commit 79f6906372cc44e607ddc59f952e08e9e95a0bd6
author Vasyl Saienko <vsaienko@mirantis.com> Mon Jan 29 11:04:58 2018 +0200
committer Vasyl Saienko <vsaienko@mirantis.com> Mon Jan 29 10:50:11 2018 +0000
tree f37403e01701587c8f6be7fd3e91149596c396b8
parent e1ef5552e88fa1d891ca54c8eed4eae0c31d868e

Allow to set SSL options for mysql user

This patch allows to set grant SSL options for user.

Change-Id: I700ed0634c549590f1cf207a3852996fc65e5d14
Related-Prod: PROD-17049

README.rst

diff --git a/README.rst b/README.rst
index 4873cfa..872aca0 100644
--- a/README.rst
+++ b/README.rst
@@ -101,6 +101,24 @@
                 - grants:
                   - all privileges
 
+Additional mysql SSL grants:
+
+.. code-block:: yaml
+
+    mysql:
+      server:
+        users:
+          - name: clustercheck
+            password: clustercheck
+            database: '*.*'
+            grants: PROCESS
+            ssl_option:
+              - SSL: True
+              - X509: True
+              - SUBJECT: <subject>
+              - ISSUER: <issuer>
+              - CIPHER: <cipher>
+
 Additional check params:
 ========================
 

galera/server.sls

diff --git a/galera/server.sls b/galera/server.sls
index 4b84654..7d070d4 100644
--- a/galera/server.sls
+++ b/galera/server.sls
@@ -38,6 +38,7 @@
   - database: '{{ database_name }}.*'
   - user: '{{ user.name }}'
   - host: '{{ user.host }}'
+  - ssl_option: {{ user.get('ssl_option', False) }}
   #- connection_user: {{ connection.user }}
   #- connection_pass: {{ connection.password }}
   #- connection_charset: {{ connection.charset }}
@@ -58,7 +59,7 @@
   - defaults:
     database_name: {{ database_name }}
     database: {{ database }}
-  - require: 
+  - require:
     - file: mysql_dirs
     - mysql_database: mysql_database_{{ database_name }}
 
@@ -92,7 +93,7 @@
   {%- if grains.get('noservices') %}
   - onlyif: /bin/false
   {%- endif %}
-  
+
 {%- if 'grants' in user %}
 mysql_user_{{ user.name }}_{{ host }}_grants:
   mysql_grants.present:
@@ -102,6 +103,7 @@
     - grant_option: {{ user['grant_option'] | default(False) }}
     - user: {{ user.name }}
     - host: '{{ host }}'
+    - ssl_option: {{ user.get('ssl_option', False) }}
     #- connection_user: {{ connection.user }}
     #- connection_pass: {{ connection.password }}
     #- connection_charset: {{ connection.charset }}
@@ -122,6 +124,7 @@
     - grant_option: {{ db['grant_option'] | default(False) }}
     - user: {{ user.name }}
     - host: '{{ host }}'
+    - ssl_option: {{ db.get('ssl_option', False) }}
     #- connection_user: {{ connection.user }}
     #- connection_pass: {{ connection.password }}
     #- connection_charset: {{ connection.charset }}