VAULT-6131 OpenAPI schema now includes /auth/token endpoints when exp…

…licit permission has been granted (#15552) * VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted * VAULT-6131 add changelog * VAULT-6131 Update changelog and fix related bug
hashicorp · May 31, 2022 · f851d00 · f851d00
1 parent 4a8b5d9
commit f851d00
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/changelog/15552.txt b/changelog/15552.txt
@@ -0,0 +1,6 @@
+```release-note:bug
+openapi: Fixed issue where information about /auth/token endpoints was not present with explicit policy permissions
+```
+```release-note:bug
+api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P<path>.+) endpoints where it was not properly handling /auth/
+```
diff --git a/vault/logical_system.go b/vault/logical_system.go
@@ -3734,7 +3734,11 @@ func (b *SystemBackend) pathInternalUIMountsRead(ctx context.Context, req *logic
 		}
 
 		if isAuthed {
-			return hasMountAccess(ctx, acl, me.Namespace().Path+me.Path)
+			if me.Table == "auth" {
+				return hasMountAccess(ctx, acl, me.Namespace().Path+me.Table+"/"+me.Path)
+			} else {
+				return hasMountAccess(ctx, acl, me.Namespace().Path+me.Path)
+			}
 		}
 
 		return false
@@ -3844,10 +3848,18 @@ func (b *SystemBackend) pathInternalUIMountRead(ctx context.Context, req *logica
 	}
 	resp.Data["path"] = me.Path
 
-	fullMountPath := ns.Path + me.Path
+	pathWithTable := ""
+
+	if me.Table == "auth" {
+		pathWithTable = me.Table + "/" + me.Path
+	} else {
+		pathWithTable = me.Path
+	}
+
+	fullMountPath := ns.Path + pathWithTable
 	if ns.ID != me.Namespace().ID {
-		resp.Data["path"] = me.Namespace().Path + me.Path
-		fullMountPath = ns.Path + me.Namespace().Path + me.Path
+		resp.Data["path"] = me.Namespace().Path + pathWithTable
+		fullMountPath = ns.Path + me.Namespace().Path + pathWithTable
 	}
 
 	if !hasMountAccess(ctx, acl, fullMountPath) {