From 8eccd5a68cadde02f54467a7fb9e370d2ee7d574 Mon Sep 17 00:00:00 2001
From: Yoda-BZH <yodabzh@gmail.com>
Date: Fri, 10 Jul 2020 17:12:24 +0200
Subject: [PATCH] feat(socket_authentication): allow unix_socket authentication

Co-authored-by: Tristan Charbonneau <tcharbonneau@oceanet-technology.com>
---
 mysql/user.sls | 3 +++
 pillar.example | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/mysql/user.sls b/mysql/user.sls
index 5c7e98b..414633a 100644
--- a/mysql/user.sls
+++ b/mysql/user.sls
@@ -42,6 +42,9 @@ include:
       - password_hash: '{{ user['password_hash'] }}'
     {%- elif user['password'] is defined and user['password'] != None %}
       - password: '{{ user['password'] }}'
+    {%- elif user['unix_socket'] is defined and user['unix_socket'] != None %}
+      - allow_passwordless: True
+      - unix_socket: True
     {%- else %}
       - allow_passwordless: True
     {%- endif %}
diff --git a/pillar.example b/pillar.example
index e2944f9..17780b3 100644
--- a/pillar.example
+++ b/pillar.example
@@ -135,6 +135,13 @@ mysql:
         - database: bar
           table: foobar
           grants: ['select', 'insert', 'update', 'delete']
+
+    # User 'alice' will be allowed to connect to the server without password
+    # as long as she has access to the unix socket.
+    # This option forces allow_passwordless to be set to True
+    alice:
+      host: 'localhost'
+      unix_socket: true
     nopassuser:
       password: ~
       host: localhost