From 2ed23a9326056a9d23b153f0ddb9ae9956f3d75b Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Thu, 7 Apr 2016 02:47:27 -0400
Subject: Add support for setting identity provider custom values

- htpasswd users
- ldap ca file
- openid ca file
- request_header ca file
---
 roles/openshift_master/tasks/main.yml        | 33 +++++++++++++++++++++++++---
 roles/openshift_master/templates/htpasswd.j2 |  5 +++++
 2 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 roles/openshift_master/templates/htpasswd.j2

(limited to 'roles/openshift_master')

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 18a42bf93..fee6d3924 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -88,14 +88,41 @@
   with_items: openshift.master.identity_providers
 
 - name: Create the htpasswd file if needed
-  copy:
+  template:
     dest: "{{ item.filename }}"
-    content: ""
+    src: htpasswd.j2
     mode: 0600
-    force: no
+    backup: yes
   when: item.kind == 'HTPasswdPasswordIdentityProvider'
   with_items: openshift.master.identity_providers
 
+- name: Create the ldap ca file if needed
+  copy:
+    dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('ldap_ca.crt') }}"
+    content: "{{ openshift.master.ldap_ca }}"
+    mode: 0600
+    backup: yes
+  when: openshift.master.ldap_ca is defined and item.kind == 'LDAPPasswordIdentityProvider'
+  with_items: openshift.master.identity_providers
+
+- name: Create the openid ca file if needed
+  copy:
+    dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('openid_ca.crt') }}"
+    content: "{{ openshift.master.openid_ca }}"
+    mode: 0600
+    backup: yes
+  when: openshift.master.openid_ca is defined and item.kind == 'OpenIDIdentityProvider' and item.ca | default('') != ''
+  with_items: openshift.master.identity_providers
+
+- name: Create the request header ca file if needed
+  copy:
+    dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else openshift_master_config_dir ~ '/' ~ item.clientCA | default('request_header_ca.crt') }}"
+    content: "{{ openshift.master.request_header_ca }}"
+    mode: 0600
+    backup: yes
+  when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != ''
+  with_items: openshift.master.identity_providers
+
 - name: Install the systemd units
   include: systemd_units.yml
 
diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2
new file mode 100644
index 000000000..ba2c02e20
--- /dev/null
+++ b/roles/openshift_master/templates/htpasswd.j2
@@ -0,0 +1,5 @@
+{% if 'htpasswd_users' in openshift.master %}
+{%   for user,pass in openshift.master.htpasswd_users.iteritems() %}
+{{     user ~ ':' ~ pass }}
+{%   endfor %}
+{% endif %}
-- 
cgit v1.2.3