-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Vault-5248] MFA support for api login helpers #14900
Conversation
5427d47
to
60750a5
Compare
60750a5
to
a136c68
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good, left a couple small comments
"net/http" | ||
) | ||
|
||
func (c *Sys) MFAValidate(requestID string, payload map[string]interface{}) (*Secret, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't the only reason we provide a difference between MethodName and MethodNameWithContext because we're trying to maintain backwards compatibility for users who are already using the one that doesn't take a context?
In this case, this is a brand new method, so I thought we would just want to have MFAValidate take a context as its first arg.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could be convinced either way!
The motivation here was that this lives in the existing (*client).Sys()
space where most methods have both MethodName
and MethodNameWithContext
whereas (*client).Auth()
is the opposite (outside of (*client).Auth().Token()
), so I wanted (*client).Auth().MFALogin()
to be as close to the existing (*client).Auth().Login()
as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! I don't have anything to add beyond what's already been commented on. Thanks for updating the existing tests to use the new methods here!
db67e9c
to
2b6ced7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, awesome job!
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* Add MFA support to login helpers
* Add MFA support to login helpers
* Add MFA support to login helpers
This PR adds MFA support for auth methods (login helpers).
Single Phase MFA with Login Helper
Pass in credentials using same format as
(*client).SetMFACreds()
as variadic parameter. This is a simple convenience approach around our existing code.Two Phase MFA with Login Helper
Flow when no credentials are provided. Performs checks on secret to confirm it contains MFARequirements for follow up call.
This PR also adds the new method
(*client).Sys().MFAValidateWithContext()
a convenience method for callingsys/mfa/validate
.