Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VAULT-5885: Fix erroneous success message in case of two-phase MFA, and provide MFA information in table format #15428

Merged
merged 7 commits into from
May 17, 2022
Merged

VAULT-5885: Fix erroneous success message in case of two-phase MFA, and provide MFA information in table format #15428

merged 7 commits into from
May 17, 2022

Conversation

VioletHynes
Copy link
Contributor

@VioletHynes VioletHynes commented May 13, 2022
edited
Loading

Two issues have been fixed:

  • The success message being erroneously reported during a two-phase MFA flow
  • The MFA information being missing during a two-phase MFA flow unless -format=json was provided

Two-step MFA will now look something like this:

violethynes@violethynes-C02CW1WWMD6R Repositories % vault login -method userpass username=alice password=kQ3BlE+5M1libWJc
A login request was issued that is subject to MFA validation. Please make sure
to validate the login by sending another request to sys/mfa/validate endpoint.

WARNING! The VAULT_TOKEN environment variable is set! The value of this
variable will take precedence; if this is unwanted please unset VAULT_TOKEN or
update its value accordingly.

WARNING! The following warnings were returned from Vault:

  * A login request was issued that is subject to MFA validation. Please
  make sure to validate the login by sending another request to mfa/validate
  endpoint.

Key                                        Value
---                                        -----
mfa_request_id                             20424e2f-e963-b23d-00de-01f41209fbf9
mfa_constraint_l22_pingid_id               ac25e939-4b7e-41ec-db50-bc65da01a642
mfa_constraint_l22_pingid_uses_passcode    false
mfa_constraint_l22_totp_id                 34dade06-351a-e576-537e-0c7d5b0e6d84
mfa_constraint_l22_totp_uses_passcode      true

@hashicorp-cla
Copy link

hashicorp-cla commented May 13, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@VioletHynes VioletHynes requested review from swayne275 and hghaf099 May 13, 2022 19:43
swayne275
swayne275 reviewed May 13, 2022
View reviewed changes
Copy link
Contributor

@swayne275 swayne275 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few little things, but looking good!

command/format.go Show resolved Hide resolved
command/format.go Show resolved Hide resolved
command/login.go Show resolved Hide resolved
command/login.go Show resolved Hide resolved
hghaf099
hghaf099 reviewed May 13, 2022
View reviewed changes
Copy link
Contributor

@hghaf099 hghaf099 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! I just have some questions that might need discussion with the devex team.

changelog/15428.txt Outdated Show resolved Hide resolved
command/format.go Show resolved Hide resolved
command/format.go Show resolved Hide resolved
command/login.go Show resolved Hide resolved
command/format.go Show resolved Hide resolved
hghaf099
hghaf099 approved these changes May 16, 2022
View reviewed changes
Copy link
Contributor

@hghaf099 hghaf099 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@VioletHynes VioletHynes requested review from hghaf099 and swayne275 May 16, 2022 17:19
swayne275
swayne275 reviewed May 16, 2022
View reviewed changes
changelog/15428.txt Outdated
@@ -0,0 +1,3 @@
```release-note:bug
auth: Fixed erroneous success message when using vault login in case of two-phase MFA, and fixed MFA information missing from table format when using vault login.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we also mention removing the login information from the output?

hghaf099
hghaf099 approved these changes May 16, 2022
View reviewed changes
Copy link
Contributor

@hghaf099 hghaf099 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I posted a comment, otherwise LGTM

swayne275
swayne275 approved these changes May 17, 2022
View reviewed changes
Copy link
Contributor

@swayne275 swayne275 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be good to split up the changelog, but approved either way!

changelog/15428.txt
@@ -0,0 +1,3 @@
```release-note:bug
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: i think you can have multiple blocks here to make it a little easier to parse (maybe one block per thing?)

see changelog/_1622.txt for an example

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, good suggestion, I didn't see any example of this in any changelogs that I looked at, I'll make this change :)

@VioletHynes VioletHynes merged commit 1993a54 into main May 17, 2022
@VioletHynes VioletHynes deleted the violethynes/VAULT-5885 branch May 17, 2022 18:03
Merged
Gabrielopesantos pushed a commit to Gabrielopesantos/vault that referenced this pull request Jun 6, 2022
@VioletHynes @Gabrielopesantos
VAULT-5885: Fix erroneous success message in case of two-phase MFA, a…
5715589 
…nd provide MFA information in table format (hashicorp#15428)

* VAULT-5885: Fix erroneous success message in case of two-phase MFA, and provide MFA information in table format

* VAULT-5885 Add changelog

* VAULT-5885 Update changelog as per PR comments

* VAULT-5885 Update changelog category to just 'auth'

* VAULT-5885 Hide useless token info in two-phase MFA case

* VAULT-5885 Update changelog to reflect token info now no longer present

* VAULT-5885 split up changelog into three blocks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccapurso ccapurso ccapurso left review comments

@hghaf099 hghaf099 hghaf099 approved these changes

@swayne275 swayne275 swayne275 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@VioletHynes @hashicorp-cla @ccapurso @swayne275 @hghaf099