Secrets validation.

1 files changed, 12 insertions, 2 deletions

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 1c7fdfcf9..e6ddd1c49 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -11,11 +11,21 @@
 
 # Session Options Validation
 - fail:
-    msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set"
+    msg: >
+      Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set
   when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined)
 - fail:
-    msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
+    msg: >
+      openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length
   when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
+- fail:
+    msg: >
+      Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters
+  when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool
+- fail:
+    msg: >
+      Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters
+  when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool
 
 # HA Variable Validation
 - fail: