diff options
author | Michael Gugino <mgugino@redhat.com> | 2017-11-07 12:51:56 -0500 |
---|---|---|
committer | Michael Gugino <mgugino@redhat.com> | 2017-11-07 12:51:56 -0500 |
commit | 9ab61485f089a11300492d076f0a1dc862d4ad3b (patch) | |
tree | 18ae07585cd075051c7178a8183353ef5ec0bd81 /roles/openshift_master_facts | |
parent | 1e8c678a7d17b7ab637a8c39f09f620280904a6d (diff) | |
download | openshift-9ab61485f089a11300492d076f0a1dc862d4ad3b.tar.gz openshift-9ab61485f089a11300492d076f0a1dc862d4ad3b.tar.bz2 openshift-9ab61485f089a11300492d076f0a1dc862d4ad3b.tar.xz openshift-9ab61485f089a11300492d076f0a1dc862d4ad3b.zip |
Re-add challenge auth verification to github and google
Recent commit removed these checks. These two auth providers
are specifically excluded in origin, thus we should enable
the checks to ensure challenge auth is not enabled for these
providers.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367
Diffstat (limited to 'roles/openshift_master_facts')
-rw-r--r-- | roles/openshift_master_facts/filter_plugins/openshift_master.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index 1bea66c26..97a5179e0 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -426,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase): IdentityProviderOauthBase.__init__(self, api_version, idp) self._optional += [['hostedDomain', 'hosted_domain']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class GitHubIdentityProvider(IdentityProviderOauthBase): """ GitHubIdentityProvider @@ -444,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase): self._optional += [['organizations'], ['teams']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' |