From eb3ce0fafa774615a8207596068166d98bcbc2b3 Mon Sep 17 00:00:00 2001
From: Travis Truman <travis_truman@cable.comcast.com>
Date: Mon, 18 Apr 2016 16:49:21 -0400
Subject: [PATCH] Fail fast when required secrets are not present

Required variables that are secrets (i.e. passwords and keys) are validated as
present before any part of the role executes.

Change-Id: I91a7130005101006bb219f2911b4c38626786908
---
 defaults/main.yml | 6 ++++++
 tasks/main.yml    | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 2702132b..3173c11c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -390,3 +390,9 @@ keystone_keystone_conf_overrides: {}
 keystone_keystone_default_conf_overrides: {}
 keystone_keystone_paste_ini_overrides: {}
 keystone_policy_overrides: {}
+
+keystone_required_secrets:
+  - keystone_auth_admin_password
+  - keystone_container_mysql_password
+  - keystone_rabbitmq_password
+  - keystone_service_password
diff --git a/tasks/main.yml b/tasks/main.yml
index b5b247d5..64eb1411 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -13,6 +13,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Fail if our required secrets are not present
+  fail:
+    msg: "Please set the {{ item }} variable prior to applying this role."
+  when: (item is undefined) or (item is none)
+  with_items: keystone_required_secrets
+  tags:
+    - always
+
 - name: Gather variables for each operating system
   include_vars: "{{ item }}"
   with_first_found: