Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add second_Factors #47233

Open
wants to merge 5 commits into
base: joerger/enum-helper
Choose a base branch
from
Open

Add second_Factors #47233

wants to merge 5 commits into from
+2,416 −2,120

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Oct 4, 2024
edited
Loading

Add second_factors and prefer it over second_factor.

We don't currently plan on removing second_factor, as this would require a more complicated migration process. Instead we will just derive second_factors from second_factor (and vice versa) and output a warning log when second_factor is set.

There is no plan to deprecate second_factor completely. When second_factor is set and second_factors is not, or vice versa, we convert from one to the other.

In a follow up PR I will update as much logic as possible to use second_factors instead of second_factor, as they are two sources of the same information.

In this PR I've also added the SSO second_factor type. It is currently completely unused, but we'd rather get the proto changes into v17 rather than waiting until SSO MFA is fully released in a minor version.

Follow up TODO: Update docs.

Changelog: Add new second_factors field to cluster auth preference for more clarity and granularity over which 2fa methods are enabled in a cluster.

Depends on #47230

@Joerger Joerger changed the title Joerger/add second factors Add second_Factors Oct 4, 2024
@Joerger Joerger mentioned this pull request Oct 4, 2024
Open
@Joerger Joerger marked this pull request as ready for review October 4, 2024 21:24
Joerger
Joerger commented Oct 4, 2024
View reviewed changes
api/types/authentication.go
// IsSecondFactorEnforced checks if second factor is enforced
// (not disabled or set to optional).
// IsSecondFactorEnabled checks if second factor is enabled.
IsSecondFactorEnabled() bool
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: this will be used in the follow up PR, but I'd rather add it here with these changes.

@Joerger Joerger mentioned this pull request Oct 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codingllama codingllama Awaiting requested review from codingllama

@rosstimothy rosstimothy Awaiting requested review from rosstimothy

@gzdunek gzdunek Awaiting requested review from gzdunek

@tigrato tigrato Awaiting requested review from tigrato

Assignees
No one assigned
Labels
size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Joerger