generated from coulomb/repo-seed
Fix interactive MFA repair prompt
This commit is contained in:
@@ -24,8 +24,15 @@ KEYCAPE_DEPLOYMENT="${KEYCAPE_DEPLOYMENT:-keycape}"
|
|||||||
KEYCAPE_SECRET="${KEYCAPE_SECRET:-keycape-config}"
|
KEYCAPE_SECRET="${KEYCAPE_SECRET:-keycape-config}"
|
||||||
KEYCAPE_TOKEN_SECRET="${KEYCAPE_TOKEN_SECRET:-keycape-pi-token}"
|
KEYCAPE_TOKEN_SECRET="${KEYCAPE_TOKEN_SECRET:-keycape-pi-token}"
|
||||||
|
|
||||||
read -r -s -p "privacyIDEA pi-admin password: " PI_ADMIN_PASSWORD
|
if [[ -r /dev/tty ]]; then
|
||||||
printf "\n" >&2
|
printf "privacyIDEA pi-admin password: " > /dev/tty
|
||||||
|
IFS= read -r -s PI_ADMIN_PASSWORD < /dev/tty
|
||||||
|
printf "\n" > /dev/tty
|
||||||
|
else
|
||||||
|
printf "privacyIDEA pi-admin password: " >&2
|
||||||
|
IFS= read -r -s PI_ADMIN_PASSWORD
|
||||||
|
printf "\n" >&2
|
||||||
|
fi
|
||||||
if [[ -z "$PI_ADMIN_PASSWORD" ]]; then
|
if [[ -z "$PI_ADMIN_PASSWORD" ]]; then
|
||||||
echo "[FAIL] Empty pi-admin password." >&2
|
echo "[FAIL] Empty pi-admin password." >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
|||||||
@@ -1408,11 +1408,9 @@ def admin_identity_command_payloads(data: dict[str, Any]) -> list[dict[str, str]
|
|||||||
if refresh_pi_token_state == "blocked":
|
if refresh_pi_token_state == "blocked":
|
||||||
refresh_pi_token_reason = "Configure OpenBao OIDC auth before repairing the MFA check path."
|
refresh_pi_token_reason = "Configure OpenBao OIDC auth before repairing the MFA check path."
|
||||||
refresh_pi_token_command = (
|
refresh_pi_token_command = (
|
||||||
"bash <<'NETKINGDOM_KEYCAPE_PI_TOKEN_REFRESH'\n"
|
|
||||||
"set -euo pipefail\n"
|
"set -euo pipefail\n"
|
||||||
f"cd {keycape_dir}\n"
|
f"cd {keycape_dir}\n"
|
||||||
f"KUBECTL={kubectl_bin} bash ./refresh-pi-token-live.sh platform-root\n"
|
f"KUBECTL={kubectl_bin} bash ./refresh-pi-token-live.sh platform-root\n"
|
||||||
"NETKINGDOM_KEYCAPE_PI_TOKEN_REFRESH\n"
|
|
||||||
)
|
)
|
||||||
login_command = (
|
login_command = (
|
||||||
"# Terminal 1: bridge the browser callback to the bao CLI running in the OpenBao pod.\n"
|
"# Terminal 1: bridge the browser callback to the bao CLI running in the OpenBao pod.\n"
|
||||||
|
|||||||
Reference in New Issue
Block a user