From a27080bf73c6c2a6ea2e4e5ffa7d92df40a5b618 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Fri, 5 May 2023 09:39:51 -0400 Subject: [PATCH] backport of commit dee7fd839e5db8956d7c08495d8bd96feb062ac8 (#20527) Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com> --- audit/format.go | 21 ++++++++++++--------- sdk/logical/auth.go | 7 ++++--- vault/acl.go | 7 ++++--- vault/acl_test.go | 14 ++++++++------ vault/policy.go | 7 ++++--- 5 files changed, 32 insertions(+), 24 deletions(-) diff --git a/audit/format.go b/audit/format.go index 13a1c3c7aa40..c8b43d52be66 100644 --- a/audit/format.go +++ b/audit/format.go @@ -143,9 +143,10 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config for _, p := range auth.PolicyResults.GrantingPolicies { reqEntry.Auth.PolicyResults.GrantingPolicies = append(reqEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{ - Name: p.Name, - NamespaceId: p.NamespaceId, - Type: p.Type, + Name: p.Name, + NamespaceId: p.NamespaceId, + NamespacePath: p.NamespacePath, + Type: p.Type, }) } } @@ -352,9 +353,10 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config for _, p := range auth.PolicyResults.GrantingPolicies { respEntry.Auth.PolicyResults.GrantingPolicies = append(respEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{ - Name: p.Name, - NamespaceId: p.NamespaceId, - Type: p.Type, + Name: p.Name, + NamespaceId: p.NamespaceId, + NamespacePath: p.NamespacePath, + Type: p.Type, }) } } @@ -452,9 +454,10 @@ type AuditPolicyResults struct { } type PolicyInfo struct { - Name string `json:"name,omitempty"` - NamespaceId string `json:"namespace_id,omitempty"` - Type string `json:"type"` + Name string `json:"name,omitempty"` + NamespaceId string `json:"namespace_id,omitempty"` + NamespacePath string `json:"namespace_path,omitempty"` + Type string `json:"type"` } type AuditSecret struct { diff --git a/sdk/logical/auth.go b/sdk/logical/auth.go index 62707e81959a..51de20345fdd 100644 --- a/sdk/logical/auth.go +++ b/sdk/logical/auth.go @@ -123,7 +123,8 @@ type PolicyResults struct { } type PolicyInfo struct { - Name string `json:"name"` - NamespaceId string `json:"namespace_id"` - Type string `json:"type"` + Name string `json:"name"` + NamespaceId string `json:"namespace_id"` + NamespacePath string `json:"namespace_path"` + Type string `json:"type"` } diff --git a/vault/acl.go b/vault/acl.go index 3a3f99a4c6ae..319ad2a20f5f 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -338,9 +338,10 @@ func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheck ret.RootPrivs = true ret.IsRoot = true ret.GrantingPolicies = []logical.PolicyInfo{{ - Name: "root", - NamespaceId: "root", - Type: "acl", + Name: "root", + NamespaceId: "root", + NamespacePath: "", + Type: "acl", }} return } diff --git a/vault/acl_test.go b/vault/acl_test.go index 5e621684bc9b..2466a1bd9aca 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -871,14 +871,16 @@ func TestACLGrantingPolicies(t *testing.T) { } policyInfo := logical.PolicyInfo{ - Name: "granting_policy", - NamespaceId: "root", - Type: "acl", + Name: "granting_policy", + NamespaceId: "root", + NamespacePath: "", + Type: "acl", } mergedInfo := logical.PolicyInfo{ - Name: "granting_policy_merged", - NamespaceId: "root", - Type: "acl", + Name: "granting_policy_merged", + NamespaceId: "root", + NamespacePath: "", + Type: "acl", } tcases := []tcase{ diff --git a/vault/policy.go b/vault/policy.go index bdd93bffb7ab..7d2b5c88bc78 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -266,9 +266,10 @@ func addGrantingPoliciesToMap(m map[uint32][]logical.PolicyInfo, policy *Policy, } m[capability] = append(m[capability], logical.PolicyInfo{ - Name: policy.Name, - NamespaceId: policy.namespace.ID, - Type: "acl", + Name: policy.Name, + NamespaceId: policy.namespace.ID, + NamespacePath: policy.namespace.Path, + Type: "acl", }) }