From f901c3142f3ff98d9f029e9a30428ea3a4f5b00a Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 23 May 2016 14:57:41 -0400 Subject: Extend multiple login provider check to include origin. --- filter_plugins/openshift_master.py | 17 +++++++++++++---- roles/openshift_master/tasks/main.yml | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index 0af47fb62..bb79b27d1 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -78,10 +78,19 @@ class IdentityProviderBase(object): self._allow_additional = True @staticmethod - def validate_idp_list(idp_list, openshift_version): + def validate_idp_list(idp_list, openshift_version, deployment_type): ''' validates a list of idps ''' login_providers = [x.name for x in idp_list if x.login] - if len(login_providers) > 1 and LooseVersion(openshift_version) < LooseVersion('3.2'): + + multiple_logins_unsupported = False + if len(login_providers) > 1: + if deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']: + if LooseVersion(openshift_version) < LooseVersion('3.2'): + multiple_logins_unsupported = True + if deployment_type in ['origin']: + if LooseVersion(openshift_version) < LooseVersion('1.2'): + multiple_logins_unsupported = True + if multiple_logins_unsupported: raise errors.AnsibleFilterError("|failed multiple providers are " "not allowed for login. login " "providers: {0}".format(', '.join(login_providers))) @@ -462,7 +471,7 @@ class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @staticmethod - def translate_idps(idps, api_version, openshift_version): + def translate_idps(idps, api_version, openshift_version, deployment_type): ''' Translates a list of dictionaries into a valid identityProviders config ''' idp_list = [] @@ -479,7 +488,7 @@ class FilterModule(object): idp_list.append(idp_inst) - IdentityProviderBase.validate_idp_list(idp_list, openshift_version) + IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) @staticmethod diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 64408fe72..63a54a0d9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -139,7 +139,7 @@ - restart master api - set_fact: - translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version) }}" + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version, openshift.common.deployment_type) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create master config -- cgit v1.2.3