Adds MFA Duo configuration #443

petems · 2019-06-11T15:15:03Z

Adds ability to configure MFA with Duo: https://www.vaultproject.io/docs/enterprise/mfa/mfa-duo.html

tyrannosaurus-becks

Thanks for working on this, @petems ! Just a couple of minor things.

vault/resource_mfa_duo_test.go

vault/resource_mfa_duo.go

petems · 2019-06-13T09:52:43Z

Hmm, test failure is for TestDataSourcePolicyDocument... can we run again?

tyrannosaurus-becks · 2019-07-01T19:02:26Z

Looks like I get a test failure when I run them locally against Vault enterprise!

$ go test -v -run TestMFADuoBasic
=== RUN   TestMFADuoBasic
--- FAIL: TestMFADuoBasic (0.06s)
    testing.go:568: Step 0 error: After applying this step, the plan was not empty:
        
        DIFF:
        
        UPDATE: vault_mfa_duo.test
          api_hostname:    "api-2b5c39f5.duosecurity.com" => "api-2b5c39f5.duosecurity.com"
          id:              "mfa-duo-4083353440263821461" => "mfa-duo-4083353440263821461"
          integration_key: "" => "BIACEUEAXI20BNWTEYXT"
          mount_accessor:  "auth_userpass_59c73587" => "auth_userpass_59c73587"
          name:            "mfa-duo-4083353440263821461" => "mfa-duo-4083353440263821461"
          push_info:       "" => "from=loginortal&domain=example.com"
          secret_key:      "" => "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz"
          username_format: "user@example.com" => "user@example.com"
        
        
        
        STATE:
        
        vault_auth_backend.userpass:
          ID = userpass-6631647075597508582
          provider = provider.vault
          accessor = auth_userpass_59c73587
          default_lease_ttl_seconds = 0
          description = 
          listing_visibility = 
          local = false
          max_lease_ttl_seconds = 0
          path = userpass-6631647075597508582
          type = userpass
        vault_mfa_duo.test:
          ID = mfa-duo-4083353440263821461
          provider = provider.vault
          api_hostname = api-2b5c39f5.duosecurity.com
          integration_key = 
          mount_accessor = auth_userpass_59c73587
          name = mfa-duo-4083353440263821461
          push_info = 
          secret_key = 
          username_format = user@example.com
        
          Dependencies:
            vault_auth_backend.userpass
    testing.go:629: Error destroying resource! WARNING: Dangling resources
        may exist. The full state and error is shown below.
        
        Error: config is invalid: cannot write to a path ending in '/'
        
        State: vault_auth_backend.userpass:
          ID = userpass-6631647075597508582
          provider = provider.vault
          accessor = auth_userpass_59c73587
          default_lease_ttl_seconds = 0
          description = 
          listing_visibility = 
          local = false
          max_lease_ttl_seconds = 0
          path = userpass-6631647075597508582
          type = userpass
        vault_mfa_duo.test:
          ID = mfa-duo-4083353440263821461
          provider = provider.vault
          api_hostname = api-2b5c39f5.duosecurity.com
          integration_key = 
          mount_accessor = auth_userpass_59c73587
          name = mfa-duo-4083353440263821461
          push_info = 
          secret_key = 
          username_format = user@example.com
        
          Dependencies:
            vault_auth_backend.userpass
FAIL
exit status 1
FAIL	github.com/terraform-providers/terraform-provider-vault/vault	0.069s

vault/resource_mfa_duo_test.go

vault/resource_mfa_duo.go

petems · 2019-08-02T22:02:40Z

@tyrannosaurus-becks The tests should pass now! The API wont return the secret key and integration key, so it was overwriting them as blank second time round.

tyrannosaurus-becks

Yep, the test passes for me now. Thanks @petems !!! :-)

Adds MFA Duo configuration

ghost added size/XL documentation labels Jun 11, 2019

petems force-pushed the add_duo_mfa branch from 70d1a4a to 2d8122a Compare June 11, 2019 15:16

tyrannosaurus-becks self-assigned this Jun 12, 2019

tyrannosaurus-becks reviewed Jun 12, 2019

View reviewed changes

vault/resource_mfa_duo_test.go Outdated Show resolved Hide resolved

vault/resource_mfa_duo.go Show resolved Hide resolved

petems force-pushed the add_duo_mfa branch from 1354ad3 to 40ab1af Compare June 12, 2019 23:59

ghost added size/L and removed size/XL labels Jun 12, 2019

petems force-pushed the add_duo_mfa branch from 40ab1af to 4e2be47 Compare June 13, 2019 00:04

petems force-pushed the add_duo_mfa branch from 4e2be47 to fb65eca Compare June 25, 2019 14:44

tyrannosaurus-becks reviewed Jul 1, 2019

View reviewed changes

vault/resource_mfa_duo_test.go Show resolved Hide resolved

tyrannosaurus-becks reviewed Jul 2, 2019

View reviewed changes

vault/resource_mfa_duo.go Show resolved Hide resolved

petems force-pushed the add_duo_mfa branch 3 times, most recently from d07c8ec to 2175386 Compare August 2, 2019 21:51

Adds MFA Duo configuration

81c0dfa

petems force-pushed the add_duo_mfa branch from 2175386 to 81c0dfa Compare August 2, 2019 22:01

tyrannosaurus-becks approved these changes Aug 2, 2019

View reviewed changes

tyrannosaurus-becks merged commit d7761aa into hashicorp:master Aug 2, 2019

dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021

Merge pull request hashicorp#443 from petems/add_duo_mfa

20534bb

Adds MFA Duo configuration

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adds MFA Duo configuration #443

Adds MFA Duo configuration #443

petems commented Jun 11, 2019

tyrannosaurus-becks left a comment

petems commented Jun 13, 2019

tyrannosaurus-becks commented Jul 1, 2019

petems commented Aug 2, 2019

tyrannosaurus-becks left a comment

Adds MFA Duo configuration #443

Adds MFA Duo configuration #443

Conversation

petems commented Jun 11, 2019

tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

petems commented Jun 13, 2019

tyrannosaurus-becks commented Jul 1, 2019

petems commented Aug 2, 2019

tyrannosaurus-becks left a comment

Choose a reason for hiding this comment