summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-04-06 16:19:42 -0400
committerBrenton Leanhardt <bleanhar@redhat.com>2016-04-06 16:19:42 -0400
commitfa4f0f35befc30c43a272defff2a1792893ff1ba (patch)
treee22ce3202662a643f9c4d17bd0b210e9c01b2db8
parentb67f7b41fd4efb94d8966f84b8ed08b75f4c991e (diff)
parent6003856b95031aa8e0c31977e9485ff3d842810e (diff)
downloadopenshift-fa4f0f35befc30c43a272defff2a1792893ff1ba.tar.gz
openshift-fa4f0f35befc30c43a272defff2a1792893ff1ba.tar.bz2
openshift-fa4f0f35befc30c43a272defff2a1792893ff1ba.tar.xz
openshift-fa4f0f35befc30c43a272defff2a1792893ff1ba.zip
Merge pull request #1660 from dgoodwin/admission-config
Add support for templating master admissionConfig.
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py31
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j222
-rw-r--r--roles/openshift_master_facts/tasks/main.yml7
3 files changed, 56 insertions, 4 deletions
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 0d31d4ddf..2a8b466a2 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -837,6 +837,25 @@ def set_sdn_facts_if_unset(facts, system_facts):
return facts
+def migrate_oauth_template_facts(facts):
+ """
+ Migrate an old oauth template fact to a newer format if it's present.
+
+ The legacy 'oauth_template' fact was just a filename, and assumed you were
+ setting the 'login' template.
+
+ The new pluralized 'oauth_templates' fact is a dict mapping the template
+ name to a filename.
+
+ Simplify the code after this by merging the old fact into the new.
+ """
+ if 'master' in facts and 'oauth_template' in facts['master']:
+ if 'oauth_templates' not in facts['master']:
+ facts['master']['oauth_templates'] = {"login": facts['master']['oauth_template']}
+ elif 'login' not in facts['master']['oauth_templates']:
+ facts['master']['oauth_templates']['login'] = facts['master']['oauth_template']
+ return facts
+
def format_url(use_ssl, hostname, port, path=''):
""" Format url based on ssl flag, hostname, port and path
@@ -1118,12 +1137,21 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw
"""
additive_facts = ['named_certificates']
protected_facts = ['ha', 'master_count']
+
+ # Facts we do not ever want to merge. These originate in inventory variables
+ # and typically contain JSON dicts. We don't ever want to trigger a merge
+ # here, just completely overwrite with the new if they are present there.
+ overwrite_facts = ['admission_plugin_config',
+ 'kube_admission_plugin_config']
+
facts = dict()
for key, value in orig.iteritems():
# Key exists in both old and new facts.
if key in new:
+ if key in overwrite_facts:
+ facts[key] = copy.deepcopy(new[key])
# Continue to recurse if old and new fact is a dictionary.
- if isinstance(value, dict) and isinstance(new[key], dict):
+ elif isinstance(value, dict) and isinstance(new[key], dict):
# Collect the subset of additive facts to overwrite if
# key matches. These will be passed to the subsequent
# merge_facts call.
@@ -1441,6 +1469,7 @@ class OpenShiftFacts(object):
local_facts,
additive_facts_to_overwrite,
protected_facts_to_overwrite)
+ facts = migrate_oauth_template_facts(facts)
facts['current_config'] = get_current_config(facts)
facts = set_url_facts_if_unset(facts)
facts = set_project_cfg_facts_if_unset(facts)
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 813a58d60..e89fdc0ce 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,3 +1,10 @@
+admissionConfig:
+{% if 'admission_plugin_order' in openshift.master %}
+ pluginOrderOverride:{{ openshift.master.admission_plugin_order | to_padded_yaml(level=2) }}
+{% endif %}
+{% if 'admission_plugin_config' in openshift.master %}
+ pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }}
+{% endif %}
apiLevels:
{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
- v1beta3
@@ -96,6 +103,13 @@ kubernetesMasterConfig:
- v1beta3
- v1
{% endif %}
+ admissionConfig:
+{% if 'kube_admission_plugin_order' in openshift.master %}
+ pluginOrderOverride:{{ openshift.master.kube_admission_plugin_order | to_padded_yaml(level=3) }}
+{% endif %}
+{% if 'kube_admission_plugin_config' in openshift.master %}
+ pluginConfig:{{ openshift.master.kube_admission_plugin_config | to_padded_yaml(level=3) }}
+{% endif %}
apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }}
controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}
masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}
@@ -123,9 +137,11 @@ networkConfig:
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: {{ openshift.master.portal_net }}
oauthConfig:
-{% if 'oauth_template' in openshift.master %}
- templates:
- login: {{ openshift.master.oauth_template }}
+{% if 'oauth_always_show_provider_selection' in openshift.master %}
+ alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}
+{% endif %}
+{% if 'oauth_templates' in openshift.master %}
+ templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }}
{% endif %}
assetPublicURL: {{ openshift.master.public_console_url }}/
grantConfig:
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index 2a3e38af4..f43b8c59d 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -65,3 +65,10 @@
master_image: "{{ osm_image | default(None) }}"
scheduler_predicates: "{{ openshift_master_scheduler_predicates | default(None) }}"
scheduler_priorities: "{{ openshift_master_scheduler_priorities | default(None) }}"
+ admission_plugin_order: "{{openshift_master_admission_plugin_order | default(None) }}"
+ admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}"
+ kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}"
+ kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}"
+ oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2
+ oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}"
+ oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}"