vault

mirrors/vault

Fork 0

mirror of https://github.com/hashicorp/vault.git synced 2025-11-08 12:21:42 +01:00

Commit Graph

Author	SHA1	Message	Date
Max Bowsher	35a5fbfc60	Fix misattribution of activity log entries to incorrect auth methods (#18809 ) * Fix misattribution of activity log entries to incorrect auth methods In a production Vault Enterprise instance, I noticed incorrect information in the sys/internal/counters/activity endpoints. Eventually, I was able to spot a pattern of entities being misattributed to auth methods of the same name in child namespaces, which led me to this bug in the code. When attempting to map from a token's path to an auth method, we need to do so with respect to the namespace of the token, which may be different from the namespace of the request, as tokens from parent namespaces can make requests that reach into child namespaces. * Changelog * Use a real namespace ID in tests where it now matters * gofumpt --------- Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2023-08-21 14:59:39 +02:00

Author

SHA1

Message

Date

Max Bowsher

35a5fbfc60

Fix misattribution of activity log entries to incorrect auth methods (#18809 )

* Fix misattribution of activity log entries to incorrect auth methods

In a production Vault Enterprise instance, I noticed incorrect
information in the sys/internal/counters/activity endpoints. Eventually,
I was able to spot a pattern of entities being misattributed to auth
methods of the same name in child namespaces, which led me to this bug
in the code.

When attempting to map from a token's path to an auth method, we need to
do so with respect to the namespace of the token, which may be different
from the namespace of the request, as tokens from parent namespaces can
make requests that reach into child namespaces.

* Changelog

* Use a real namespace ID in tests where it now matters

* gofumpt

---------

Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>

2023-08-21 14:59:39 +02:00

1 Commits