diff --git a/mysql/user.sls b/mysql/user.sls
index e729bf8035946f4fc51a829f5e73f7a4a3f53d73..fa0b6e4e24683ec02fa2b7310c6d035751606206 100644
--- a/mysql/user.sls
+++ b/mysql/user.sls
@@ -34,22 +34,28 @@ include:
{% set state_id = 'mysql_user_' ~ name ~ '_' ~ host%}
{{ state_id }}:
- mysql_user.present:
- - name: {{ name }}
- - host: '{{ host }}'
- {%- if user['password_hash'] is defined %}
- - password_hash: '{{ user['password_hash'] }}'
- {%- elif user['password'] is defined and user['password'] != None %}
- - password: '{{ user['password'] }}'
+ {%- if user.get('present', True) %}
+ mysql_user.present:
+ - name: {{ name }}
+ - host: '{{ host }}'
+ {%- if user['password_hash'] is defined %}
+ - password_hash: '{{ user['password_hash'] }}'
+ {%- elif user['password'] is defined and user['password'] != None %}
+ - password: '{{ user['password'] }}'
+ {%- else %}
+ - allow_passwordless: True
+ {%- endif %}
{%- else %}
- - allow_passwordless: True
+ mysql_user.absent:
+ - name: {{ name }}
+ - host: '{{ host }}'
{%- endif %}
- - connection_host: '{{ mysql_host }}'
- - connection_user: '{{ mysql_salt_user }}'
- {% if mysql_salt_pass %}
- - connection_pass: '{{ mysql_salt_pass }}'
- {% endif %}
- - connection_charset: utf8
+ - connection_host: '{{ mysql_host }}'
+ - connection_user: '{{ mysql_salt_user }}'
+ {%- if mysql_salt_pass %}
+ - connection_pass: '{{ mysql_salt_pass }}'
+ {%- endif %}
+ - connection_charset: utf8
{%- if 'grants' in user %}
{{ state_id ~ '_grants' }}:
diff --git a/pillar.example b/pillar.example
index 399f483a2b87fd8fe63f927444bac2339362ca49..bcdbf828e39169c700a6823a2b47f90143d8424e 100644
--- a/pillar.example
+++ b/pillar.example
@@ -143,6 +143,12 @@ mysql:
- database: foo
grants: ['select', 'insert', 'update']
+ # Remove a user
+ obsoleteuser:
+ host: localhost
+ # defaults to True
+ present: False
+
# Override any names defined in map.jinja
# serverpkg: mysql-server
# clientpkg: mysql-client