From 3cbe7df8461e5514773e416d137980ce9bedf33d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 16 Nov 2015 16:01:54 -0500 Subject: Refactor master identity provider configuration - Remote template in favor of a filter plugin - Add additional validation for identity provider config - Add mappingMethod attribute for identity providers, default to 'claim' --- roles/openshift_master/tasks/main.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'roles/openshift_master/tasks') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 185bfb8f3..ed174dbfc 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -1,13 +1,16 @@ --- -# TODO: add validation for openshift_master_identity_providers # TODO: add ability to configure certificates given either a local file to # point to or certificate contents, set in default cert locations. -- assert: - that: - - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods - when: openshift_master_oauth_grant_method is defined +# Authentication Variable Validation +# TODO: validate the different identity provider kinds as well +- fail: + msg: > + Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }} + when: openshift_master_oauth_grant_method is defined and openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods + +# HA Variable Validation - fail: msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations" when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"])) @@ -172,6 +175,9 @@ - restart master - restart master api +- set_fact: + translated_identity_providers: "{{ openshift_master_identity_providers | translate_idps('v1') }}" + # TODO: add the validate parameter when there is a validation command to run - name: Create master config template: -- cgit v1.2.3 From 783309075eb284f7c605817502418773e3463992 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 23 Nov 2015 11:54:35 -0500 Subject: Use the identity_providers from openshift_facts instead of always using the inventory variable --- roles/openshift_master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master/tasks') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index ed174dbfc..2cf2a53c4 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -176,7 +176,7 @@ - restart master api - set_fact: - translated_identity_providers: "{{ openshift_master_identity_providers | translate_idps('v1') }}" + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}" # TODO: add the validate parameter when there is a validation command to run - name: Create master config -- cgit v1.2.3