The big one (#5346)

logical/request.go

@@ -51,6 +51,8 @@ func (r *RequestWrapInfo) SentinelKeys() []string {
 // by the router after policy checks; the token namespace would be the right
 // place to access them via Sentinel
 type Request struct {
+	entReq
+
 	// Id is the uuid associated with each request
 	ID string `json:"id" structs:"id" mapstructure:"id" sentinel:""`
 
@@ -140,6 +142,10 @@ type Request struct {
 	// accessible.
 	Unauthenticated bool `json:"unauthenticated" structs:"unauthenticated" mapstructure:"unauthenticated"`
 
+	// MFACreds holds the parsed MFA information supplied over the API as part of
+	// X-Vault-MFA header
+	MFACreds MFACreds `json:"mfa_creds" structs:"mfa_creds" mapstructure:"mfa_creds" sentinel:""`
+
 	// Cached token entry. This avoids another lookup in request handling when
 	// we've already looked it up at http handling time. Note that this token
 	// has not been "used", as in it will not properly take into account use
@@ -272,3 +278,5 @@ const (
 	RenewOperation              = "renew"
 	RollbackOperation           = "rollback"
 )
+
+type MFACreds map[string][]string