forwarding requests subjected to Login MFA to the active node (#15009)
* forwarding requests subjected to Login MFA to the active node * CL, and making fmt happy
This commit is contained in:
parent
5074cec5cb
commit
a12271af46
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
auth: forward requests subject to login MFA from perfStandby to Active node
|
||||||
|
```
|
|
@ -10,10 +10,9 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/hashicorp/go-secure-stdlib/strutil"
|
"github.com/hashicorp/go-secure-stdlib/strutil"
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
|
|
||||||
"github.com/hashicorp/vault/sdk/helper/consts"
|
"github.com/hashicorp/vault/sdk/helper/consts"
|
||||||
"github.com/hashicorp/vault/sdk/logical"
|
"github.com/hashicorp/vault/sdk/logical"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
func BenchmarkBackendRoute(b *testing.B) {
|
func BenchmarkBackendRoute(b *testing.B) {
|
||||||
|
|
|
@ -1506,6 +1506,12 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if len(matchedMfaEnforcementList) > 0 && len(req.MFACreds) == 0 {
|
} else if len(matchedMfaEnforcementList) > 0 && len(req.MFACreds) == 0 {
|
||||||
|
// two-phase login MFA requests should be forwarded
|
||||||
|
// to the active node, as the validation should only
|
||||||
|
// happen in that node
|
||||||
|
if c.perfStandby {
|
||||||
|
return nil, nil, logical.ErrPerfStandbyPleaseForward
|
||||||
|
}
|
||||||
mfaRequestID, err := uuid.GenerateUUID()
|
mfaRequestID, err := uuid.GenerateUUID()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
|
|
Loading…
Reference in New Issue