Re-add challenge auth verification to github and google

Recent commit removed these checks.  These two auth providers
are specifically excluded in origin, thus we should enable
the checks to ensure challenge auth is not enabled for these
providers.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367

1 files changed, 12 insertions, 0 deletions

diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py
index 1bea66c26..97a5179e0 100644
--- a/roles/openshift_master_facts/filter_plugins/openshift_master.py
+++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py
@@ -426,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase):
         IdentityProviderOauthBase.__init__(self, api_version, idp)
         self._optional += [['hostedDomain', 'hosted_domain']]
 
+    def validate(self):
+        ''' validate this idp instance '''
+        if self.challenge:
+            raise errors.AnsibleFilterError("|failed provider {0} does not "
+                                            "allow challenge authentication".format(self.__class__.__name__))
+
 
 class GitHubIdentityProvider(IdentityProviderOauthBase):
     """ GitHubIdentityProvider
@@ -444,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase):
         self._optional += [['organizations'],
                            ['teams']]
 
+    def validate(self):
+        ''' validate this idp instance '''
+        if self.challenge:
+            raise errors.AnsibleFilterError("|failed provider {0} does not "
+                                            "allow challenge authentication".format(self.__class__.__name__))
+
 
 class FilterModule(object):
     ''' Custom ansible filters for use by the openshift_master role'''