is True, the unix_socket auth plugin will be used.