Fail fast when required secrets are not present

Required variables that are secrets (i.e. passwords and keys) are validated as present before any part of the role executes. Change-Id: I91a7130005101006bb219f2911b4c38626786908
2016-04-18 16:49:21 -04:00 · 2016-04-18 16:49:21 -04:00 · eb3ce0fafa
commit eb3ce0fafa
parent 59ffe5e371
2 changed files with 14 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -390,3 +390,9 @@ keystone_keystone_conf_overrides: {}
 keystone_keystone_default_conf_overrides: {}
 keystone_keystone_paste_ini_overrides: {}
 keystone_policy_overrides: {}
+
+keystone_required_secrets:
+  - keystone_auth_admin_password
+  - keystone_container_mysql_password
+  - keystone_rabbitmq_password
+  - keystone_service_password
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -13,6 +13,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Fail if our required secrets are not present
+  fail:
+    msg: "Please set the {{ item }} variable prior to applying this role."
+  when: (item is undefined) or (item is none)
+  with_items: keystone_required_secrets
+  tags:
+    - always
+
 - name: Gather variables for each operating system
  include_vars: "{{ item }}"
  with_first_found: