Define 'mfa' model for the Dell Enterprise SONiC collection #293
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ArunSaravananBalachandran
suggested changes
Jan 28, 2025
| description: | ||
| - Indicates whether the seed is plain text or encrypted | ||
| type: bool | ||
| mfa_security_profile: |
There was a problem hiding this comment.
Since its a suboption of MFA, the prefix is not required.
Suggested change
| mfa_security_profile: | |
| security_profile: |
| - RSA Global configuration | ||
| type: dict | ||
| suboptions: | ||
| rsa_security_profile: |
There was a problem hiding this comment.
Same as MFA.
Suggested change
| rsa_security_profile: | |
| security_profile: |
| - CAC-PIV Global configuration | ||
| type: dict | ||
| suboptions: | ||
| cacpiv_security_profile: |
There was a problem hiding this comment.
Same as MFA.
Suggested change
| cacpiv_security_profile: | |
| security_profile: |
Comment on lines
112
to
119
| cert_username_field: | ||
| description: | ||
| - SSH user certificate field for matching with SSH login username | ||
| type: str | ||
| cert_username_match: | ||
| description: | ||
| - Match option to parse the username from respective certificate field | ||
| type: str |
There was a problem hiding this comment.
Since only a set of pre-defined string values are supported for these options, those values can be listed as 'choices'.
| suboptions: | ||
| key_seed: | ||
| description: | ||
| - Encrypted seed for generating secure key in MFA service |
There was a problem hiding this comment.
Suggested change
| - Encrypted seed for generating secure key in MFA service | |
| - Seed for generating secure key in MFA service | |
| - Plain text seed i.e. I(key_seed_encrypted=false) will be stored in encrypted format in running-config, so idempotency will | |
| not be maintained and hence the task output will always be I(changed=true). |
| type: str | ||
| client_secret: | ||
| description: | ||
| - Encrypted password used in basic authorization header for MFA REST API |
There was a problem hiding this comment.
Suggested change
| - Encrypted password used in basic authorization header for MFA REST API | |
| - Password used in basic authorization header for MFA REST API | |
| - Plain text password i.e. I(client_secret_encrypted=false) will be stored in encrypted format in running-config, so idempotency will | |
| not be maintained and hence the task output will always be I(changed=true). |
| type: str | ||
| client_secret_encrypted: | ||
| description: | ||
| - Indicates whether the client-secret is plain text or encrypted |
There was a problem hiding this comment.
Suggested change
| - Indicates whether the client-secret is plain text or encrypted | |
| - Indicates whether I(client_secret) is plain text or encrypted |
| type: str | ||
| client_key: | ||
| description: | ||
| - Encrypted Key associated with the client-id, assigned by SecurID service |
There was a problem hiding this comment.
Suggested change
| - Encrypted Key associated with the client-id, assigned by SecurID service | |
| - Key associated with the client-id, assigned by SecurID service | |
| - Plain text key i.e. I(client_key_encrypted=false) will be stored in encrypted format in running-config, so idempotency will | |
| not be maintained and hence the task output will always be I(changed=true). |
| type: str | ||
| client_key_encrypted: | ||
| description: | ||
| - Indicates whether the client-key is plain text or encrypted |
There was a problem hiding this comment.
Suggested change
| - Indicates whether the client-key is plain text or encrypted | |
| - Indicates whether I(client_key) is plain text or encrypted |
ArunSaravananBalachandran
suggested changes
Jan 30, 2025
| config: | ||
| cac_piv_global: | ||
| cert_username_match: 'first-name' | ||
| state: overriden |
There was a problem hiding this comment.
Suggested change
| state: overriden | |
| state: overridden |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Initial posting of model definition for MFA (Multi-Factor Authentication)