pipelines:promote does not prompt for 2FA when necessary

[msakrejda]

When promoting to a paranoid app, I don't get prompted for 2FA entry:

maciek@mothra:~/code/herokudata$ h pipelines:promote -a herokudata-staging
Fetching app info... done
Fetching apps from herokudata... done
Starting promotion to production... done
Waiting for promotion to complete... done
 ▸    
 ▸    Promotion to some apps failed
herokudata: failed
            A second authentication factor or pre-authorization is required for this request. Your account has either two-factor or a YubiKey registered.

If I preauth this works fine, but is it possible to have pipelines handle this transparently if the app being promoted to requires 2FA for deploy?

[gudmundur]

@uhoh-itsmaciek we are aware of this issue, and will be solving it in the near future. We've been blocked on adding support for this due to the inability to detect paranoid applications without attempting API calls with side effects, i.e. creating a release. The problem there is that those API calls happen out of band to the request creating the promotion. Late last week we gained the capability to make that check.

[msakrejda]

Late last week we gained the capability to make that check.

Ooh, can you tell me more? This is of interest to me for other reasons.

[appleton]

@uhoh-itsmaciek This was added in a PR to API's capabilities endpoint.

[msakrejda]

Sweet, thanks.