diff options
author | Andrew Butcher <abutcher@redhat.com> | 2015-12-16 17:56:09 -0500 |
---|---|---|
committer | Andrew Butcher <abutcher@redhat.com> | 2016-01-04 09:16:11 -0500 |
commit | ef014ae06a50c5f2050aa183638165895154db5f (patch) | |
tree | 33255ae9e62f9551a83bf7586beefb322df5b13c /filter_plugins | |
parent | 9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2 (diff) | |
download | openshift-ef014ae06a50c5f2050aa183638165895154db5f.tar.gz openshift-ef014ae06a50c5f2050aa183638165895154db5f.tar.bz2 openshift-ef014ae06a50c5f2050aa183638165895154db5f.tar.xz openshift-ef014ae06a50c5f2050aa183638165895154db5f.zip |
Secrets validation.
Diffstat (limited to 'filter_plugins')
-rw-r--r-- | filter_plugins/openshift_master.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index f12017967..40c1083e0 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -463,7 +463,34 @@ class FilterModule(object): IdentityProviderBase.validate_idp_list(idp_list) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) + @staticmethod + def validate_auth_secrets(secrets): + ''' validate type and length ''' + + if not issubclass(type(secrets), list): + raise errors.AnsibleFilterError("|failed expects openshift_master_session_auth_secrets is a list") + + for secret in secrets: + if len(secret) < 32: + return False + return True + + @staticmethod + def validate_encryption_secrets(secrets): + ''' validate type and length ''' + + if not issubclass(type(secrets), list): + raise errors.AnsibleFilterError("|failed expects openshift_master_session_encryption_secrets is a list") + + for secret in secrets: + if len(secret) not in [16, 24, 32]: + return False + return True def filters(self): ''' returns a mapping of filters to methods ''' - return {"translate_idps": self.translate_idps} + return { + "translate_idps": self.translate_idps, + "validate_auth_secrets": self.validate_auth_secrets, + "validate_encryption_secrets": self.validate_encryption_secrets + } |