From 3ccbddab0e0c27c2490f75e76f69974027082aeb Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alex.scheel@hashicorp.com>
Date: Mon, 19 Dec 2022 16:39:01 -0500
Subject: [PATCH] Add issuer reference info on JSON endpoint (#18482)

* Add issuer reference info on JSON endpoint

This endpoint is unauthenticated and shouldn't contain sensitive
information. However, listing the issuers (LIST /issuers) already
returns both the issuer ID and the issuer name (if any) so this
information is safe to return here.

When fetching /pki/issuer/default/json, it would be nice to know exactly
which issuer ID and name it corresponds to, without having to fetch the
authenticated endpoint as well.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---
 builtin/logical/pki/ca_test.go            | 8 ++++++++
 builtin/logical/pki/path_fetch_issuers.go | 2 ++
 changelog/18482.txt                       | 3 +++
 3 files changed, 13 insertions(+)
 create mode 100644 changelog/18482.txt

diff --git a/builtin/logical/pki/ca_test.go b/builtin/logical/pki/ca_test.go
index 2c3339711..9dc418c86 100644
--- a/builtin/logical/pki/ca_test.go
+++ b/builtin/logical/pki/ca_test.go
@@ -304,6 +304,14 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
 			if path == "issuer/default/json" {
 				// Preserves the new line.
 				expected += "\n"
+				_, present := resp.Data["issuer_id"]
+				if !present {
+					t.Fatalf("expected issuer/default/json to include issuer_id")
+				}
+				_, present = resp.Data["issuer_name"]
+				if !present {
+					t.Fatalf("expected issuer/default/json to include issuer_name")
+				}
 			}
 			if diff := deep.Equal(resp.Data["certificate"].(string), expected); diff != nil {
 				t.Fatal(diff)
diff --git a/builtin/logical/pki/path_fetch_issuers.go b/builtin/logical/pki/path_fetch_issuers.go
index 753058d2e..58a97305f 100644
--- a/builtin/logical/pki/path_fetch_issuers.go
+++ b/builtin/logical/pki/path_fetch_issuers.go
@@ -841,6 +841,8 @@ func (b *backend) pathGetRawIssuer(ctx context.Context, req *logical.Request, da
 			Data: map[string]interface{}{
 				"certificate": string(certificate),
 				"ca_chain":    issuer.CAChain,
+				"issuer_id":   issuer.ID,
+				"issuer_name": issuer.Name,
 			},
 		}, nil
 	}
diff --git a/changelog/18482.txt b/changelog/18482.txt
new file mode 100644
index 000000000..f51abb675
--- /dev/null
+++ b/changelog/18482.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+secrets/pki: Return issuer_id and issuer_name on /issuer/:issuer_ref/json endpoint.
+```