VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted (#15552)

* VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted

* VAULT-6131 add changelog

* VAULT-6131 Update changelog and fix related bug
This commit is contained in:
Violet Hynes 2022-05-31 11:25:27 -04:00 committed by GitHub
parent c9a0fdb4ff
commit 4aac96238c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 4 deletions

6
changelog/15552.txt Normal file
View File

@ -0,0 +1,6 @@
```release-note:bug
openapi: Fixed issue where information about /auth/token endpoints was not present with explicit policy permissions
```
```release-note:bug
api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P<path>.+) endpoints where it was not properly handling /auth/
```

View File

@ -3734,8 +3734,12 @@ func (b *SystemBackend) pathInternalUIMountsRead(ctx context.Context, req *logic
}
if isAuthed {
if me.Table == "auth" {
return hasMountAccess(ctx, acl, me.Namespace().Path+me.Table+"/"+me.Path)
} else {
return hasMountAccess(ctx, acl, me.Namespace().Path+me.Path)
}
}
return false
}
@ -3844,10 +3848,18 @@ func (b *SystemBackend) pathInternalUIMountRead(ctx context.Context, req *logica
}
resp.Data["path"] = me.Path
fullMountPath := ns.Path + me.Path
pathWithTable := ""
if me.Table == "auth" {
pathWithTable = me.Table + "/" + me.Path
} else {
pathWithTable = me.Path
}
fullMountPath := ns.Path + pathWithTable
if ns.ID != me.Namespace().ID {
resp.Data["path"] = me.Namespace().Path + me.Path
fullMountPath = ns.Path + me.Namespace().Path + me.Path
resp.Data["path"] = me.Namespace().Path + pathWithTable
fullMountPath = ns.Path + me.Namespace().Path + pathWithTable
}
if !hasMountAccess(ctx, acl, fullMountPath) {