diff --git a/changelog/16911.txt b/changelog/16911.txt new file mode 100644 index 000000000..a451f690d --- /dev/null +++ b/changelog/16911.txt @@ -0,0 +1,3 @@ +```release-note:improvement +api/mfa: Add namespace path to the MFA read/list endpoint +``` diff --git a/vault/external_tests/mfa/login_mfa_test.go b/vault/external_tests/mfa/login_mfa_test.go index 8a2bdb5b2..0ae821f10 100644 --- a/vault/external_tests/mfa/login_mfa_test.go +++ b/vault/external_tests/mfa/login_mfa_test.go @@ -138,6 +138,14 @@ func TestLoginMFA_Method_CRUD(t *testing.T) { t.Fatal("expected response id to match existing method id but it didn't") } + if resp.Data["namespace_id"] != "root" { + t.Fatalf("namespace id was not root, it was %s", resp.Data["namespace_id"]) + } + + if resp.Data["namespace_path"] != "" { + t.Fatalf("namespace path was not empty, it was %s", resp.Data["namespace_path"]) + } + // listing should show it resp, err = client.Logical().List(myPath) if err != nil { diff --git a/vault/login_mfa.go b/vault/login_mfa.go index cf43eedf2..ba3cd2b8b 100644 --- a/vault/login_mfa.go +++ b/vault/login_mfa.go @@ -1361,6 +1361,11 @@ func (b *LoginMFABackend) mfaLoginEnforcementConfigByNameAndNamespace(name, name func (b *LoginMFABackend) mfaLoginEnforcementConfigToMap(eConfig *mfa.MFAEnforcementConfig) (map[string]interface{}, error) { resp := make(map[string]interface{}) resp["name"] = eConfig.Name + ns, err := b.namespacer.NamespaceByID(context.Background(), eConfig.NamespaceID) + if ns == nil || err != nil { + return nil, err + } + resp["namespace_path"] = ns.Path resp["namespace_id"] = eConfig.NamespaceID resp["mfa_method_ids"] = append([]string{}, eConfig.MFAMethodIDs...) resp["auth_method_accessors"] = append([]string{}, eConfig.AuthMethodAccessors...) @@ -1417,6 +1422,11 @@ func (b *MFABackend) mfaConfigToMap(mConfig *mfa.Config) (map[string]interface{} respData["id"] = mConfig.ID respData["name"] = mConfig.Name respData["namespace_id"] = mConfig.NamespaceID + ns, err := b.namespacer.NamespaceByID(context.Background(), mConfig.NamespaceID) + if ns == nil || err != nil { + return nil, err + } + respData["namespace_path"] = ns.Path return respData, nil }