Add support for Okta, TOTP and PingID MFA methods #1395

vinay-gopalan · 2022-03-30T00:29:39Z

Adds three new resources to support Okta, TOTP and PingID sys/mfa methods.

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestMFAOktaBasic'
=== RUN   TestMFAOktaBasic
--- PASS: TestMFAOktaBasic (1.73s)

$ make testacc TESTARGS='-run=TestMFATOTPBasic'
=== RUN   TestMFATOTPBasic
--- PASS: TestMFATOTPBasic (1.65s)

benashz

Looking good. I've completed the first pass. Added some suggestions/comments etc.

benashz · 2022-03-31T20:50:21Z

vault/resource_mfa_okta_test.go

+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testutil.TestEntPreCheck(t) },
+		Providers: testProviders,
+		Steps: []resource.TestStep{


Probably should add an import step.

Added import step in 5d506d7

benashz · 2022-03-31T20:50:41Z

vault/resource_mfa_totp_test.go

+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testutil.TestEntPreCheck(t) },
+		Providers: testProviders,
+		Steps: []resource.TestStep{


Probably should add an import step.

Added import step in 5d506d7

vault/resource_mfa_pingid_test.go

benashz · 2022-04-01T13:42:50Z

vault/resource_mfa_okta.go

+func mfaOktaRequestData(d *schema.ResourceData) map[string]interface{} {
+	data := map[string]interface{}{}
+
+	nonBooleanAPIFields := []string{


nit: I think it's okay just name this variable fields like you have in other functions, and to move it relative to its usage.

Fixed in 5d506d7

benashz · 2022-04-01T14:12:46Z

vault/resource_mfa_okta.go

+			"mount_accessor": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.",


nit: fold long lines whenever possible

Fixed in 5d506d7

benashz · 2022-04-01T14:35:14Z

vault/resource_mfa_totp_test.go

+)
+
+func TestMFATOTPBasic(t *testing.T) {
+	mfaTOTPPath := acctest.RandomWithPrefix("mfa-totp")


Shadow declaration of mfaTOTPPath().

It's preferable to use generic variable names in this scope.

Suggested change

mfaTOTPPath := acctest.RandomWithPrefix("mfa-totp")

path := acctest.RandomWithPrefix("mfa-totp")

Fixed in 5d506d7

benashz · 2022-04-01T14:35:52Z

vault/resource_mfa_totp_test.go

+	return fmt.Sprintf(`
+resource "vault_mfa_totp" "test" {
+  name                  = %q
+  issuer        		= "hashicorp"	 


Suggested change

issuer = "hashicorp"

issuer = "hashicorp"

Fixed in 5d506d7

benashz · 2022-04-01T14:37:15Z

vault/resource_mfa_totp_test.go

+  issuer        		= "hashicorp"	 
+  period       			= 60
+  algorithm				= "SHA256"
+  digits				= 8


Mix of spaces and hard tabs

Fixed in 5d506d7

vault/resource_mfa_okta.go

benashz · 2022-04-01T14:51:38Z

vault/resource_mfa_okta.go

+	return data
+}
+
+func mfaOktaWrite(d *schema.ResourceData, meta interface{}) error {


Since we are using this function for both create and update, would it make sense to give it a more explicit name e.g. mfaOktaCreateOrUpdate()

benashz

Looks great! Ship it!

vault/resource_mfa_okta.go

added support for Okta, TOTP and PingID MFA methods

c7e0c8f

github-actions bot added the size/XL label Mar 30, 2022

vinay-gopalan added 2 commits March 31, 2022 13:49

add computed config fields from Vault for pingId

6807afd

add username_format in write opern

3a95157

benashz added this to the 3.5.0 milestone Mar 31, 2022

benashz reviewed Apr 1, 2022

View reviewed changes

add import steps to MFA tests

5d506d7

vinay-gopalan requested a review from benashz April 1, 2022 19:38

vinay-gopalan added 2 commits April 1, 2022 13:38

read fields not returned by Vault from TF config

2d8f152

add docs for new MFA resources

cf07601

github-actions bot added the documentation label Apr 1, 2022

fix superfluous updates and add no-op update func

d3274c0

benashz approved these changes Apr 4, 2022

View reviewed changes

vault/resource_mfa_okta.go Show resolved Hide resolved

vinay-gopalan merged commit 13e8833 into main Apr 4, 2022

clintmod mentioned this pull request Aug 2, 2022

Add support for Login MFA #1431

Closed

marcboudreau pushed a commit to marcboudreau/terraform-provider-vault that referenced this pull request Nov 6, 2022

Add support for Okta, TOTP and PingID MFA methods (hashicorp#1395)

efb37bd

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for Okta, TOTP and PingID MFA methods #1395

Add support for Okta, TOTP and PingID MFA methods #1395

vinay-gopalan commented Mar 30, 2022

benashz left a comment

benashz Mar 31, 2022

vinay-gopalan Apr 1, 2022

benashz Mar 31, 2022

vinay-gopalan Apr 1, 2022

benashz Apr 1, 2022

vinay-gopalan Apr 1, 2022

benashz Apr 1, 2022

vinay-gopalan Apr 1, 2022

benashz Apr 1, 2022

vinay-gopalan Apr 1, 2022

benashz Apr 1, 2022

vinay-gopalan Apr 1, 2022

benashz Apr 1, 2022

vinay-gopalan Apr 1, 2022

benashz Apr 1, 2022

benashz left a comment

	mfaTOTPPath := acctest.RandomWithPrefix("mfa-totp")
	path := acctest.RandomWithPrefix("mfa-totp")

Add support for Okta, TOTP and PingID MFA methods #1395

Add support for Okta, TOTP and PingID MFA methods #1395

Conversation

vinay-gopalan commented Mar 30, 2022

benashz left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

benashz left a comment

Choose a reason for hiding this comment