Allow mysql.create-users to specify password.

Until we have a good way of generating passwords and feeding them
back to other services (bug #118436), we will have to push them in
to mysql via Metadata.

Change-Id: Idfa64bf93b6f018ae08a5c43ba3c73f428c477d6

elements/mysql/README.md

@@ -1,3 +1,31 @@
-Sets up a MySQL server install in the image.
+Set up a MySQL server install in the image.
 
 TODO: auto-tune settings based on host resources or metadata service.
+
+Configuration
+-------------
+
+Users will be created if Heat Metadata is passed in under the
+'mysql.create-users' section. For example:
+
+    mysql:
+      create-users:
+        - username: dbuser1
+          database: somedb
+          userhandle:
+            Ref: SomeWaitConditionHandle
+
+This will cause mysql to create the user 'dbuser1' if it does not exist,
+and grant it all privileges on somedb. It will have a random password
+generated and passed to the WaitConditionHandle with the key of the
+username, and password as the data. A password can also be given for
+the user like this:
+
+    mysql:
+      create-users:
+        - username: dbuser2
+          database: somedb
+          password: abcdefg12345
+
+If a userhandle is also given with the password, it will be passed to
+the wait condition handle in the same manner.

elements/mysql/os-refresh-config/post-configure.d/50-mysql-users

@@ -65,8 +65,11 @@ to_create = should_exist - existing
 
 for createuser in to_create:
     dbvalue = by_user[createuser]
-    with open('/dev/urandom', 'rb') as urandom:
-        password = b64encode(urandom.read(30))
+    if 'password' in dbvalue:
+        password = dbvalue['password']
+    else:
+        password = b64encode(os.urandom(30))
+
     cmd = "GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@'%%' IDENTIFIED BY '%s'" % (
         dbvalue['database'], dbvalue['username'], password)
     if opts.noop: