From 5f2c1e534c5fb60d3d49d116a773349bf3a47ad5 Mon Sep 17 00:00:00 2001
From: Thomas Tischner <tti@netzmarkt.de>
Date: Fri, 18 May 2018 10:42:03 +0200
Subject: [PATCH 1/3] Allow empty passwords

---
 lib/puppet/provider/mysql_user/mysql.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb
index d647f6420..8d16f9bf6 100644
--- a/lib/puppet/provider/mysql_user/mysql.rb
+++ b/lib/puppet/provider/mysql_user/mysql.rb
@@ -121,7 +121,7 @@ def password_hash=(string)
       # default ... if mysqld_version does not work
       self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system')
     elsif (mysqld_type == 'mysql' || mysqld_type == 'percona') && Puppet::Util::Package.versioncmp(mysqld_version, '5.7.6') >= 0
-      raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless string =~ %r{^\*}
+      raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless string =~ %r{^\*|^$}
       self.class.mysql_caller("ALTER USER #{merged_name} IDENTIFIED WITH mysql_native_password AS '#{string}'", 'system')
     else
       self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system')

From 1159e4b037d047a58ec526974a5222eb1fd19939 Mon Sep 17 00:00:00 2001
From: Thomas Tischner <tti@netzmarkt.de>
Date: Wed, 27 Jun 2018 14:23:34 +0200
Subject: [PATCH 2/3] Allow empty passwords

---
 spec/unit/puppet/type/mysql_user_spec.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb
index 0c900b0c7..c491d8cf9 100644
--- a/spec/unit/puppet/type/mysql_user_spec.rb
+++ b/spec/unit/puppet/type/mysql_user_spec.rb
@@ -43,6 +43,11 @@
       user[:password_hash] = 'foo'
       expect(user[:password_hash]).to eq('foo')
     end
+
+    it 'accepts an empty password' do
+      user[:password_hash] = ''
+      expect(user[:password_hash]).to eq('')
+    end
   end
 
   context 'using foo@LocalHost' do

From 033d5fe0acb3aa8211128316748f6d9c7dfe6f1b Mon Sep 17 00:00:00 2001
From: Thomas Tischner <tti@netzmarkt.de>
Date: Wed, 11 Jul 2018 16:27:45 +0200
Subject: [PATCH 3/3] Extend readme for empty passwords

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index cda01eba8..b9d47546f 100644
--- a/README.md
+++ b/README.md
@@ -170,6 +170,8 @@ mysql::db { 'mydb':
 }
 ```
 
+If required, the password can also be an empty string to allow connections without an password.
+
 ### Install Percona server on CentOS
 
 This example shows how to do a minimal installation of a Percona server on a