From ef014ae06a50c5f2050aa183638165895154db5f Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 16 Dec 2015 17:56:09 -0500 Subject: Secrets validation. --- roles/openshift_master/tasks/main.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 1c7fdfcf9..e6ddd1c49 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -11,11 +11,21 @@ # Session Options Validation - fail: - msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" + msg: > + Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) - fail: - msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" + msg: > + openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) +- fail: + msg: > + Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters + when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool +- fail: + msg: > + Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters + when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool # HA Variable Validation - fail: -- cgit v1.2.3