Additional users
diff --git a/README.rst b/README.rst
index e692b69..a116d44 100644
--- a/README.rst
+++ b/README.rst
@@ -56,6 +56,30 @@
user: root
password: pass
+
+Additional mysql users:
+
+.. code-block:: yaml
+
+ mysql:
+ server:
+ users:
+ - name: clustercheck
+ password: clustercheck
+ database: '*.*'
+ grants: PROCESS
+ grant_option: False
+ - name: inspector
+ host: 127.0.0.1
+ password: password
+ databases:
+ mydb:
+ - database: mydb
+ - table: mytable
+ - grant_option: False
+ - grants:
+ - all privileges
+
Usage
=====
diff --git a/galera/server.sls b/galera/server.sls
index a81a7e8..bac8626 100644
--- a/galera/server.sls
+++ b/galera/server.sls
@@ -56,17 +56,54 @@
{%- if not grains.get('noservices', False) %}
{%- for user in server.get('users', []) %}
-
-mysql_user_{{ user.name }}_{{ user.host }}:
+{%- set user_hosts = user.get('hosts', user.get('host', 'localhost'))|sequence %}
+{%- for host in user_hosts %}
+mysql_user_{{ user.name }}_{{ host }}:
mysql_user.present:
- host: '{{ user.host }}'
- name: '{{ user.name }}'
- {%- if user.password is defined %}
- - password: {{ user.password }}
+ {%- if user['password_hash'] is defined %}
+ - password_hash: '{{ user.password_hash }}'
+ {%- elif user['password'] is defined and user['password'] != None %}
+ - password: '{{ user.password }}'
{%- else %}
- allow_passwordless: True
{%- endif %}
+ - connection_charset: utf8
+{%- if 'grants' in user %}
+mysql_user_{{ user.name }}_{{ host }}_grants:
+ mysql_grants.present:
+ - name: {{ user.name }}
+ - grant: {{ user['grants']|sequence|join(",") }}
+ - database: '*.*'
+ - grant_option: {{ user['grant_option'] | default(False) }}
+ - user: {{ user.name }}
+ - host: '{{ host }}'
+ - connection_charset: utf8
+ - require:
+ - mysql_user_{{ user.name }}_{{ host }}
+{%- endif %}
+
+{%- if 'databases' in user %}
+{% for db in user['databases'] %}
+mysql_user_{{ user.name }}_{{ host }}_grants_db_{{ db }} ~ '_' ~ loop.index0:
+ mysql_grants.present:
+ - name: {{ user.name ~ '_' ~ db['database'] ~ '_' ~ db['table'] | default('all') }}
+ - grant: {{db['grants']|sequence|join(",")}}
+ - database: '{{ db['database'] }}.{{ db['table'] | default('*') }}'
+ - grant_option: {{ db['grant_option'] | default(False) }}
+ - user: {{ user.name }}
+ - host: '{{ host }}'
+ - connection_charset: utf8
+ - require:
+ - mysql_user_{{ user.name }}_{{ host }}
+ - mysql_database_{{ db }}
{%- endfor %}
{%- endif %}
-{%- endif %}
\ No newline at end of file
+
+{%- endfor %}
+{%- endfor %}
+
+{%- endif %}
+{%- endif %}
diff --git a/tests/pillar/master_cluster.sls b/tests/pillar/master_cluster.sls
index 7257ce4..a12e7d7 100644
--- a/tests/pillar/master_cluster.sls
+++ b/tests/pillar/master_cluster.sls
@@ -25,3 +25,19 @@
host: '%'
- name: haproxy
host: 127.0.0.1
+ - name: clustercheck
+ #host: localhost
+ password: clustercheck
+ database: '*.*'
+ grants: PROCESS
+ grant_option: False
+ - name: inspector
+ host: 127.0.0.1
+ password: password
+ databases:
+ mydb:
+ - database: mydb
+ - table: mytable
+ - grant_option: False
+ - grants:
+ - all privileges