puppetlabs · david22swan · Jul 11, 2018 · May 18, 2018 · May 24, 2018 · Jun 27, 2018
diff --git a/README.md b/README.md
@@ -170,6 +170,8 @@ mysql::db { 'mydb':
 }
 ```
 
+If required, the password can also be an empty string to allow connections without an password.
+
 ### Install Percona server on CentOS
 
 This example shows how to do a minimal installation of a Percona server on a

diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb
@@ -126,7 +126,7 @@ def password_hash=(string)
       # default ... if mysqld_version does not work
       self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system')
     elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6')
-      raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless string =~ %r{^\*}
+      raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless string =~ %r{^\*|^$}
       self.class.mysql_caller("ALTER USER #{merged_name} IDENTIFIED WITH mysql_native_password AS '#{string}'", 'system')
     else
       self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system')

diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb
@@ -43,6 +43,11 @@
       user[:password_hash] = 'foo'
       expect(user[:password_hash]).to eq('foo')
     end
+
+    it 'accepts an empty password' do
+      user[:password_hash] = ''
+      expect(user[:password_hash]).to eq('')
+    end
   end
 
   context 'using foo@LocalHost' do
-Original file line number
+Diff line change
@@ Expand Up / @@ -170,6 +170,8 @@ mysql::db { 'mydb': @@
     }
     ```
+    If required, the password can also be an empty string to allow connections without an password.
     ### Install Percona server on CentOS
     This example shows how to do a minimal installation of a Percona server on a
@@ Expand Down @@