Refactor master identity provider configuration

- Remote template in favor of a filter plugin
- Add additional validation for identity provider config
- Add mappingMethod attribute for identity providers, default to 'claim'

1 files changed, 11 insertions, 5 deletions

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 185bfb8f3..ed174dbfc 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -1,13 +1,16 @@
 ---
-# TODO: add validation for openshift_master_identity_providers
 # TODO: add ability to configure certificates given either a local file to
 #       point to or certificate contents, set in default cert locations.
 
-- assert:
-    that:
-    - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods
-  when: openshift_master_oauth_grant_method is defined
+# Authentication Variable Validation
+# TODO: validate the different identity provider kinds as well
+- fail:
+    msg: >
+      Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }}
+  when: openshift_master_oauth_grant_method is defined and openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods
+
 
+# HA Variable Validation
 - fail:
     msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations"
   when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"]))
@@ -172,6 +175,9 @@
   - restart master
   - restart master api
 
+- set_fact:
+    translated_identity_providers: "{{ openshift_master_identity_providers | translate_idps('v1') }}"
+
 # TODO: add the validate parameter when there is a validation command to run
 - name: Create master config
   template: