From ef014ae06a50c5f2050aa183638165895154db5f Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 16 Dec 2015 17:56:09 -0500
Subject: Secrets validation.

---
 playbooks/common/openshift-master/config.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'playbooks')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 07ee4aca6..b7e9362cd 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -240,11 +240,21 @@
   hosts: oo_first_master
   pre_tasks:
   - fail:
-      msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set"
+      msg: >
+        Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set
     when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined)
   - fail:
-      msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
+      msg: >
+        openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length
     when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
+  - fail:
+      msg: >
+        Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters
+    when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool
+  - fail:
+      msg: >
+        Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters
+    when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool
   roles:
   - role: openshift_facts
   post_tasks:
-- 
cgit v1.2.3