Backport of [VAULT-14649] Add ns path to granting_policies into release/1.13.x

audit/format.go

@@ -143,9 +143,10 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config
 
 		for _, p := range auth.PolicyResults.GrantingPolicies {
 			reqEntry.Auth.PolicyResults.GrantingPolicies = append(reqEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{
-				Name:        p.Name,
-				NamespaceId: p.NamespaceId,
-				Type:        p.Type,
+				Name:          p.Name,
+				NamespaceId:   p.NamespaceId,
+				NamespacePath: p.NamespacePath,
+				Type:          p.Type,
 			})
 		}
 	}
@@ -352,9 +353,10 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
 
 		for _, p := range auth.PolicyResults.GrantingPolicies {
 			respEntry.Auth.PolicyResults.GrantingPolicies = append(respEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{
-				Name:        p.Name,
-				NamespaceId: p.NamespaceId,
-				Type:        p.Type,
+				Name:          p.Name,
+				NamespaceId:   p.NamespaceId,
+				NamespacePath: p.NamespacePath,
+				Type:          p.Type,
 			})
 		}
 	}
@@ -452,9 +454,10 @@ type AuditPolicyResults struct {
 }
 
 type PolicyInfo struct {
-	Name        string `json:"name,omitempty"`
-	NamespaceId string `json:"namespace_id,omitempty"`
-	Type        string `json:"type"`
+	Name          string `json:"name,omitempty"`
+	NamespaceId   string `json:"namespace_id,omitempty"`
+	NamespacePath string `json:"namespace_path,omitempty"`
+	Type          string `json:"type"`
 }
 
 type AuditSecret struct {

sdk/logical/auth.go

@@ -123,7 +123,8 @@ type PolicyResults struct {
 }
 
 type PolicyInfo struct {
-	Name        string `json:"name"`
-	NamespaceId string `json:"namespace_id"`
-	Type        string `json:"type"`
+	Name          string `json:"name"`
+	NamespaceId   string `json:"namespace_id"`
+	NamespacePath string `json:"namespace_path"`
+	Type          string `json:"type"`
 }

vault/acl.go

@@ -338,9 +338,10 @@ func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheck
 		ret.RootPrivs = true
 		ret.IsRoot = true
 		ret.GrantingPolicies = []logical.PolicyInfo{{
-			Name:        "root",
-			NamespaceId: "root",
-			Type:        "acl",
+			Name:          "root",
+			NamespaceId:   "root",
+			NamespacePath: "",
+			Type:          "acl",
 		}}
 		return
 	}

vault/acl_test.go

@@ -871,14 +871,16 @@ func TestACLGrantingPolicies(t *testing.T) {
 	}
 
 	policyInfo := logical.PolicyInfo{
-		Name:        "granting_policy",
-		NamespaceId: "root",
-		Type:        "acl",
+		Name:          "granting_policy",
+		NamespaceId:   "root",
+		NamespacePath: "",
+		Type:          "acl",
 	}
 	mergedInfo := logical.PolicyInfo{
-		Name:        "granting_policy_merged",
-		NamespaceId: "root",
-		Type:        "acl",
+		Name:          "granting_policy_merged",
+		NamespaceId:   "root",
+		NamespacePath: "",
+		Type:          "acl",
 	}
 
 	tcases := []tcase{

vault/policy.go

@@ -266,9 +266,10 @@ func addGrantingPoliciesToMap(m map[uint32][]logical.PolicyInfo, policy *Policy,
 		}
 
 		m[capability] = append(m[capability], logical.PolicyInfo{
-			Name:        policy.Name,
-			NamespaceId: policy.namespace.ID,
-			Type:        "acl",
+			Name:          policy.Name,
+			NamespaceId:   policy.namespace.ID,
+			NamespacePath: policy.namespace.Path,
+			Type:          "acl",
 		})
 	}