-
Notifications
You must be signed in to change notification settings - Fork 540
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for login MFA resources (#1620)
- Loading branch information
Showing
28 changed files
with
1,964 additions
and
69 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
package mfa | ||
|
||
import ( | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
|
||
"github.com/hashicorp/terraform-provider-vault/internal/consts" | ||
) | ||
|
||
const ( | ||
MethodTypeDuo = "duo" | ||
ResourceNameDuo = resourceNamePrefix + MethodTypeDuo | ||
) | ||
|
||
var duoSchemaMap = map[string]*schema.Schema{ | ||
consts.FieldUsernameFormat: { | ||
Type: schema.TypeString, | ||
Description: "A template string for mapping Identity names to MFA methods.", | ||
Optional: true, | ||
}, | ||
consts.FieldSecretKey: { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "Secret key for Duo", | ||
Sensitive: true, | ||
}, | ||
consts.FieldIntegrationKey: { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "Integration key for Duo", | ||
Sensitive: true, | ||
}, | ||
consts.FieldAPIHostname: { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "API hostname for Duo", | ||
}, | ||
consts.FieldPushInfo: { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "Push information for Duo.", | ||
}, | ||
consts.FieldUsePasscode: { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
Default: false, | ||
Description: "Require passcode upon MFA validation.", | ||
}, | ||
} | ||
|
||
func GetDuoSchemaResource() (*schema.Resource, error) { | ||
config, _ := NewContextFuncConfig(MethodTypeDuo, PathTypeMethodID, nil, nil, map[string]string{ | ||
// API is inconsistent between create/update and read. | ||
"pushinfo": consts.FieldPushInfo, | ||
}) | ||
|
||
return getMethodSchemaResource(duoSchemaMap, config), nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
package mfa | ||
|
||
import ( | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
|
||
"github.com/hashicorp/terraform-provider-vault/internal/consts" | ||
) | ||
|
||
const ( | ||
MethodTypeLoginEnforcement = "login-enforcement" | ||
ResourceNameLoginEnforcement = resourceNamePrefix + "login_enforcement" | ||
) | ||
|
||
var loginEnforcementSchemaMap = map[string]*schema.Schema{ | ||
consts.FieldName: { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "Login enforcement name.", | ||
}, | ||
consts.FieldMFAMethodIDs: { | ||
Type: schema.TypeSet, | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeString, | ||
}, | ||
Required: true, | ||
Description: `Set of MFA method UUIDs.`, | ||
}, | ||
consts.FieldAuthMethodAccessors: { | ||
Type: schema.TypeSet, | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeString, | ||
}, | ||
Optional: true, | ||
Description: `Set of auth method accessor IDs.`, | ||
}, | ||
consts.FieldAuthMethodTypes: { | ||
Type: schema.TypeSet, | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeString, | ||
}, | ||
Optional: true, | ||
Description: `Set of auth method types.`, | ||
}, | ||
consts.FieldIdentityGroupIDs: { | ||
Type: schema.TypeSet, | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeString, | ||
}, | ||
Optional: true, | ||
Description: `Set of identity group IDs.`, | ||
}, | ||
consts.FieldIdentityEntityIDs: { | ||
Type: schema.TypeSet, | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeString, | ||
}, | ||
Optional: true, | ||
Description: `Set of identity entity IDs.`, | ||
}, | ||
} | ||
|
||
func GetLoginEnforcementSchemaResource() (*schema.Resource, error) { | ||
config, err := NewContextFuncConfig(MethodTypeLoginEnforcement, PathTypeName, nil, nil, nil) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
r := getSchemaResource(loginEnforcementSchemaMap, config, mustAddCommonSchema) | ||
for k, v := range r.Schema { | ||
switch k { | ||
case consts.FieldUUID, consts.FieldName: | ||
v.ForceNew = true | ||
} | ||
} | ||
|
||
return r, nil | ||
} |
Oops, something went wrong.