fix fedoraidp-stg for os-cluster

Signed-off-by: Adam Miller <admiller@redhat.com>
2017-05-11 13:37:53 +00:00 · 2017-05-11 13:37:53 +00:00 · 16b2847127
commit 16b2847127
parent 9b93c851f4
3 changed files with 8 additions and 3 deletions
--- a/playbooks/groups/os-cluster.yml
+++ b/playbooks/groups/os-cluster.yml
@ -83,7 +83,7 @@
        openshift_cluster_masters_group: "os-masters-stg",
        openshift_cluster_nodes_group: "os-nodes-stg",
        openshift_cluster_infra_group: "os-nodes-stg",
-        openshift_auth_profile: "fedoraidp",
+        openshift_auth_profile: "fedoraidp-stg",
        openshift_cluster_url: "{{os_url}}",
        openshift_master_ha: false,
        openshift_debug_level: 2,
--- a/roles/ansible-ansible-openshift-ansible/defaults/main.yml
+++ b/roles/ansible-ansible-openshift-ansible/defaults/main.yml
@ -8,8 +8,9 @@
 #   These are Fedora Infra specific auth profiles
 #
 #   Acceptable values:
-#     osbs      - this will configure htpasswd for use with osbs
-#     fedoraidp - configure for fedora idp
+#     osbs          - this will configure htpasswd for use with osbs
+#     fedoraidp     - configure for fedora idp
+#     fedoraidp-stg - configure for fedora idp staging env
 openshift_auth_profile: osbs

 # Do we want OpenShift itself to be containerized?
--- a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2
+++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2
@ -164,6 +164,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token"}, "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}]
 {% endif %}

+{% if openshift_auth_profile == "fedoraidp-stg" %}
+openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_stg_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token"}, "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}]
+{% endif %}
+
 # Allow all auth
 #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]