Maniphest T295579

Cookbook to manage 2FA state for a user
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MoritzMuehlenhoff
	Nov 12 2021, 11:02 AM

Tags

Referenced Files

None

Subscribers

MoritzMuehlenhoff

Description

We need a cookbook which removes a registered U2F token from the device database (so that it can get easily revoked if a device is stolen/lost/broken).

And once there's a cookbook we could also fold calling the current modify-mfa script into it (so simplify management for whoever's on SRE clinic duty). Maybe something like the following?

sre.idm.u2f [--enable|--disable|--reset-token] $USER

Details

	Subject	Repo	Branch	Lines +/-
	cookbook sre.idm.u2f: add cookbook to enable/disable u2f	operations/cookbooks	master	+86 -0
	apereo_cas: add cas_u2f script	operations/puppet	production	+149 -0

Customize query in gerrit

Related Objects

Mentioned In: rCCKB4226e65c2892: cookbook sre.idm.u2f: add cookbook to enable/disable u2f

Event Timeline

MoritzMuehlenhoff created this task.Nov 12 2021, 11:02 AM

MoritzMuehlenhoff added a project: SRE.Nov 12 2021, 11:10 AM

Change 739276 had a related patch set uploaded (by Jbond; author: jbond):

[operations/cookbooks@master] cookbook sre.idm.u2f: add cookbook to enable/disable u2f

https://gerrit.wikimedia.org/r/739276

gerritbot added a project: Patch-For-Review.Nov 16 2021, 3:52 PM

Change 739279 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] apereo_cas: add cas_u2f script

https://gerrit.wikimedia.org/r/739279

Change 739279 merged by Jbond:

[operations/puppet@production] apereo_cas: add cas_u2f script

https://gerrit.wikimedia.org/r/739279

Change 739276 merged by jenkins-bot:

[operations/cookbooks@master] cookbook sre.idm.u2f: add cookbook to enable/disable u2f

https://gerrit.wikimedia.org/r/739276

Maintenance_bot removed a project: Patch-For-Review.Nov 17 2021, 2:10 PM

MatthewVernon removed a project: SRE.Dec 14 2021, 3:31 PM

jbond closed this task as Resolved.Dec 14 2021, 4:04 PM

jbond claimed this task.

jbond mentioned this in rCCKB4226e65c2892: cookbook sre.idm.u2f: add cookbook to enable/disable u2f.Dec 14 2022, 3:29 PM