From 7b807a9bb03f23c7d3f31f321368a449cf40347d Mon Sep 17 00:00:00 2001 From: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com> Date: Thu, 4 May 2023 15:08:22 -0700 Subject: [PATCH] add ns path to granting_policies (#20522) --- audit/format.go | 21 ++++++++++++--------- sdk/logical/auth.go | 7 ++++--- vault/acl.go | 7 ++++--- vault/acl_test.go | 14 ++++++++------ vault/policy.go | 7 ++++--- 5 files changed, 32 insertions(+), 24 deletions(-) diff --git a/audit/format.go b/audit/format.go index 83bbbd77b..6f1e8fd09 100644 --- a/audit/format.go +++ b/audit/format.go @@ -150,9 +150,10 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config for _, p := range auth.PolicyResults.GrantingPolicies { reqEntry.Auth.PolicyResults.GrantingPolicies = append(reqEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{ - Name: p.Name, - NamespaceId: p.NamespaceId, - Type: p.Type, + Name: p.Name, + NamespaceId: p.NamespaceId, + NamespacePath: p.NamespacePath, + Type: p.Type, }) } } @@ -367,9 +368,10 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config for _, p := range auth.PolicyResults.GrantingPolicies { respEntry.Auth.PolicyResults.GrantingPolicies = append(respEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{ - Name: p.Name, - NamespaceId: p.NamespaceId, - Type: p.Type, + Name: p.Name, + NamespaceId: p.NamespaceId, + NamespacePath: p.NamespacePath, + Type: p.Type, }) } } @@ -475,9 +477,10 @@ type AuditPolicyResults struct { } type PolicyInfo struct { - Name string `json:"name,omitempty"` - NamespaceId string `json:"namespace_id,omitempty"` - Type string `json:"type"` + Name string `json:"name,omitempty"` + NamespaceId string `json:"namespace_id,omitempty"` + NamespacePath string `json:"namespace_path,omitempty"` + Type string `json:"type"` } type AuditSecret struct { diff --git a/sdk/logical/auth.go b/sdk/logical/auth.go index 951116ee4..83d9daca1 100644 --- a/sdk/logical/auth.go +++ b/sdk/logical/auth.go @@ -126,7 +126,8 @@ type PolicyResults struct { } type PolicyInfo struct { - Name string `json:"name"` - NamespaceId string `json:"namespace_id"` - Type string `json:"type"` + Name string `json:"name"` + NamespaceId string `json:"namespace_id"` + NamespacePath string `json:"namespace_path"` + Type string `json:"type"` } diff --git a/vault/acl.go b/vault/acl.go index 44c82dd1d..87685ba6d 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -341,9 +341,10 @@ func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheck ret.RootPrivs = true ret.IsRoot = true ret.GrantingPolicies = []logical.PolicyInfo{{ - Name: "root", - NamespaceId: "root", - Type: "acl", + Name: "root", + NamespaceId: "root", + NamespacePath: "", + Type: "acl", }} return } diff --git a/vault/acl_test.go b/vault/acl_test.go index 154d26d63..bf61f0501 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -874,14 +874,16 @@ func TestACLGrantingPolicies(t *testing.T) { } policyInfo := logical.PolicyInfo{ - Name: "granting_policy", - NamespaceId: "root", - Type: "acl", + Name: "granting_policy", + NamespaceId: "root", + NamespacePath: "", + Type: "acl", } mergedInfo := logical.PolicyInfo{ - Name: "granting_policy_merged", - NamespaceId: "root", - Type: "acl", + Name: "granting_policy_merged", + NamespaceId: "root", + NamespacePath: "", + Type: "acl", } tcases := []tcase{ diff --git a/vault/policy.go b/vault/policy.go index f757ab075..86e7905c7 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -269,9 +269,10 @@ func addGrantingPoliciesToMap(m map[uint32][]logical.PolicyInfo, policy *Policy, } m[capability] = append(m[capability], logical.PolicyInfo{ - Name: policy.Name, - NamespaceId: policy.namespace.ID, - Type: "acl", + Name: policy.Name, + NamespaceId: policy.namespace.ID, + NamespacePath: policy.namespace.Path, + Type: "acl", }) }