chuckersjp · April 27, 2020 18:20
diff --git a/user-registry.yml b/user-registry.yml
 - name: Create htpass-secret secret in openshift-config name space for backdoor htpasswd user registry
  k8s:
    kubeconfig: kubeconfig
    state: present
    definition:
      apiVersion: v1
      data:
        htpasswd: "{{ htpasswdtoken }}"
      kind: Secret
      metadata:
        name: htpass-secret
        namespace: openshift-config 
      type: Opaque

 - name: Create Azure secret in openshift-config name space for Azure user registry
  k8s:
    kubeconfig: kubeconfig
    state: present
    definition:
      apiVersion: v1
      data:
        clientSecret: "{{ openshift_master_oauth_client_secret | b64encode }}"
      kind: Secret
      metadata:
        name: azure-secret
        namespace: openshift-config
      type: Opaque

 - name: Update OAuth to apply htpasswd user registry and azure user registry config 
  k8s:
    kubeconfig: kubeconfig
    state: present
    definition:
      apiVersion: config.openshift.io/v1
      kind: OAuth
      metadata:
        name: cluster
      spec:
        identityProviders:
        - htpasswd:
            fileData:
              name: htpass-secret
          mappingMethod: claim
          name: users_htpasswd_provider
          type: HTPasswd

        - mappingMethod: claim
          name: aad
          openID:
            claims:
              email:
              - upn
              name:
              - upn
              preferredUsername:
              - upn
            clientID: "{{ openshift_master_oauth_client_id }}"
            clientSecret:
              name: azure-secret
            extraScopes: []
            issuer: https://login.microsoftonline.com/"<token>"
          type: OpenID
	- name: Create htpass-secret secret in openshift-config name space for backdoor htpasswd user registry
	k8s:
	kubeconfig: kubeconfig
	state: present
	definition:
	apiVersion: v1
	data:
	htpasswd: "{{ htpasswdtoken }}"
	kind: Secret
	metadata:
	name: htpass-secret
	namespace: openshift-config
	type: Opaque

	- name: Create Azure secret in openshift-config name space for Azure user registry
	k8s:
	kubeconfig: kubeconfig
	state: present
	definition:
	apiVersion: v1
	data:
	clientSecret: "{{ openshift_master_oauth_client_secret \| b64encode }}"
	kind: Secret
	metadata:
	name: azure-secret
	namespace: openshift-config
	type: Opaque

	- name: Update OAuth to apply htpasswd user registry and azure user registry config
	k8s:
	kubeconfig: kubeconfig
	state: present
	definition:
	apiVersion: config.openshift.io/v1
	kind: OAuth
	metadata:
	name: cluster
	spec:
	identityProviders:
	- htpasswd:
	fileData:
	name: htpass-secret
	mappingMethod: claim
	name: users_htpasswd_provider
	type: HTPasswd

	- mappingMethod: claim
	name: aad
	openID:
	claims:
	email:
	- upn
	name:
	- upn
	preferredUsername:
	- upn
	clientID: "{{ openshift_master_oauth_client_id }}"
	clientSecret:
	name: azure-secret
	extraScopes: []
	issuer: https://login.microsoftonline.com/"<token>"
	type: OpenID