summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/tasks
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2015-12-03 14:09:42 -0500
committerAndrew Butcher <abutcher@redhat.com>2016-01-04 09:16:11 -0500
commit9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2 (patch)
tree751b98c15e57c828d84eecb9a3f086133f53178e /roles/openshift_master/tasks
parentfb1b9ff7d3293c821a8569ae95dcc8a98dfbf967 (diff)
downloadopenshift-9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2.tar.gz
openshift-9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2.tar.bz2
openshift-9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2.tar.xz
openshift-9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2.zip
Clean up idempotency issues with session secrets.
Diffstat (limited to 'roles/openshift_master/tasks')
-rw-r--r--roles/openshift_master/tasks/main.yml11
1 files changed, 9 insertions, 2 deletions
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index a22654678..1c7fdfcf9 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -9,6 +9,13 @@
Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }}
when: openshift_master_oauth_grant_method is defined and openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods
+# Session Options Validation
+- fail:
+ msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set"
+ when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined)
+- fail:
+ msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
+ when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
# HA Variable Validation
- fail:
@@ -55,9 +62,9 @@
portal_net: "{{ openshift_master_portal_net | default(None) }}"
session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}"
session_name: "{{ openshift_master_session_name | default(None) }}"
+ session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}"
session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}"
session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}"
- session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}"
access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}"
auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
identity_providers: "{{ openshift_master_identity_providers | default(None) }}"
@@ -221,7 +228,7 @@
template:
dest: "{{ openshift.master.session_secrets_file }}"
src: sessionSecretsFile.yaml.v1.j2
- force: no
+ when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined
notify:
- restart master
- restart master api