From 71ba85f157d7c10f9f40f2c41fdf50eb4a365927 Mon Sep 17 00:00:00 2001
From: Alexander Lutay <alutay@sipwise.com>
Date: Fri, 22 Jul 2016 19:06:18 +0200
Subject: [PATCH] MT#21227 Add MySQL check to validate passwords for all users

Change-Id: I435ded11257489be0edcd2c3f579f6a47a9a39a1
---
 ce/11_mysql_paswords.json.tt2  | 10 ++++++++++
 ce/goss.json.tt2               |  1 +
 pro/11_mysql_paswords.json.tt2 |  1 +
 3 files changed, 12 insertions(+)
 create mode 100644 ce/11_mysql_paswords.json.tt2
 create mode 120000 pro/11_mysql_paswords.json.tt2

diff --git a/ce/11_mysql_paswords.json.tt2 b/ce/11_mysql_paswords.json.tt2
new file mode 100644
index 0000000..946f4ef
--- /dev/null
+++ b/ce/11_mysql_paswords.json.tt2
@@ -0,0 +1,10 @@
+{
+    "command": {
+        mysql -Bs mysql -e 'SELECT User,Host,Password FROM user WHERE (Password = "" OR Password LIKE "!%") AND User != "root"': {
+            "comment": "There must be no users without password (root is an exception here, customer must set it later)"
+            "exit-status": 0,
+            "stdout": [],
+            "stderr": []
+        }
+    }
+}
diff --git a/ce/goss.json.tt2 b/ce/goss.json.tt2
index 23c862f..79fba1f 100644
--- a/ce/goss.json.tt2
+++ b/ce/goss.json.tt2
@@ -13,6 +13,7 @@
         "08_system_ports.json": {},
         "09_system_dns.json": {},
         "10_sites_ok.json": {},
+        "11_mysql_paswords.json": {},
         "99_dummy.json": {}
     }
 }
diff --git a/pro/11_mysql_paswords.json.tt2 b/pro/11_mysql_paswords.json.tt2
new file mode 120000
index 0000000..cc1599d
--- /dev/null
+++ b/pro/11_mysql_paswords.json.tt2
@@ -0,0 +1 @@
+../ce/11_mysql_paswords.json.tt2
\ No newline at end of file