backport of commit dcd737b (#29387)

Co-authored-by: divyaac <[email protected]>
hashicorp · Jan 22, 2025 · 4e8e62e · 4e8e62e
1 parent 1bc9dbf
commit 4e8e62e
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 14 deletions.
diff --git a/changelog/29376.txt b/changelog/29376.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response.
+```
diff --git a/vault/activity_log.go b/vault/activity_log.go
@@ -3172,16 +3172,6 @@ func (a *ActivityLog) writeExport(ctx context.Context, rw http.ResponseWriter, f
 								return fmt.Errorf("failed to process local entity alias")
 							}
 
-							record.MountType, ok = alias["mount_type"].(string)
-							if !ok {
-								return fmt.Errorf("failed to process mount type")
-							}
-
-							record.MountPath, ok = alias["mount_path"].(string)
-							if !ok {
-								return fmt.Errorf("failed to process mount path")
-							}
-
 							entityAliasMetadata, ok := alias["metadata"].(map[string]string)
 							if !ok {
 								return fmt.Errorf("failed to process entity alias metadata")
@@ -3199,6 +3189,23 @@ func (a *ActivityLog) writeExport(ctx context.Context, rw http.ResponseWriter, f
 							if entityAliasCustomMetadata != nil {
 								record.EntityAliasCustomMetadata = entityAliasCustomMetadata
 							}
+
+							valResp := a.core.router.ValidateMountByAccessor(e.MountAccessor)
+							if valResp == nil {
+								record.MountType = ""
+								record.MountPath = fmt.Sprintf(DeletedMountFmt, e.MountAccessor)
+							} else {
+								record.MountType, ok = alias["mount_type"].(string)
+								if !ok {
+									return fmt.Errorf("failed to process mount type")
+								}
+								record.MountPath, ok = alias["mount_path"].(string)
+								if !ok {
+									return fmt.Errorf("failed to process mount path")
+								}
+
+							}
+
 						}
 					} else {
 						// fetch mount directly to ensure mount type and path are populated

diff --git a/vault/activity_log_test.go b/vault/activity_log_test.go
@@ -4110,7 +4110,7 @@ func TestActivityLog_partialMonthClientCountWithMultipleMountPaths(t *testing.T)
 	// these are the paths that are expected and correspond with the entity records created above
 	expectedPaths := []string{
 		noMountAccessor,
-		fmt.Sprintf(deletedMountFmt, "deleted"),
+		fmt.Sprintf(DeletedMountFmt, "deleted"),
 		path,
 	}
 	for _, expectedPath := range expectedPaths {

diff --git a/vault/activity_log_util_common.go b/vault/activity_log_util_common.go
@@ -392,7 +392,7 @@ func (a *ActivityLog) sortActivityLogMonthsResponse(months []*ResponseMonth) {
 
 const (
 	noMountAccessor     = "no mount accessor (pre-1.10 upgrade?)"
-	deletedMountFmt     = "deleted mount; accessor %q"
+	DeletedMountFmt     = "deleted mount; accessor %q"
 	DeletedNamespaceFmt = "deleted namespace %q"
 )
 
@@ -405,7 +405,7 @@ func (a *ActivityLog) mountAccessorToMountPath(mountAccessor string) string {
 	} else {
 		valResp := a.core.router.ValidateMountByAccessor(mountAccessor)
 		if valResp == nil {
-			displayPath = fmt.Sprintf(deletedMountFmt, mountAccessor)
+			displayPath = fmt.Sprintf(DeletedMountFmt, mountAccessor)
 		} else {
 			displayPath = valResp.MountPath
 			if !strings.HasSuffix(displayPath, "/") {

diff --git a/vault/activity_log_util_common_test.go b/vault/activity_log_util_common_test.go
@@ -978,7 +978,7 @@ func Test_ActivityLog_ComputeCurrentMonth_NamespaceMounts(t *testing.T) {
 			correctMountPaths := func(namespaces []*activity.MonthlyNamespaceRecord) {
 				for _, ns := range namespaces {
 					for _, mount := range ns.Mounts {
-						mount.MountPath = fmt.Sprintf(deletedMountFmt, mount.MountPath)
+						mount.MountPath = fmt.Sprintf(DeletedMountFmt, mount.MountPath)
 					}
 				}
 			}