From d1de0fdfc6c1c6daf34b19cae2efb6b3d9789223 Mon Sep 17 00:00:00 2001
From: Alexander Weidinger <aw@sz9i.net>
Date: Tue, 9 Apr 2019 22:54:36 +0200
Subject: [PATCH] Allow to remove DB user

---
 mysql/user.sls | 34 ++++++++++++++++++++--------------
 pillar.example |  6 ++++++
 2 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/mysql/user.sls b/mysql/user.sls
index e729bf8..fa0b6e4 100644
--- a/mysql/user.sls
+++ b/mysql/user.sls
@@ -34,22 +34,28 @@ include:
 
 {% set state_id = 'mysql_user_' ~ name ~ '_' ~ host%}
 {{ state_id }}:
-  mysql_user.present:
-    - name: {{ name }}
-    - host: '{{ host }}'
-  {%- if user['password_hash'] is defined %}
-    - password_hash: '{{ user['password_hash'] }}'
-  {%- elif user['password'] is defined and user['password'] != None %}
-    - password: '{{ user['password'] }}'
+  {%- if user.get('present', True) %}
+    mysql_user.present:
+      - name: {{ name }}
+      - host: '{{ host }}'
+    {%- if user['password_hash'] is defined %}
+      - password_hash: '{{ user['password_hash'] }}'
+    {%- elif user['password'] is defined and user['password'] != None %}
+      - password: '{{ user['password'] }}'
+    {%- else %}
+      - allow_passwordless: True
+    {%- endif %}
   {%- else %}
-    - allow_passwordless: True
+    mysql_user.absent:
+      - name: {{ name }}
+      - host: '{{ host }}'
   {%- endif %}
-    - connection_host: '{{ mysql_host }}'
-    - connection_user: '{{ mysql_salt_user }}'
-    {% if mysql_salt_pass %}
-    - connection_pass: '{{ mysql_salt_pass }}'
-    {% endif %}
-    - connection_charset: utf8
+      - connection_host: '{{ mysql_host }}'
+      - connection_user: '{{ mysql_salt_user }}'
+  {%- if mysql_salt_pass %}
+      - connection_pass: '{{ mysql_salt_pass }}'
+  {%- endif %}
+      - connection_charset: utf8
 
 {%- if 'grants' in user %}
 {{ state_id ~ '_grants' }}:
diff --git a/pillar.example b/pillar.example
index 399f483..bcdbf82 100644
--- a/pillar.example
+++ b/pillar.example
@@ -143,6 +143,12 @@ mysql:
         - database: foo
           grants: ['select', 'insert', 'update']
 
+    # Remove a user
+    obsoleteuser:
+      host: localhost
+      # defaults to True
+      present: False
+
   # Override any names defined in map.jinja
   # serverpkg: mysql-server
   # clientpkg: mysql-client
-- 
GitLab