diff options
| author | Devan Goodwin <dgoodwin@redhat.com> | 2016-03-30 09:31:11 -0300 |
|---|---|---|
| committer | Devan Goodwin <dgoodwin@redhat.com> | 2016-04-01 13:33:21 -0300 |
| commit | 6003856b95031aa8e0c31977e9485ff3d842810e (patch) | |
| tree | b53e63ab1226dcf62a0422ee989fcfe30427a116 | |
| parent | 89db887bd536156421fbc701c5d1b46656070347 (diff) | |
| download | openshift-6003856b95031aa8e0c31977e9485ff3d842810e.tar.gz openshift-6003856b95031aa8e0c31977e9485ff3d842810e.tar.bz2 openshift-6003856b95031aa8e0c31977e9485ff3d842810e.tar.xz openshift-6003856b95031aa8e0c31977e9485ff3d842810e.zip | |
Add support for configuring oauth templates.
Allow users who wish to deploy configs with ansible to define templates for
oauth screens, and control the alwaysShowProviderSelection setting.
There are currently three supported oauth templates, and we have a pre-existing
'oauth_template' variable, but it is assumed to mean you are controlling the
'login' screen, and this is the only one you can configure.
To work around this, supporting all current and future templates, introduce a
pluralized variable 'oauth_templates', which contains a JSON dict allowing the
admin to control any template they wish. If both new and old variables are
defined, the old one is ignored. (and can be considered deprecated)
Internally the old value will be converted to the new dict, so the template
just references one value.
Example:
openshift_master_oauth_always_show_provider_selection=true
openshift_master_oauth_templates={"providerSelection": "provider-selection.html", "error": "oauth-error.html"}
Yeilds:
oauthConfig:
alwaysShowProviderSelection: true
templates:
error: oauth-error.html
providerSelection: provider-selection.html
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 20 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 8 | ||||
| -rw-r--r-- | roles/openshift_master_facts/tasks/main.yml | 3 |
3 files changed, 28 insertions, 3 deletions
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 9054e0bd4..2a8b466a2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -837,6 +837,25 @@ def set_sdn_facts_if_unset(facts, system_facts): return facts +def migrate_oauth_template_facts(facts): + """ + Migrate an old oauth template fact to a newer format if it's present. + + The legacy 'oauth_template' fact was just a filename, and assumed you were + setting the 'login' template. + + The new pluralized 'oauth_templates' fact is a dict mapping the template + name to a filename. + + Simplify the code after this by merging the old fact into the new. + """ + if 'master' in facts and 'oauth_template' in facts['master']: + if 'oauth_templates' not in facts['master']: + facts['master']['oauth_templates'] = {"login": facts['master']['oauth_template']} + elif 'login' not in facts['master']['oauth_templates']: + facts['master']['oauth_templates']['login'] = facts['master']['oauth_template'] + return facts + def format_url(use_ssl, hostname, port, path=''): """ Format url based on ssl flag, hostname, port and path @@ -1450,6 +1469,7 @@ class OpenShiftFacts(object): local_facts, additive_facts_to_overwrite, protected_facts_to_overwrite) + facts = migrate_oauth_template_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 618ad8744..e89fdc0ce 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -137,9 +137,11 @@ networkConfig: # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} oauthConfig: -{% if 'oauth_template' in openshift.master %} - templates: - login: {{ openshift.master.oauth_template }} +{% if 'oauth_always_show_provider_selection' in openshift.master %} + alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} +{% endif %} +{% if 'oauth_templates' in openshift.master %} + templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }} {% endif %} assetPublicURL: {{ openshift.master.public_console_url }}/ grantConfig: diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index c54f11c1a..f43b8c59d 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -69,3 +69,6 @@ admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}" kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}" kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" + oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 + oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" + oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" |