Cookbooks
mysql
documentation
Resource Mysql User

mysql_user

Manage MySQL users and grant them privileges on database objects.

Actions

  • create - (default) to create a user
  • drop - to drop a user
  • grant - to grant privileges to a user
  • revoke - to revoke privileges from a user

Properties

NameTypesDescriptionDefaultRequired?
ctrl_userStringthe username of the control connectionrootno
ctrl_passwordStringpassword of the user used to connect tono
ctrl_hostStringhost to connect tolocalhostno
ctrl_portStringport of the host to connect to3306no
usernameStringThe database user to be managedname if not definedno
hostStringThe host from which the user is allowed to connectlocalhostno
passwordString, HashedPasswordpassword the user will be asked for to connectyes
privilegesArray[:all]no
database_nameStringno
tableStringno
grant_optiontrue/falsefalseno
require_ssltrue/falsefalseno
require_x509true/falsefalseno
use_native_authtrue/falseif using MySQL >8, use mysql_native_password for authtrueno

use_native_auth

This property should be set to false if the user is local (host of localhost) to provide better security. The property still works for remote users but does not provide any idempotency guarantees. use_native_auth has no effect for percona <8.

Examples

# Create an user but grant no privileges
mysql_user 'disenfranchised' do
  password 'super_secret'
  action :create
end
 
# Create an user using a hashed password string instead of plain text one
mysql_user 'disenfranchised' do
  password hashed_password('md5eacdbf8d9847a76978bd515fae200a2a')
  action :create
end
 
# Drop a user
mysql_user 'foo_user' do
  action :drop
end
 
# Grant SELECT, UPDATE, and INSERT privileges to all tables in foo db from all hosts
mysql_user 'foo_user' do
  password 'super_secret'
  database_name 'foo'
  host '%'
  privileges [:select,:update,:insert]
  action :grant
end