diff --git a/changelog/29376.txt b/changelog/29376.txt new file mode 100644 index 000000000000..07d974a59d5c --- /dev/null +++ b/changelog/29376.txt @@ -0,0 +1,3 @@ +```release-note:bug +activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. +``` diff --git a/vault/activity_log.go b/vault/activity_log.go index 71df6654a16a..c1459f6eae21 100644 --- a/vault/activity_log.go +++ b/vault/activity_log.go @@ -3172,16 +3172,6 @@ func (a *ActivityLog) writeExport(ctx context.Context, rw http.ResponseWriter, f return fmt.Errorf("failed to process local entity alias") } - record.MountType, ok = alias["mount_type"].(string) - if !ok { - return fmt.Errorf("failed to process mount type") - } - - record.MountPath, ok = alias["mount_path"].(string) - if !ok { - return fmt.Errorf("failed to process mount path") - } - entityAliasMetadata, ok := alias["metadata"].(map[string]string) if !ok { return fmt.Errorf("failed to process entity alias metadata") @@ -3199,6 +3189,23 @@ func (a *ActivityLog) writeExport(ctx context.Context, rw http.ResponseWriter, f if entityAliasCustomMetadata != nil { record.EntityAliasCustomMetadata = entityAliasCustomMetadata } + + valResp := a.core.router.ValidateMountByAccessor(e.MountAccessor) + if valResp == nil { + record.MountType = "" + record.MountPath = fmt.Sprintf(DeletedMountFmt, e.MountAccessor) + } else { + record.MountType, ok = alias["mount_type"].(string) + if !ok { + return fmt.Errorf("failed to process mount type") + } + record.MountPath, ok = alias["mount_path"].(string) + if !ok { + return fmt.Errorf("failed to process mount path") + } + + } + } } else { // fetch mount directly to ensure mount type and path are populated diff --git a/vault/activity_log_test.go b/vault/activity_log_test.go index 81a691dadbed..0e394bd07189 100644 --- a/vault/activity_log_test.go +++ b/vault/activity_log_test.go @@ -4110,7 +4110,7 @@ func TestActivityLog_partialMonthClientCountWithMultipleMountPaths(t *testing.T) // these are the paths that are expected and correspond with the entity records created above expectedPaths := []string{ noMountAccessor, - fmt.Sprintf(deletedMountFmt, "deleted"), + fmt.Sprintf(DeletedMountFmt, "deleted"), path, } for _, expectedPath := range expectedPaths { diff --git a/vault/activity_log_util_common.go b/vault/activity_log_util_common.go index 3e71ee8cc0ac..937d16596867 100644 --- a/vault/activity_log_util_common.go +++ b/vault/activity_log_util_common.go @@ -392,7 +392,7 @@ func (a *ActivityLog) sortActivityLogMonthsResponse(months []*ResponseMonth) { const ( noMountAccessor = "no mount accessor (pre-1.10 upgrade?)" - deletedMountFmt = "deleted mount; accessor %q" + DeletedMountFmt = "deleted mount; accessor %q" DeletedNamespaceFmt = "deleted namespace %q" ) @@ -405,7 +405,7 @@ func (a *ActivityLog) mountAccessorToMountPath(mountAccessor string) string { } else { valResp := a.core.router.ValidateMountByAccessor(mountAccessor) if valResp == nil { - displayPath = fmt.Sprintf(deletedMountFmt, mountAccessor) + displayPath = fmt.Sprintf(DeletedMountFmt, mountAccessor) } else { displayPath = valResp.MountPath if !strings.HasSuffix(displayPath, "/") { diff --git a/vault/activity_log_util_common_test.go b/vault/activity_log_util_common_test.go index 48a3e8dea43b..99f559ed1215 100644 --- a/vault/activity_log_util_common_test.go +++ b/vault/activity_log_util_common_test.go @@ -978,7 +978,7 @@ func Test_ActivityLog_ComputeCurrentMonth_NamespaceMounts(t *testing.T) { correctMountPaths := func(namespaces []*activity.MonthlyNamespaceRecord) { for _, ns := range namespaces { for _, mount := range ns.Mounts { - mount.MountPath = fmt.Sprintf(deletedMountFmt, mount.MountPath) + mount.MountPath = fmt.Sprintf(DeletedMountFmt, mount.MountPath) } } }