1 files changed, 20 insertions, 49 deletions

diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py
index a4f410296..ff15f693b 100644
--- a/roles/openshift_master_facts/filter_plugins/openshift_master.py
+++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py
@@ -326,10 +326,8 @@ class IdentityProviderOauthBase(IdentityProviderBase):
         self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']]
 
     def validate(self):
-        ''' validate this idp instance '''
-        if self.challenge:
-            raise errors.AnsibleFilterError("|failed provider {0} does not "
-                                            "allow challenge authentication".format(self.__class__.__name__))
+        ''' validate an instance of this idp class '''
+        pass
 
 
 class OpenIDIdentityProvider(IdentityProviderOauthBase):
@@ -428,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase):
         IdentityProviderOauthBase.__init__(self, api_version, idp)
         self._optional += [['hostedDomain', 'hosted_domain']]
 
+    def validate(self):
+        ''' validate this idp instance '''
+        if self.challenge:
+            raise errors.AnsibleFilterError("|failed provider {0} does not "
+                                            "allow challenge authentication".format(self.__class__.__name__))
+
 
 class GitHubIdentityProvider(IdentityProviderOauthBase):
     """ GitHubIdentityProvider
@@ -446,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase):
         self._optional += [['organizations'],
                            ['teams']]
 
+    def validate(self):
+        ''' validate this idp instance '''
+        if self.challenge:
+            raise errors.AnsibleFilterError("|failed provider {0} does not "
+                                            "allow challenge authentication".format(self.__class__.__name__))
+
 
 class FilterModule(object):
     ''' Custom ansible filters for use by the openshift_master role'''
@@ -475,31 +485,6 @@ class FilterModule(object):
                            Dumper=AnsibleDumper))
 
     @staticmethod
-    def validate_pcs_cluster(data, masters=None):
-        ''' Validates output from "pcs status", ensuring that each master
-            provided is online.
-            Ex: data = ('...',
-                        'PCSD Status:',
-                        'master1.example.com: Online',
-                        'master2.example.com: Online',
-                        'master3.example.com: Online',
-                        '...')
-                masters = ['master1.example.com',
-                           'master2.example.com',
-                           'master3.example.com']
-               returns True
-        '''
-        if not issubclass(type(data), string_types):
-            raise errors.AnsibleFilterError("|failed expects data is a string or unicode")
-        if not issubclass(type(masters), list):
-            raise errors.AnsibleFilterError("|failed expects masters is a list")
-        valid = True
-        for master in masters:
-            if "{0}: Online".format(master) not in data:
-                valid = False
-        return valid
-
-    @staticmethod
     def certificates_to_synchronize(hostvars, include_keys=True, include_ca=True):
         ''' Return certificates to synchronize based on facts. '''
         if not issubclass(type(hostvars), dict):
@@ -508,29 +493,16 @@ class FilterModule(object):
                  'admin.key',
                  'admin.kubeconfig',
                  'master.kubelet-client.crt',
-                 'master.kubelet-client.key']
+                 'master.kubelet-client.key',
+                 'master.proxy-client.crt',
+                 'master.proxy-client.key',
+                 'service-signer.crt',
+                 'service-signer.key']
         if bool(include_ca):
-            certs += ['ca.crt', 'ca.key', 'ca-bundle.crt']
+            certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt']
         if bool(include_keys):
             certs += ['serviceaccounts.private.key',
                       'serviceaccounts.public.key']
-        if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']):
-            certs += ['master.proxy-client.crt',
-                      'master.proxy-client.key']
-        if not bool(hostvars['openshift']['common']['version_gte_3_2_or_1_2']):
-            certs += ['openshift-master.crt',
-                      'openshift-master.key',
-                      'openshift-master.kubeconfig']
-        if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']):
-            certs += ['service-signer.crt',
-                      'service-signer.key']
-        if not bool(hostvars['openshift']['common']['version_gte_3_5_or_1_5']):
-            certs += ['openshift-registry.crt',
-                      'openshift-registry.key',
-                      'openshift-registry.kubeconfig',
-                      'openshift-router.crt',
-                      'openshift-router.key',
-                      'openshift-router.kubeconfig']
         return certs
 
     @staticmethod
@@ -556,6 +528,5 @@ class FilterModule(object):
     def filters(self):
         ''' returns a mapping of filters to methods '''
         return {"translate_idps": self.translate_idps,
-                "validate_pcs_cluster": self.validate_pcs_cluster,
                 "certificates_to_synchronize": self.certificates_to_synchronize,
                 "oo_htpasswd_users_from_file": self.oo_htpasswd_users_from_file}