From 9bb1e0c728713704e955c6e5fd2aee6659e00a92 Mon Sep 17 00:00:00 2001
From: Peter Chen <peter-h.chen@broadcom.com>
Date: Tue, 6 Feb 2024 16:57:06 -0800
Subject: [PATCH] remove: configs for deprecated MFA feature

- the MFA feature has long been deprecated
and will soon be removed in the next release,
see: https://github.com/cloudfoundry/uaa/pull/2717
- see breaking change planning: https://github.com/cloudfoundry/uaa-release/issues/739

[#186854489]
---
 jobs/uaa/spec                           | 18 ------------------
 jobs/uaa/templates/config/uaa.yml.erb   | 12 ------------
 spec/compare/all-properties-set-uaa.yml |  9 ---------
 spec/compare/bosh-lite-uaa.yml          |  3 ---
 spec/input/all-properties-set.yml       |  9 ---------
 spec/input/bosh-lite.yml                |  3 ---
 6 files changed, 54 deletions(-)

diff --git a/jobs/uaa/spec b/jobs/uaa/spec
index 1ac46f3487..9e83551211 100644
--- a/jobs/uaa/spec
+++ b/jobs/uaa/spec
@@ -987,24 +987,6 @@ properties:
     description: "If set to false, only users pre-populated in the UAA user database will be allowed to authenticate via LDAP. If set to true, any user from LDAP will be allowed to authenticate and an internal user will be created if one does not yet exist."
     default: true
 
-  # Multifactor Authentication
-  login.mfa.providers:
-    description: "NOTE: This feature has been deprecated and will be removed in a future release. A list of providers and their configuration. Provider names must be alphanumeric. Currently only `google-authenticator` is supported with no additional attributes. Issuer is optional."
-    example:
-      myExampleProvider1:
-        type: google-authenticator
-        config:
-          providerDescription: test adding a google authenticator to the default zone
-          issuer: uaa
-    default: ~
-
-  login.mfa.providerName:
-    description: "NOTE: This feature has been deprecated and will be removed in a future release. The unique name of the MFA provider to use for default zone."
-    default: ~
-  login.mfa.enabled:
-    description: "NOTE: This feature has been deprecated and will be removed in a future release. Set true to enable Multi-factor Authentication (MFA) for the default zone. Defaults to false."
-    default: false
-
   # OpenID Connect/OAuth
 
   login.oauth.providers:
diff --git a/jobs/uaa/templates/config/uaa.yml.erb b/jobs/uaa/templates/config/uaa.yml.erb
index e68ead4d16..c5142103e5 100644
--- a/jobs/uaa/templates/config/uaa.yml.erb
+++ b/jobs/uaa/templates/config/uaa.yml.erb
@@ -795,18 +795,6 @@
     end
   end
 
-  if_p('login.mfa.providers') do |providers|
-    providers.each do |mfaName, provider|
-      provider.each do |key,value|
-        add_value(params, value, 'login', 'mfa', 'providers', mfaName, key)
-      end
-      add_value(params, p('login.mfa.providers.'+mfaName+'.config.issuer'), 'login', 'mfa', 'providers', mfaName, 'config', 'issuer') if p_opt('login.mfa.providers.'+mfaName+'.config.issuer')
-    end
-  end
-
-  add_value(params, p('login.mfa.providerName'), 'login', 'mfa', 'providerName') if p_opt('login.mfa.providerName')
-  add_value(params, p('login.mfa.enabled'), 'login', 'mfa', 'enabled') if p_opt('login.mfa.enabled')
-
   if_p('login.oauth.providers') do |providers|
     providers.each do |idpAlias, provider|
       provider.each do |key,value|
diff --git a/spec/compare/all-properties-set-uaa.yml b/spec/compare/all-properties-set-uaa.yml
index ef8c5d95a3..0bbf08b73d 100644
--- a/spec/compare/all-properties-set-uaa.yml
+++ b/spec/compare/all-properties-set-uaa.yml
@@ -618,15 +618,6 @@ login:
     waZKhM1W0oB8MX78M+0fG3xGUtywTx0D4N7pr1Tk2GTgNw==
     -----END RSA PRIVATE KEY-----
   selfServiceLinksEnabled: false
-  mfa:
-    enabled: true
-    providerName: myExampleProvider
-    providers:
-      myExampleProvider:
-        type: google-authenticator
-        config:
-          providerDescription: test google authenticator
-          issuer: google
   oauth:
     providers:
       my-oauth-provider:
diff --git a/spec/compare/bosh-lite-uaa.yml b/spec/compare/bosh-lite-uaa.yml
index d4ea0c75b3..749bf2fe3b 100644
--- a/spec/compare/bosh-lite-uaa.yml
+++ b/spec/compare/bosh-lite-uaa.yml
@@ -259,9 +259,6 @@ logout:
       disable: false
 
 login:
-  mfa:
-    enabled: true
-    providerName: myExampleProvider
   url: https://login.bosh-lite.com
   selfServiceLinksEnabled: true
   defaultIdentityProvider: uaa
diff --git a/spec/input/all-properties-set.yml b/spec/input/all-properties-set.yml
index 4b9fb522d5..cad86e44ab 100644
--- a/spec/input/all-properties-set.yml
+++ b/spec/input/all-properties-set.yml
@@ -12,15 +12,6 @@ properties:
     https_proxy: http://test.ssl.proxy:8080
     no_proxy: localhost,127.0.0.0/8
   login:
-    mfa:
-      enabled: true
-      providerName: myExampleProvider
-      providers:
-        myExampleProvider:
-          type: google-authenticator
-          config:
-            providerDescription: test google authenticator
-            issuer: google
     asset_base_url: /resources/testing
     branding:
       company_name: company name
diff --git a/spec/input/bosh-lite.yml b/spec/input/bosh-lite.yml
index 28593ff4bc..3325dd0b7c 100644
--- a/spec/input/bosh-lite.yml
+++ b/spec/input/bosh-lite.yml
@@ -7,9 +7,6 @@ properties:
       passphrase: my-passphrase
   login:
     defaultIdentityProvider: uaa
-    mfa:
-      enabled: true
-      providerName: myExampleProvider
     brand: oss
     enabled: true
     links: