VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted (#15552)
* VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted * VAULT-6131 add changelog * VAULT-6131 Update changelog and fix related bug
This commit is contained in:
parent
c9a0fdb4ff
commit
4aac96238c
|
@ -0,0 +1,6 @@
|
|||
```release-note:bug
|
||||
openapi: Fixed issue where information about /auth/token endpoints was not present with explicit policy permissions
|
||||
```
|
||||
```release-note:bug
|
||||
api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P<path>.+) endpoints where it was not properly handling /auth/
|
||||
```
|
|
@ -3734,8 +3734,12 @@ func (b *SystemBackend) pathInternalUIMountsRead(ctx context.Context, req *logic
|
|||
}
|
||||
|
||||
if isAuthed {
|
||||
if me.Table == "auth" {
|
||||
return hasMountAccess(ctx, acl, me.Namespace().Path+me.Table+"/"+me.Path)
|
||||
} else {
|
||||
return hasMountAccess(ctx, acl, me.Namespace().Path+me.Path)
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
@ -3844,10 +3848,18 @@ func (b *SystemBackend) pathInternalUIMountRead(ctx context.Context, req *logica
|
|||
}
|
||||
resp.Data["path"] = me.Path
|
||||
|
||||
fullMountPath := ns.Path + me.Path
|
||||
pathWithTable := ""
|
||||
|
||||
if me.Table == "auth" {
|
||||
pathWithTable = me.Table + "/" + me.Path
|
||||
} else {
|
||||
pathWithTable = me.Path
|
||||
}
|
||||
|
||||
fullMountPath := ns.Path + pathWithTable
|
||||
if ns.ID != me.Namespace().ID {
|
||||
resp.Data["path"] = me.Namespace().Path + me.Path
|
||||
fullMountPath = ns.Path + me.Namespace().Path + me.Path
|
||||
resp.Data["path"] = me.Namespace().Path + pathWithTable
|
||||
fullMountPath = ns.Path + me.Namespace().Path + pathWithTable
|
||||
}
|
||||
|
||||
if !hasMountAccess(ctx, acl, fullMountPath) {
|
||||
|
|
Loading…
Reference in New Issue