From 3cbe7df8461e5514773e416d137980ce9bedf33d Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Mon, 16 Nov 2015 16:01:54 -0500
Subject: Refactor master identity provider configuration

- Remote template in favor of a filter plugin
- Add additional validation for identity provider config
- Add mappingMethod attribute for identity providers, default to 'claim'
---
 .../templates/v1_partials/oauthConfig.j2           | 93 ----------------------
 1 file changed, 93 deletions(-)
 delete mode 100644 roles/openshift_master/templates/v1_partials/oauthConfig.j2

(limited to 'roles/openshift_master/templates/v1_partials/oauthConfig.j2')

diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2
deleted file mode 100644
index 8a4f5a746..000000000
--- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2
+++ /dev/null
@@ -1,93 +0,0 @@
-{% macro identity_provider_config(identity_provider) %}
-      apiVersion: v1
-      kind: {{ identity_provider.kind }}
-{% if identity_provider.kind == 'HTPasswdPasswordIdentityProvider' %}
-      file: {{ identity_provider.filename }}
-{% elif identity_provider.kind == 'BasicAuthPasswordIdentityProvider' %}
-      url: {{ identity_provider.url }}
-{% for key in ('ca', 'certFile', 'keyFile') %}
-{% if key in identity_provider %}
-      {{ key }}: "{{ identity_provider[key] }}"
-{% endif %}
-{% endfor %}
-{% elif identity_provider.kind == 'LDAPPasswordIdentityProvider' %}
-      attributes:
-{% for attribute_key in identity_provider.attributes %}
-        {{ attribute_key }}:
-{% for attribute_value in identity_provider.attributes[attribute_key] %}
-        - {{ attribute_value }}
-{% endfor %}
-{% endfor %}
-{% for key in ('bindDN', 'bindPassword', 'ca') %}
-      {{ key }}: "{{ identity_provider[key] }}"
-{% endfor %}
-{% for key in ('insecure', 'url') %}
-      {{ key }}: {{ identity_provider[key] }}
-{% endfor %}
-{% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %}
-      headers: {{ identity_provider.headers }}
-{% if 'clientCA' in identity_provider %}
-      clientCA: {{ identity_provider.clientCA }}
-{% endif %}
-{% elif identity_provider.kind == 'GitHubIdentityProvider' %}
-      clientID: {{ identity_provider.clientID }}
-      clientSecret: {{ identity_provider.clientSecret }}
-{% elif identity_provider.kind == 'GoogleIdentityProvider' %}
-      clientID: {{ identity_provider.clientID }}
-      clientSecret: {{ identity_provider.clientSecret }}
-{% if 'hostedDomain' in identity_provider %}
-      hostedDomain: {{ identity_provider.hostedDomain }}
-{% endif %}
-{% elif identity_provider.kind == 'OpenIDIdentityProvider' %}
-      clientID: {{ identity_provider.clientID }}
-      clientSecret: {{ identity_provider.clientSecret }}
-      claims:
-        id: identity_provider.claims.id
-{% for claim_key in ('preferredUsername', 'name', 'email') %}
-{% if claim_key in identity_provider.claims %}
-        {{ claim_key }}: {{ identity_provider.claims[claim_key] }}
-{% endif %}
-{% endfor %}
-      urls:
-        authorize: {{ identity_provider.urls.authorize }}
-        token: {{ identity_provider.urls.token }}
-{% if 'userInfo' in identity_provider.urls %}
-        userInfo: {{ identity_provider.userInfo }}
-{% endif %}
-{% if 'extraScopes' in identity_provider %}
-      extraScopes:
-{% for scope in identity_provider.extraScopes %}
-      - {{ scope }}
-{% endfor %}
-{% endif %}
-{% if 'extraAuthorizeParameters' in identity_provider %}
-      extraAuthorizeParameters:
-{% for param_key, param_value in identity_provider.extraAuthorizeParameters.iteritems() %}
-        {{ param_key }}: {{ param_value }}
-{% endfor %}
-{% endif %}
-{% endif %}
-{% endmacro %}
-oauthConfig:
-  assetPublicURL: {{ openshift.master.public_console_url }}/
-  grantConfig:
-    method: {{ openshift.master.oauth_grant_method }}
-  identityProviders:
-{% for identity_provider in openshift.master.identity_providers %}
-  - name: {{ identity_provider.name }}
-    challenge: {{ identity_provider.challenge }}
-    login: {{ identity_provider.login }}
-    provider:
-{{ identity_provider_config(identity_provider) }}
-{%- endfor %}
-  masterCA: ca.crt
-  masterPublicURL: {{ openshift.master.public_api_url }}
-  masterURL: {{ openshift.master.api_url }}
-  sessionConfig:
-    sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }}
-    sessionName: {{ openshift.master.session_name }}
-    sessionSecretsFile: {{ openshift.master.session_secrets_file }}
-  tokenConfig:
-    accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }}
-    authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }}
-{# Comment to preserve newline after authorizeTokenMaxAgeSeconds #}
-- 
cgit v1.2.3