From c625a47a85bdb895efaf05567f075f3cad5eee3c Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 20 May 2016 17:15:53 -0400 Subject: Allow multiple login providers post 3.2. --- filter_plugins/openshift_master.py | 9 +++++---- roles/openshift_master/tasks/main.yml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index bb2f5ba7a..0af47fb62 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -9,6 +9,7 @@ import sys import yaml from ansible import errors +from distutils.version import LooseVersion # pylint: disable=no-name-in-module,import-error try: @@ -77,10 +78,10 @@ class IdentityProviderBase(object): self._allow_additional = True @staticmethod - def validate_idp_list(idp_list): + def validate_idp_list(idp_list, openshift_version): ''' validates a list of idps ''' login_providers = [x.name for x in idp_list if x.login] - if len(login_providers) > 1: + if len(login_providers) > 1 and LooseVersion(openshift_version) < LooseVersion('3.2'): raise errors.AnsibleFilterError("|failed multiple providers are " "not allowed for login. login " "providers: {0}".format(', '.join(login_providers))) @@ -461,7 +462,7 @@ class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @staticmethod - def translate_idps(idps, api_version): + def translate_idps(idps, api_version, openshift_version): ''' Translates a list of dictionaries into a valid identityProviders config ''' idp_list = [] @@ -478,7 +479,7 @@ class FilterModule(object): idp_list.append(idp_inst) - IdentityProviderBase.validate_idp_list(idp_list) + IdentityProviderBase.validate_idp_list(idp_list, openshift_version) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) @staticmethod diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index fe0784ea2..64408fe72 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -139,7 +139,7 @@ - restart master api - set_fact: - translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}" + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create master config -- cgit v1.2.3 From f901c3142f3ff98d9f029e9a30428ea3a4f5b00a Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 23 May 2016 14:57:41 -0400 Subject: Extend multiple login provider check to include origin. --- filter_plugins/openshift_master.py | 17 +++++++++++++---- roles/openshift_master/tasks/main.yml | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index 0af47fb62..bb79b27d1 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -78,10 +78,19 @@ class IdentityProviderBase(object): self._allow_additional = True @staticmethod - def validate_idp_list(idp_list, openshift_version): + def validate_idp_list(idp_list, openshift_version, deployment_type): ''' validates a list of idps ''' login_providers = [x.name for x in idp_list if x.login] - if len(login_providers) > 1 and LooseVersion(openshift_version) < LooseVersion('3.2'): + + multiple_logins_unsupported = False + if len(login_providers) > 1: + if deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']: + if LooseVersion(openshift_version) < LooseVersion('3.2'): + multiple_logins_unsupported = True + if deployment_type in ['origin']: + if LooseVersion(openshift_version) < LooseVersion('1.2'): + multiple_logins_unsupported = True + if multiple_logins_unsupported: raise errors.AnsibleFilterError("|failed multiple providers are " "not allowed for login. login " "providers: {0}".format(', '.join(login_providers))) @@ -462,7 +471,7 @@ class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @staticmethod - def translate_idps(idps, api_version, openshift_version): + def translate_idps(idps, api_version, openshift_version, deployment_type): ''' Translates a list of dictionaries into a valid identityProviders config ''' idp_list = [] @@ -479,7 +488,7 @@ class FilterModule(object): idp_list.append(idp_inst) - IdentityProviderBase.validate_idp_list(idp_list, openshift_version) + IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) @staticmethod diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 64408fe72..63a54a0d9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -139,7 +139,7 @@ - restart master api - set_fact: - translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version) }}" + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version, openshift.common.deployment_type) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create master config -- cgit v1.2.3