Skip to content

Commit

Permalink
Merge pull request #405 from ImMin5/master
Browse files Browse the repository at this point in the history 
Fix update service account with secret
  • Loading branch information
@ImMin5
ImMin5 authored Nov 5, 2024
2 parents 682c3ec + c17fb03 commit 7c5ba07
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
11 changes: 11 additions & 0 deletions src/spaceone/identity/service/service_account_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,17 @@ def update(
params.data,
)

if (
service_account_vo.secret_id
and service_account_vo.project_id != params.project_id
):
secret_manager = SecretManager()
update_secret_params = {
"secret_id": service_account_vo.secret_id,
"project_id": params.project_id,
}
secret_manager.update_secret(update_secret_params)

service_account_vo = self.service_account_mgr.update_service_account_by_vo(
params.dict(exclude_unset=True), service_account_vo
)
Expand Down
12 changes: 8 additions & 4 deletions src/spaceone/identity/service/token_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,12 @@ def issue(self, params: TokenIssueRequest) -> Union[TokenResponse, dict]:

user_vo = token_mgr.user
user_mfa = user_vo.mfa.to_dict() if user_vo.mfa else {}
mfa_type = user_mfa.get('mfa_type')
mfa_type = user_mfa.get("mfa_type")
permissions = self._get_permissions_from_required_actions(user_vo)

mfa_user_id = user_vo.user_id

if user_mfa.get("state", "DISABLED") == "ENABLED" and params.auth_type == "LOCAL":
if user_mfa.get("state", "DISABLED") == "ENABLED" and params.auth_type != "MFA":
mfa_manager = MFAManager.get_manager_by_mfa_type(mfa_type)
if mfa_type == "EMAIL":
mfa_email = user_mfa["options"].get("email")
Expand All @@ -100,9 +100,13 @@ def issue(self, params: TokenIssueRequest) -> Union[TokenResponse, dict]:
elif mfa_type == "OTP":
secret_manager: SecretManager = self.locator.get_manager(SecretManager)
user_secret_id = user_mfa["options"].get("user_secret_id")
otp_secret_key = secret_manager.get_user_otp_secret_key(user_secret_id, domain_id)
otp_secret_key = secret_manager.get_user_otp_secret_key(
user_secret_id, domain_id
)

mfa_manager.set_cache_otp_mfa_secret_key(otp_secret_key, user_vo.user_id, domain_id, credentials)
mfa_manager.set_cache_otp_mfa_secret_key(
otp_secret_key, user_vo.user_id, domain_id, credentials
)

raise ERROR_MFA_REQUIRED(user_id=mfa_user_id, mfa_type=mfa_type)

Expand Down

0 comments on commit 7c5ba07

Please sign in to comment.