From 8c9c1d2b2aea58080c202930e0fcb88de8366e43 Mon Sep 17 00:00:00 2001 From: Violet Hynes Date: Mon, 29 Aug 2022 09:11:25 -0400 Subject: [PATCH] VAULT-6433: Add namespace path to MFA read/list endpoints (#16911) * VAULT-6433 Add namespace_path to MFA endpoints * VAULT-6433 add changelog * VAULT-6433 Return error in case of error * VAULT-6433 Make logic a bit more concise --- changelog/16911.txt | 3 +++ vault/external_tests/mfa/login_mfa_test.go | 8 ++++++++ vault/login_mfa.go | 10 ++++++++++ 3 files changed, 21 insertions(+) create mode 100644 changelog/16911.txt diff --git a/changelog/16911.txt b/changelog/16911.txt new file mode 100644 index 000000000..a451f690d --- /dev/null +++ b/changelog/16911.txt @@ -0,0 +1,3 @@ +```release-note:improvement +api/mfa: Add namespace path to the MFA read/list endpoint +``` diff --git a/vault/external_tests/mfa/login_mfa_test.go b/vault/external_tests/mfa/login_mfa_test.go index 8a2bdb5b2..0ae821f10 100644 --- a/vault/external_tests/mfa/login_mfa_test.go +++ b/vault/external_tests/mfa/login_mfa_test.go @@ -138,6 +138,14 @@ func TestLoginMFA_Method_CRUD(t *testing.T) { t.Fatal("expected response id to match existing method id but it didn't") } + if resp.Data["namespace_id"] != "root" { + t.Fatalf("namespace id was not root, it was %s", resp.Data["namespace_id"]) + } + + if resp.Data["namespace_path"] != "" { + t.Fatalf("namespace path was not empty, it was %s", resp.Data["namespace_path"]) + } + // listing should show it resp, err = client.Logical().List(myPath) if err != nil { diff --git a/vault/login_mfa.go b/vault/login_mfa.go index cf43eedf2..ba3cd2b8b 100644 --- a/vault/login_mfa.go +++ b/vault/login_mfa.go @@ -1361,6 +1361,11 @@ func (b *LoginMFABackend) mfaLoginEnforcementConfigByNameAndNamespace(name, name func (b *LoginMFABackend) mfaLoginEnforcementConfigToMap(eConfig *mfa.MFAEnforcementConfig) (map[string]interface{}, error) { resp := make(map[string]interface{}) resp["name"] = eConfig.Name + ns, err := b.namespacer.NamespaceByID(context.Background(), eConfig.NamespaceID) + if ns == nil || err != nil { + return nil, err + } + resp["namespace_path"] = ns.Path resp["namespace_id"] = eConfig.NamespaceID resp["mfa_method_ids"] = append([]string{}, eConfig.MFAMethodIDs...) resp["auth_method_accessors"] = append([]string{}, eConfig.AuthMethodAccessors...) @@ -1417,6 +1422,11 @@ func (b *MFABackend) mfaConfigToMap(mConfig *mfa.Config) (map[string]interface{} respData["id"] = mConfig.ID respData["name"] = mConfig.Name respData["namespace_id"] = mConfig.NamespaceID + ns, err := b.namespacer.NamespaceByID(context.Background(), mConfig.NamespaceID) + if ns == nil || err != nil { + return nil, err + } + respData["namespace_path"] = ns.Path return respData, nil }