Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add
second_factors
and prefer it oversecond_factor
.We don't currently plan on removing second_factor, as this would require a more complicated migration process. Instead we will just derive
second_factors
fromsecond_factor
(and vice versa) and output a warning log whensecond_factor
is set.There is no plan to deprecate
second_factor
completely. Whensecond_factor
is set andsecond_factors
is not, or vice versa, we convert from one to the other.In a follow up PR I will update as much logic as possible to use
second_factors
instead ofsecond_factor
, as they are two sources of the same information.In this PR I've also added the SSO second_factor type. It is currently completely unused, but we'd rather get the proto changes into v17 rather than waiting until SSO MFA is fully released in a minor version.
Follow up TODO: Update docs.
Changelog: Add new second_factors field to cluster auth preference for more clarity and granularity over which 2fa methods are enabled in a cluster.
Depends on #47230