Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VAULT-5885: Fix erroneous success message in case of two-phase MFA, and provide MFA information in table format #15428

Merged
merged 7 commits into from
May 17, 2022
+51 −24
Merged

VAULT-5885: Fix erroneous success message in case of two-phase MFA, and provide MFA information in table format #15428

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fe65481
VAULT-5885: Fix erroneous success message in case of two-phase MFA, a…
VioletHynes May 13, 2022
17df0c3
VAULT-5885 Add changelog
VioletHynes May 13, 2022
0259b56
VAULT-5885 Update changelog as per PR comments
VioletHynes May 16, 2022
50316cb
VAULT-5885 Update changelog category to just 'auth'
VioletHynes May 16, 2022
91e4982
VAULT-5885 Hide useless token info in two-phase MFA case
VioletHynes May 16, 2022
3b9d81a
VAULT-5885 Update changelog to reflect token info now no longer present
VioletHynes May 16, 2022
45ce67f
VAULT-5885 split up changelog into three blocks
VioletHynes May 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
VAULT-5885 Hide useless token info in two-phase MFA case
  • Loading branch information
@VioletHynes
VioletHynes committed May 16, 2022
commit 91e49822227a11e1c6d7492fc6ee2b3356a04142
34 changes: 17 additions & 17 deletions command/format.go
View file
Original file line number Diff line number Diff line change
@@ -385,23 +385,6 @@ func (t TableFormatter) OutputSecret(ui cli.Ui, secret *api.Secret) error {
}

if secret.Auth != nil {
out = append(out, fmt.Sprintf("token %s %s", hopeDelim, secret.Auth.ClientToken))
out = append(out, fmt.Sprintf("token_accessor %s %s", hopeDelim, secret.Auth.Accessor))
// If the lease duration is 0, it's likely a root token, so output the
// duration as "infinity" to clear things up.
if secret.Auth.LeaseDuration == 0 {
out = append(out, fmt.Sprintf("token_duration %s %s", hopeDelim, "∞"))
} else {
out = append(out, fmt.Sprintf("token_duration %s %v", hopeDelim, humanDurationInt(secret.Auth.LeaseDuration)))
}
out = append(out, fmt.Sprintf("token_renewable %s %t", hopeDelim, secret.Auth.Renewable))
out = append(out, fmt.Sprintf("token_policies %s %q", hopeDelim, secret.Auth.TokenPolicies))
out = append(out, fmt.Sprintf("identity_policies %s %q", hopeDelim, secret.Auth.IdentityPolicies))
out = append(out, fmt.Sprintf("policies %s %q", hopeDelim, secret.Auth.Policies))
for k, v := range secret.Auth.Metadata {
out = append(out, fmt.Sprintf("token_meta_%s %s %v", k, hopeDelim, v))
}

if secret.Auth.MFARequirement != nil {
out = append(out, fmt.Sprintf("mfa_request_id %s %s", hopeDelim, secret.Auth.MFARequirement.MFARequestID))

@@ -411,6 +394,23 @@ func (t TableFormatter) OutputSecret(ui cli.Ui, secret *api.Secret) error {
out = append(out, fmt.Sprintf("mfa_constraint_%s_%s_uses_passcode %s %t", k, constraint.Type, hopeDelim, constraint.UsesPasscode))
}
}
} else { // Token information only makes sense if no further MFA requirement (i.e. if we actually have a token)
out = append(out, fmt.Sprintf("token %s %s", hopeDelim, secret.Auth.ClientToken))
out = append(out, fmt.Sprintf("token_accessor %s %s", hopeDelim, secret.Auth.Accessor))
// If the lease duration is 0, it's likely a root token, so output the
// duration as "infinity" to clear things up.
if secret.Auth.LeaseDuration == 0 {
out = append(out, fmt.Sprintf("token_duration %s %s", hopeDelim, "∞"))
} else {
out = append(out, fmt.Sprintf("token_duration %s %v", hopeDelim, humanDurationInt(secret.Auth.LeaseDuration)))
}
out = append(out, fmt.Sprintf("token_renewable %s %t", hopeDelim, secret.Auth.Renewable))
out = append(out, fmt.Sprintf("token_policies %s %q", hopeDelim, secret.Auth.TokenPolicies))
out = append(out, fmt.Sprintf("identity_policies %s %q", hopeDelim, secret.Auth.IdentityPolicies))
out = append(out, fmt.Sprintf("policies %s %q", hopeDelim, secret.Auth.Policies))
for k, v := range secret.Auth.Metadata {
out = append(out, fmt.Sprintf("token_meta_%s %s %v", k, hopeDelim, v))
}
}
}