Remove MFA class (#1056)

* update mfa unit tests * remove Mfa class and update references * update legacy MFA docs link * update LegacyMfa class references * rename page filename * more docs updates * unit test class name update * update auth references in tests * lint * add tests for message generation utils * add tests for comma_delimited_to_list * add tests for get_token_from_env * add tests for validate_list_of_strings_param * fix validate_list_of_strings_param return docs * add tests for getattr_with_deprecated_properties * fix docstring for getattr_with_deprecated_properties * remove deprecated direct mfa client property * fix deprecated_function incorrect conditional * add tests for deprecated_method decorator * lint
hvac · Sep 20, 2023 · fa6eb1d · fa6eb1d
1 parent 61d1aa9
commit fa6eb1d
Show file tree

Hide file tree

Showing 10 changed files with 360 additions and 266 deletions.
diff --git a/docs/usage/auth_methods/index.rst b/docs/usage/auth_methods/index.rst
@@ -12,7 +12,7 @@ Auth Methods
    jwt-oidc
    kubernetes
    ldap
-   mfa
+   legacymfa
    okta
    token
    userpass

diff --git a/docs/usage/auth_methods/mfa.rst → docs/usage/auth_methods/legacymfa.rst b/docs/usage/auth_methods/mfa.rst → docs/usage/auth_methods/legacymfa.rst
@@ -1,15 +1,15 @@
-MFA
-===
+Legacy MFA
+==========
 
-Configure MFA Auth Method Settings
------------------------------------
+Configure Legacy MFA Auth Method Settings
+-----------------------------------------
 
-:py:meth:`hvac.api.auth_methods.Mfa.configure`
+:py:meth:`hvac.api.auth_methods.LegacyMfa.configure`
 
 .. note::
-	The legacy/unsupported MFA auth method covered by this class's configuration API route only supports integration with a subset of Vault auth methods. See the list of supported auth methods in this module's :py:attr:`"SUPPORTED_AUTH_METHODS" attribute<hvac.api.auth_methods.mfa.SUPPORTED_AUTH_METHODS>` and/or the associated `Vault MFA documentation`_ for additional information.
+	The legacy/unsupported MFA auth method covered by this class's configuration API route only supports integration with a subset of Vault auth methods. See the list of supported auth methods in this module's :py:attr:`"SUPPORTED_AUTH_METHODS" attribute<hvac.api.auth_methods.LegacyMfa.SUPPORTED_AUTH_METHODS>` and/or the associated `Vault LegacyMFA documentation`_ for additional information.
 
-.. _Vault MFA documentation: https://www.vaultproject.io/docs/auth/mfa.html
+.. _Vault LegacyMFA documentation: https://developer.hashicorp.com/vault/docs/v1.10.x/auth/mfa
 
 .. code:: python
 
@@ -27,29 +27,29 @@ Configure MFA Auth Method Settings
             path=userpass_auth_path,
         )
 
-    client.auth.mfa.configure(
+    client.auth.legacymfa.configure(
         mount_point=userpass_auth_path,
     )
 
-Reading the MFA Auth Method Configuration
------------------------------------------
+Reading the Legacy MFA Auth Method Configuration
+------------------------------------------------
 
-:py:meth:`hvac.api.auth_methods.Mfa.read_configuration`
+:py:meth:`hvac.api.auth_methods.LegacyMfa.read_configuration`
 
 .. code:: python
 
     import hvac
     client = hvac.Client()
 
-    mfa_configuration = client.auth.mfa.read_configuration()
-    print('The MFA auth method is configured with a MFA type of: {mfa_type}'.format(
+    mfa_configuration = client.auth.legacymfa.read_configuration()
+    print('The LegacyMFA auth method is configured with a MFA type of: {mfa_type}'.format(
         mfa_type=mfa_configuration['data']['type']
     )
 
-Configure Duo MFA Type Access Credentials
------------------------------------------
+Configure Duo LegacyMFA Type Access Credentials
+-----------------------------------------------
 
-:py:meth:`hvac.api.auth_methods.Mfa.configure_duo_access`
+:py:meth:`hvac.api.auth_methods.LegacyMfa.configure_duo_access`
 
 .. code:: python
 
@@ -61,43 +61,43 @@ Configure Duo MFA Type Access Credentials
     secret_key_prompt = 'Please enter the Duo access secret key to configure: '
     duo_access_secret_key = getpass(prompt=secret_key_prompt)
 
-    client.auth.mfa.configure_duo_access(
+    client.auth.legacymfa.configure_duo_access(
         mount_point=userpass_auth_path,
         host='api-1234abcd.duosecurity.com',
         integration_key='SOME_DUO_IKEY',
         secret_key=duo_access_secret_key,
     )
 
-Configure Duo MFA Type Behavior
--------------------------------
+Configure Duo Legacy MFA Type Behavior
+--------------------------------------
 
-:py:meth:`hvac.api.auth_methods.Mfa.configure_duo_behavior`
+:py:meth:`hvac.api.auth_methods.LegacyMfa.configure_duo_behavior`
 
 .. code:: python
 
     import hvac
     client = hvac.Client()
 
-    client.auth.mfa.configure_duo_behavior(
+    client.auth.legacymfa.configure_duo_behavior(
         mount_point=userpass_auth_path,
         username_format='%s@hvac.network',
     )
 
 
-Read Duo MFA Type Behavior
---------------------------
+Read Duo Legacy MFA Type Behavior
+---------------------------------
 
-:py:meth:`hvac.api.auth_methods.Mfa.read_duo_behavior_configuration`
+:py:meth:`hvac.api.auth_methods.LegacyMfa.read_duo_behavior_configuration`
 
 .. code:: python
 
     import hvac
     client = hvac.Client()
 
-    duo_behavior_config = client.auth.mfa.read_duo_behavior_configuration(
+    duo_behavior_config = client.auth.legacymfa.read_duo_behavior_configuration(
         mount_point=userpass_auth_path,
     )
-    print('The Duo MFA behvaior is configured with a username_format of: {username_format}'.format(
+    print('The Duo LegacyMFA behavior is configured with a username_format of: {username_format}'.format(
         username_format=duo_behavior_config['data']['username_format'],
     )
 
@@ -119,7 +119,7 @@ Authentication / Login
     client = hvac.Client()
 
     # Here the mount_point parameter corresponds to the path provided when enabling the backend
-    client.auth.mfa.auth_userpass(
+    client.auth.legacymfa.auth_userpass(
         username=login_username,
         password=login_password,
         mount_point=userpass_auth_path,

diff --git a/hvac/api/auth_methods/__init__.py b/hvac/api/auth_methods/__init__.py
@@ -10,7 +10,7 @@
 from hvac.api.auth_methods.kubernetes import Kubernetes
 from hvac.api.auth_methods.ldap import Ldap
 from hvac.api.auth_methods.userpass import Userpass
-from hvac.api.auth_methods.mfa import Mfa
+from hvac.api.auth_methods.legacy_mfa import LegacyMfa
 from hvac.api.auth_methods.oidc import OIDC
 from hvac.api.auth_methods.okta import Okta
 from hvac.api.auth_methods.radius import Radius
@@ -30,7 +30,7 @@
     "Kubernetes",
     "Ldap",
     "Userpass",
-    "Mfa",
+    "LegacyMfa",
     "OIDC",
     "Okta",
     "Radius",
@@ -52,7 +52,7 @@ class AuthMethods(VaultApiCategory):
         Kubernetes,
         Ldap,
         Userpass,
-        Mfa,
+        LegacyMfa,
         OIDC,
         Okta,
         Radius,
@@ -63,6 +63,7 @@ class AuthMethods(VaultApiCategory):
     unimplemented_classes = [
         "AppId",
         "AliCloud",
+        "Mfa",
     ]
 
     def __call__(self, *args, **kwargs):

diff --git a/hvac/api/auth_methods/legacy_mfa.py b/hvac/api/auth_methods/legacy_mfa.py
@@ -16,7 +16,7 @@ class LegacyMfa(VaultApiBase):
         This class's methods correspond to a legacy / unsupported set of Vault API routes. Please see the reference link
         for additional context.
 
-    Reference: https://www.vaultproject.io/docs/auth/mfa.html
+    Reference: https://developer.hashicorp.com/vault/docs/v1.10.x/auth/mfa
     """
 
     def configure(self, mount_point, mfa_type="duo", force=False):

diff --git a/hvac/api/auth_methods/mfa.py b/hvac/api/auth_methods/mfa.py
diff --git a/hvac/constants/client.py b/hvac/constants/client.py
@@ -12,10 +12,6 @@
         to_be_removed_in_version="0.9.0",
         client_property="auth",
     ),
-    "mfa": dict(
-        to_be_removed_in_version="0.9.0",
-        client_property="auth",
-    ),
     "kv": dict(
         to_be_removed_in_version="0.9.0",
         client_property="secrets",