Support 2FA
joshuaspence opened this issue · 7 comments
I enabled 2FA on my Ubiquiti account, assuming that it wouldn't affect local access but it does. The Terraform proviider fails without the 2FA token, and I don't think there's currently any way to provide this. /api/login fails with the following response:
HTTP/1.1 400
Connection: close
Content-Length: 70
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Content-Type: application/json;charset=UTF-8
Date: Sat, 27 Mar 2021 23:21:06 GMT
Vary: Origin
X-Frame-Options: DENY
{
"meta": {
"rc": "error",
"msg": "api.err.Ubic2faTokenRequired"
},
"data": []
}
FWIW I created a separate local admin user just for Terraform's purpose so that I don't have to use my personal info for that login.
Current Terraform and the Provider SDK do not support interactive authentication very easily (see hashicorp/terraform-plugin-sdk#238).
I've seen people hack this in various ways, but probably best to just wait for something upstream for official support if/when it happens.
Agreed on waiting for upstream support. Do you know if it's possible to create a local only account? If so, the separate admin user seems like a good idea. In any case, maybe worth adding something to the docs?
Yeah I believe so, I should write this up, this is what it looked like in my controller UI:
Thanks for the tip. In v6 there is no "Local Access Only" option but I was able to create an admin user without an email address.
Weird, I'm definitely on v6 (6.0.43). I clicked Users just from the home page of the controller (https://192.168.1.1/users/ in my case). Anyway, glad you got it worked out. I'll leave this open to at least track it and keep an eye on the upstream.
Weird, /users/ 404s for me. I went through Settings > Admins (/manage/site/default/settings/admins/list). I'm on 6.0.45.