From 9ab61485f089a11300492d076f0a1dc862d4ad3b Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Tue, 7 Nov 2017 12:51:56 -0500 Subject: Re-add challenge auth verification to github and google Recent commit removed these checks. These two auth providers are specifically excluded in origin, thus we should enable the checks to ensure challenge auth is not enabled for these providers. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367 --- .../filter_plugins/openshift_master.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index 1bea66c26..97a5179e0 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -426,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase): IdentityProviderOauthBase.__init__(self, api_version, idp) self._optional += [['hostedDomain', 'hosted_domain']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class GitHubIdentityProvider(IdentityProviderOauthBase): """ GitHubIdentityProvider @@ -444,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase): self._optional += [['organizations'], ['teams']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' -- cgit v1.2.3