VAULT-6433: Add namespace path to MFA read/list endpoints (#16911)

* VAULT-6433 Add namespace_path to MFA endpoints

* VAULT-6433 add changelog

* VAULT-6433 Return error in case of error

* VAULT-6433 Make logic a bit more concise

changelog/16911.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+api/mfa: Add namespace path to the MFA read/list endpoint
+```

vault/external_tests/mfa/login_mfa_test.go

@@ -138,6 +138,14 @@ func TestLoginMFA_Method_CRUD(t *testing.T) {
 				t.Fatal("expected response id to match existing method id but it didn't")
 			}
 
+			if resp.Data["namespace_id"] != "root" {
+				t.Fatalf("namespace id was not root, it was %s", resp.Data["namespace_id"])
+			}
+
+			if resp.Data["namespace_path"] != "" {
+				t.Fatalf("namespace path was not empty, it was %s", resp.Data["namespace_path"])
+			}
+
 			// listing should show it
 			resp, err = client.Logical().List(myPath)
 			if err != nil {

vault/login_mfa.go

@@ -1361,6 +1361,11 @@ func (b *LoginMFABackend) mfaLoginEnforcementConfigByNameAndNamespace(name, name
 func (b *LoginMFABackend) mfaLoginEnforcementConfigToMap(eConfig *mfa.MFAEnforcementConfig) (map[string]interface{}, error) {
 	resp := make(map[string]interface{})
 	resp["name"] = eConfig.Name
+	ns, err := b.namespacer.NamespaceByID(context.Background(), eConfig.NamespaceID)
+	if ns == nil || err != nil {
+		return nil, err
+	}
+	resp["namespace_path"] = ns.Path
 	resp["namespace_id"] = eConfig.NamespaceID
 	resp["mfa_method_ids"] = append([]string{}, eConfig.MFAMethodIDs...)
 	resp["auth_method_accessors"] = append([]string{}, eConfig.AuthMethodAccessors...)
@@ -1417,6 +1422,11 @@ func (b *MFABackend) mfaConfigToMap(mConfig *mfa.Config) (map[string]interface{}
 	respData["id"] = mConfig.ID
 	respData["name"] = mConfig.Name
 	respData["namespace_id"] = mConfig.NamespaceID
+	ns, err := b.namespacer.NamespaceByID(context.Background(), mConfig.NamespaceID)
+	if ns == nil || err != nil {
+		return nil, err
+	}
+	respData["namespace_path"] = ns.Path
 
 	return respData, nil
 }