backport of commit dee7fd839e (#20527)

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
2025-10-30 02:02:43 +00:00 · 2023-05-05 09:39:51 -04:00
parent 6a2297e216
commit a27080bf73
5 changed files with 32 additions and 24 deletions
--- a/audit/format.go
+++ b/audit/format.go
@@ -143,9 +143,10 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config

 		for _, p := range auth.PolicyResults.GrantingPolicies {
 			reqEntry.Auth.PolicyResults.GrantingPolicies = append(reqEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{
-				Name:        p.Name,
-				NamespaceId: p.NamespaceId,
-				Type:        p.Type,
+				Name:          p.Name,
+				NamespaceId:   p.NamespaceId,
+				NamespacePath: p.NamespacePath,
+				Type:          p.Type,
 			})
 		}
 	}
@@ -352,9 +353,10 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config

 		for _, p := range auth.PolicyResults.GrantingPolicies {
 			respEntry.Auth.PolicyResults.GrantingPolicies = append(respEntry.Auth.PolicyResults.GrantingPolicies, PolicyInfo{
-				Name:        p.Name,
-				NamespaceId: p.NamespaceId,
-				Type:        p.Type,
+				Name:          p.Name,
+				NamespaceId:   p.NamespaceId,
+				NamespacePath: p.NamespacePath,
+				Type:          p.Type,
 			})
 		}
 	}
@@ -452,9 +454,10 @@ type AuditPolicyResults struct {
 }

 type PolicyInfo struct {
-	Name        string `json:"name,omitempty"`
-	NamespaceId string `json:"namespace_id,omitempty"`
-	Type        string `json:"type"`
+	Name          string `json:"name,omitempty"`
+	NamespaceId   string `json:"namespace_id,omitempty"`
+	NamespacePath string `json:"namespace_path,omitempty"`
+	Type          string `json:"type"`
 }

 type AuditSecret struct {
--- a/sdk/logical/auth.go
+++ b/sdk/logical/auth.go
@@ -123,7 +123,8 @@ type PolicyResults struct {
 }

 type PolicyInfo struct {
-	Name        string `json:"name"`
-	NamespaceId string `json:"namespace_id"`
-	Type        string `json:"type"`
+	Name          string `json:"name"`
+	NamespaceId   string `json:"namespace_id"`
+	NamespacePath string `json:"namespace_path"`
+	Type          string `json:"type"`
 }
--- a/vault/acl.go
+++ b/vault/acl.go
@@ -338,9 +338,10 @@ func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheck
 		ret.RootPrivs = true
 		ret.IsRoot = true
 		ret.GrantingPolicies = []logical.PolicyInfo{{
-			Name:        "root",
-			NamespaceId: "root",
-			Type:        "acl",
+			Name:          "root",
+			NamespaceId:   "root",
+			NamespacePath: "",
+			Type:          "acl",
 		}}
 		return
 	}
--- a/vault/acl_test.go
+++ b/vault/acl_test.go
@@ -871,14 +871,16 @@ func TestACLGrantingPolicies(t *testing.T) {
 	}

 	policyInfo := logical.PolicyInfo{
-		Name:        "granting_policy",
-		NamespaceId: "root",
-		Type:        "acl",
+		Name:          "granting_policy",
+		NamespaceId:   "root",
+		NamespacePath: "",
+		Type:          "acl",
 	}
 	mergedInfo := logical.PolicyInfo{
-		Name:        "granting_policy_merged",
-		NamespaceId: "root",
-		Type:        "acl",
+		Name:          "granting_policy_merged",
+		NamespaceId:   "root",
+		NamespacePath: "",
+		Type:          "acl",
 	}

 	tcases := []tcase{
--- a/vault/policy.go
+++ b/vault/policy.go
@@ -266,9 +266,10 @@ func addGrantingPoliciesToMap(m map[uint32][]logical.PolicyInfo, policy *Policy,
 		}

 		m[capability] = append(m[capability], logical.PolicyInfo{
-			Name:        policy.Name,
-			NamespaceId: policy.namespace.ID,
-			Type:        "acl",
+			Name:          policy.Name,
+			NamespaceId:   policy.namespace.ID,
+			NamespacePath: policy.namespace.Path,
+			Type:          "acl",
 		})
 	}