From 6003856b95031aa8e0c31977e9485ff3d842810e Mon Sep 17 00:00:00 2001 From: Devan Goodwin Date: Wed, 30 Mar 2016 09:31:11 -0300 Subject: Add support for configuring oauth templates. Allow users who wish to deploy configs with ansible to define templates for oauth screens, and control the alwaysShowProviderSelection setting. There are currently three supported oauth templates, and we have a pre-existing 'oauth_template' variable, but it is assumed to mean you are controlling the 'login' screen, and this is the only one you can configure. To work around this, supporting all current and future templates, introduce a pluralized variable 'oauth_templates', which contains a JSON dict allowing the admin to control any template they wish. If both new and old variables are defined, the old one is ignored. (and can be considered deprecated) Internally the old value will be converted to the new dict, so the template just references one value. Example: openshift_master_oauth_always_show_provider_selection=true openshift_master_oauth_templates={"providerSelection": "provider-selection.html", "error": "oauth-error.html"} Yeilds: oauthConfig: alwaysShowProviderSelection: true templates: error: oauth-error.html providerSelection: provider-selection.html --- roles/openshift_facts/library/openshift_facts.py | 20 ++++++++++++++++++++ roles/openshift_master/templates/master.yaml.v1.j2 | 8 +++++--- roles/openshift_master_facts/tasks/main.yml | 3 +++ 3 files changed, 28 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 9054e0bd4..2a8b466a2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -837,6 +837,25 @@ def set_sdn_facts_if_unset(facts, system_facts): return facts +def migrate_oauth_template_facts(facts): + """ + Migrate an old oauth template fact to a newer format if it's present. + + The legacy 'oauth_template' fact was just a filename, and assumed you were + setting the 'login' template. + + The new pluralized 'oauth_templates' fact is a dict mapping the template + name to a filename. + + Simplify the code after this by merging the old fact into the new. + """ + if 'master' in facts and 'oauth_template' in facts['master']: + if 'oauth_templates' not in facts['master']: + facts['master']['oauth_templates'] = {"login": facts['master']['oauth_template']} + elif 'login' not in facts['master']['oauth_templates']: + facts['master']['oauth_templates']['login'] = facts['master']['oauth_template'] + return facts + def format_url(use_ssl, hostname, port, path=''): """ Format url based on ssl flag, hostname, port and path @@ -1450,6 +1469,7 @@ class OpenShiftFacts(object): local_facts, additive_facts_to_overwrite, protected_facts_to_overwrite) + facts = migrate_oauth_template_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 618ad8744..e89fdc0ce 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -137,9 +137,11 @@ networkConfig: # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} oauthConfig: -{% if 'oauth_template' in openshift.master %} - templates: - login: {{ openshift.master.oauth_template }} +{% if 'oauth_always_show_provider_selection' in openshift.master %} + alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} +{% endif %} +{% if 'oauth_templates' in openshift.master %} + templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }} {% endif %} assetPublicURL: {{ openshift.master.public_console_url }}/ grantConfig: diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index c54f11c1a..f43b8c59d 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -69,3 +69,6 @@ admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}" kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}" kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" + oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 + oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" + oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" -- cgit v1.2.3