GitHubIdentityProvider catering for GitHub Enterprise and includes examples on using the provider. Installation includes parameters for ca and hostname (GH enterprise specific)

inventory/hosts.example

@@ -249,6 +249,20 @@ debug_level=2
 # or
 #openshift_master_request_header_ca_file=<path to local ca file to use>
 
+# GitHub auth
+#openshift_master_identity_providers=[{"name": "github", "login": "true", "challenge": "false", "kind": "GitHubIdentityProvider", "mappingMethod": "claim", "client_id": "my_client_id", "client_secret": "my_client_secret", "teams": ["team1", "team2"], "hostname": "githubenterprise.example.com", "ca": "" }]
+#
+# Configure github CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "ca" key set
+# within the GitHubIdentityProvider.
+#
+#openshift_master_github_ca=<ca text>
+# or
+#openshift_master_github_ca_file=<path to local ca file to use>
+
 # CloudForms Management Engine (ManageIQ) App Install
 #
 # Enables installation of MIQ server. Recommended for dedicated

roles/lib_utils/filter_plugins/openshift_master.py

@@ -454,7 +454,9 @@ class GitHubIdentityProvider(IdentityProviderOauthBase):
     def __init__(self, api_version, idp):
         IdentityProviderOauthBase.__init__(self, api_version, idp)
         self._optional += [['organizations'],
-                           ['teams']]
+                           ['teams'],
+                           ['ca'],
+                           ['hostname']]
 
     def validate(self):
         ''' validate this idp instance '''
@@ -462,6 +464,8 @@ class GitHubIdentityProvider(IdentityProviderOauthBase):
             raise errors.AnsibleFilterError("|failed provider {0} does not "
                                             "allow challenge authentication".format(self.__class__.__name__))
 
+        self._idp['ca'] = '/etc/origin/master/{}_github_ca.crt'.format(self.name)
+
 
 class FilterModule(object):
     ''' Custom ansible filters for use by the openshift_control_plane role'''

roles/openshift_control_plane/tasks/main.yml

@@ -82,6 +82,17 @@
   - item.kind == 'OpenIDIdentityProvider'
   with_items: "{{ openshift_master_identity_providers }}"
 
+- name: Create the GitHub (Enterprise) ca file if needed
+  copy:
+    dest: "/etc/origin/master/{{ item.name }}_github_ca.crt"
+    content: "{{ openshift.master.github_ca }}"
+    mode: 0600
+    backup: yes
+  when:
+  - openshift.master.github_ca is defined
+  - item.kind == 'GitHubIdentityProvider'
+  with_items: "{{ openshift_master_identity_providers }}"
+
 - name: Create the request header ca file if needed
   copy:
     dest: "/etc/origin/master/{{ item.name }}_request_header_ca.crt"

roles/openshift_master_facts/tasks/main.yml

@@ -43,6 +43,7 @@
       session_name: "{{ openshift_master_session_name | default(None) }}"
       ldap_ca: "{{ openshift_master_ldap_ca | default(lookup('file', openshift_master_ldap_ca_file) if openshift_master_ldap_ca_file is defined else None) }}"
       openid_ca: "{{ openshift_master_openid_ca | default(lookup('file', openshift_master_openid_ca_file) if openshift_master_openid_ca_file is defined else None) }}"
+      github_ca: "{{ openshift_master_github_ca | default(lookup('file', openshift_master_github_ca_file) if openshift_master_github_ca_file is defined else None) }}"
       registry_url: "{{ oreg_url | default(None) }}"
       registry_selector: "{{ openshift_registry_selector | default(None) }}"
       api_server_args: "{{ osm_api_server_args | default(None) }}"