From 28ef017238fbe5de23f1dd29147a83d7a153561b Mon Sep 17 00:00:00 2001 From: akshya96 Date: Mon, 27 Jan 2025 12:51:43 -0800 Subject: [PATCH 1/2] adding ce changes from vault-33413-ent --- vault/activity_log.go | 5 +++-- vault/activity_log_test.go | 3 ++- vault/core.go | 9 +++++++++ vault/core_test.go | 13 +++++++++++++ 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/vault/activity_log.go b/vault/activity_log.go index c1459f6eae21..98886e626c91 100644 --- a/vault/activity_log.go +++ b/vault/activity_log.go @@ -1801,8 +1801,9 @@ func (c *Core) ActivityLogInjectResponse(ctx context.Context, pq *activity.Preco func (a *ActivityLog) includeInResponse(query *namespace.Namespace, record *namespace.Namespace) bool { if record == nil { - // Deleted namespace, only include in root queries - return query.ID == namespace.RootNamespaceID + // Deleted namespace, only include in root or admin namespace (if configured) queries + adminNsPath := namespace.Canonicalize(a.core.administrativeNamespacePath()) + return query.ID == namespace.RootNamespaceID || (adminNsPath != "" && query.Path == adminNsPath) } return record.HasParent(query) } diff --git a/vault/activity_log_test.go b/vault/activity_log_test.go index 3c79f521be29..a1b4917bb8eb 100644 --- a/vault/activity_log_test.go +++ b/vault/activity_log_test.go @@ -1922,7 +1922,8 @@ func (f *fakeResponseWriter) WriteHeader(statusCode int) { // their parents. func TestActivityLog_IncludeNamespace(t *testing.T) { root := namespace.RootNamespace - a := &ActivityLog{} + core, _, _ := TestCoreUnsealed(t) + a := core.activityLog nsA := &namespace.Namespace{ ID: "aaaaa", diff --git a/vault/core.go b/vault/core.go index 56c267ea259d..b42d26d6652f 100644 --- a/vault/core.go +++ b/vault/core.go @@ -3629,6 +3629,15 @@ func (c *Core) LogFormat() string { return conf.(*server.Config).LogFormat } +// administrativeNamespacePath returns the configured administrative namespace path. +func (c *Core) administrativeNamespacePath() string { + conf := c.rawConfig.Load() + if conf == nil { + return "" + } + return conf.(*server.Config).AdministrativeNamespacePath +} + // LogLevel returns the log level provided by level provided by config, CLI flag, or env func (c *Core) LogLevel() string { return c.logLevel diff --git a/vault/core_test.go b/vault/core_test.go index b67be067f3ee..b4089d511935 100644 --- a/vault/core_test.go +++ b/vault/core_test.go @@ -3753,3 +3753,16 @@ func TestCore_IsRemovedFromCluster(t *testing.T) { t.Fatalf("expected removed to be false and ok to be true, got removed: %v, ok: %v", removed, ok) } } + +// Test_administrativeNamespacePath verifies if administrativeNamespacePath function returns the configured administrative namespace path +func Test_administrativeNamespacePath(t *testing.T) { + adminNamespacePath := "admin" + coreConfig := &CoreConfig{ + RawConfig: &server.Config{ + SharedConfig: &configutil.SharedConfig{AdministrativeNamespacePath: adminNamespacePath}, + }, + AdministrativeNamespacePath: adminNamespacePath, + } + core, _, _ := TestCoreUnsealedWithConfig(t, coreConfig) + require.Equal(t, core.administrativeNamespacePath(), adminNamespacePath) +} From 47037a7cbf8df9b791d25f60c708840b962b94ca Mon Sep 17 00:00:00 2001 From: akshya96 Date: Mon, 27 Jan 2025 13:04:46 -0800 Subject: [PATCH 2/2] add changelog --- changelog/29432.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/29432.txt diff --git a/changelog/29432.txt b/changelog/29432.txt new file mode 100644 index 000000000000..7d0266eab2cc --- /dev/null +++ b/changelog/29432.txt @@ -0,0 +1,3 @@ +```release-note:bug +activity: Show activity records from clients created in deleted namespaces when activity log is queried from admin namespace. +``` \ No newline at end of file