fix: find the chosen okta mfa option in the mfaOptions

[russell]

find the index of the a duoMfaOption by looking in the duoMfaOptions.

the duoMfaOptions is dynamically created, so it could have any number of items, the reason that using the interactively selected mechanism works is that it's choosing based on the list of duoMfaOptions options rather than hardcoded ids. This change does something similar, but searches through duoMfaOptions to find the option passed at the CLI, if the item is missing, then an error will be emitted.

for example if I don't have passcode enabled and if i try to force that option

$ ./saml2aws login --session-duration=43200 --mfa='DUO' --duo-mfa-option='Passcode' --skip-prompt --force --role='arn:aws:iam::183823948234:role/okta/team'
Using IdP Account default to access Okta https://foobar.okta.com/app/amazon_aws/aoeusnthoaenuth/sso/saml
Authenticating as [email protected] ...
Error authenticating to IdP.: error verifying MFA: error unsupported MFA option 'Passcode'

fixes #1079 #1061

[codecov-commenter]

Codecov Report

Merging #1133 (eb8dc09) into master (391a961) will increase coverage by 1.81%.
The diff coverage is 66.66%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

@@            Coverage Diff             @@
##           master    #1133      +/-   ##
==========================================
+ Coverage   37.19%   39.00%   +1.81%     
==========================================
  Files          53       53              
  Lines        7959     7963       +4     
==========================================
+ Hits         2960     3106     +146     
+ Misses       4619     4442     -177     
- Partials      380      415      +35     

Flag	Coverage Δ
unittests	39.00% <66.66%> (+1.81%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
pkg/provider/okta/okta.go	38.14% <66.66%> (+11.61%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[mapkon]

Hey - do you mind adding tests to this? This is going to push the coverage down and make the build to fail

[russell]

Sure! here is a test. Can you give me some feedback about the fixtures, i haven't trimmed them down to only the fields that are referenced in the okta.go calls, if you like i can do that. I left them with more information rather than less in the hope that future readers would be able to improve the logic without needing access to fresh raw responses from duo. But each to their own, would you like them trimmed?

[mapkon]

Sure! here is a test. Can you give me some feedback about the fixtures, i haven't trimmed them down to only the fields that are referenced in the okta.go calls, if you like i can do that. I left them with more information rather than less in the hope that future readers would be able to improve the logic without needing access to fresh raw responses from duo. But each to their own, would you like them trimmed?

I personally think we should trim them down so that the test is focused on what it is testing. The extra context can be confusing.

@gliptak thoughts?

[russell]

I personally think we should trim them down so that the test is focused on what it is testing. The extra context can be confusing.

i'm cool with doing that, i'll update the PR later today. I'm a bit on the fence personally so it's not a big deal

[russell]

ok, this is ready for review again, I have extended the test suite to assert all the server request's and trimmed down the fixtures

[mapkon]

@russell This has been released