From cd714331fe8b0e07a3717146587659c1a07094ae Mon Sep 17 00:00:00 2001
From: joerger <bjoerger@goteleport.com>
Date: Thu, 3 Oct 2024 14:01:11 -0700
Subject: [PATCH] Add fileconf and warning logs.

---
 api/types/authentication.go |  6 ++++++
 lib/config/fileconf.go      | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/api/types/authentication.go b/api/types/authentication.go
index 58f06a67fe50a..e33cd1ecfb805 100644
--- a/api/types/authentication.go
+++ b/api/types/authentication.go
@@ -1217,6 +1217,12 @@ const (
 	SecondFactorTypeSSOString = "sso"
 )
 
+// ToString returns the user friendly string representation of the second factor type.
+func (s *SecondFactorType) ToString() string {
+	str, _ := s.encode()
+	return str
+}
+
 func (s *SecondFactorType) encode() (string, error) {
 	switch *s {
 	case SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED:
diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go
index def6277f8e4ad..fc877e6eac04f 100644
--- a/lib/config/fileconf.go
+++ b/lib/config/fileconf.go
@@ -1000,6 +1000,7 @@ func (t StaticToken) Parse() ([]types.ProvisionTokenV1, error) {
 type AuthenticationConfig struct {
 	Type           string                     `yaml:"type"`
 	SecondFactor   constants.SecondFactorType `yaml:"second_factor,omitempty"`
+	SecondFactors  []types.SecondFactorType   `yaml:"second_factors,omitempty"`
 	ConnectorName  string                     `yaml:"connector_name,omitempty"`
 	U2F            *UniversalSecondFactor     `yaml:"u2f,omitempty"`
 	Webauthn       *Webauthn                  `yaml:"webauthn,omitempty"`
@@ -1084,9 +1085,28 @@ func (a *AuthenticationConfig) Parse() (types.AuthPreference, error) {
 		}
 	}
 
+	if a.SecondFactor != "" {
+		secondFactors := types.SecondFactorsFromLegacySecondFactor(a.SecondFactor, w != nil || u != nil)
+		var secondFactorStrings []string
+		for _, sf := range secondFactors {
+			secondFactorStrings = append(secondFactorStrings, sf.ToString())
+		}
+
+		log.Warnf(``+
+			`The "second_factor" setting is marked for removal in favor of second_factors. `+
+			`Please update your configuration to use second_factors. e.g. "second_factors: %v".`, secondFactorStrings)
+
+		if a.SecondFactors != nil {
+			log.Warnf(`` +
+				`second_factor and second_factors are both set. second_factors will take precedence. ` +
+				`second_factor should be unset to remove this warning.`)
+		}
+	}
+
 	return types.NewAuthPreferenceFromConfigFile(types.AuthPreferenceSpecV2{
 		Type:                    a.Type,
 		SecondFactor:            a.SecondFactor,
+		SecondFactors:           a.SecondFactors,
 		ConnectorName:           a.ConnectorName,
 		U2F:                     u,
 		Webauthn:                w,