From dcff276febefcc93137b90080ddaa9ef01bf1633 Mon Sep 17 00:00:00 2001
From: VioletHynes <violet.hynes@hashicorp.com>
Date: Fri, 26 Aug 2022 15:13:24 -0400
Subject: [PATCH 1/4] VAULT-6433 Add namespace_path to MFA endpoints

---
 vault/external_tests/mfa/login_mfa_test.go | 8 ++++++++
 vault/login_mfa.go                         | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/vault/external_tests/mfa/login_mfa_test.go b/vault/external_tests/mfa/login_mfa_test.go
index 8a2bdb5b2145b..0ae821f105f7c 100644
--- a/vault/external_tests/mfa/login_mfa_test.go
+++ b/vault/external_tests/mfa/login_mfa_test.go
@@ -138,6 +138,14 @@ func TestLoginMFA_Method_CRUD(t *testing.T) {
 				t.Fatal("expected response id to match existing method id but it didn't")
 			}
 
+			if resp.Data["namespace_id"] != "root" {
+				t.Fatalf("namespace id was not root, it was %s", resp.Data["namespace_id"])
+			}
+
+			if resp.Data["namespace_path"] != "" {
+				t.Fatalf("namespace path was not empty, it was %s", resp.Data["namespace_path"])
+			}
+
 			// listing should show it
 			resp, err = client.Logical().List(myPath)
 			if err != nil {
diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index cf43eedf27906..db74f8689f57f 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -1361,6 +1361,10 @@ func (b *LoginMFABackend) mfaLoginEnforcementConfigByNameAndNamespace(name, name
 func (b *LoginMFABackend) mfaLoginEnforcementConfigToMap(eConfig *mfa.MFAEnforcementConfig) (map[string]interface{}, error) {
 	resp := make(map[string]interface{})
 	resp["name"] = eConfig.Name
+	ns, err := b.namespacer.NamespaceByID(context.Background(), eConfig.NamespaceID)
+	if ns != nil && err == nil {
+		resp["namespace_path"] = ns.Path
+	}
 	resp["namespace_id"] = eConfig.NamespaceID
 	resp["mfa_method_ids"] = append([]string{}, eConfig.MFAMethodIDs...)
 	resp["auth_method_accessors"] = append([]string{}, eConfig.AuthMethodAccessors...)
@@ -1417,6 +1421,10 @@ func (b *MFABackend) mfaConfigToMap(mConfig *mfa.Config) (map[string]interface{}
 	respData["id"] = mConfig.ID
 	respData["name"] = mConfig.Name
 	respData["namespace_id"] = mConfig.NamespaceID
+	ns, err := b.namespacer.NamespaceByID(context.Background(), mConfig.NamespaceID)
+	if ns != nil && err == nil {
+		respData["namespace_path"] = ns.Path
+	}
 
 	return respData, nil
 }

From befcaf4794e9bdbbe415f2f1dfd337934e9b863b Mon Sep 17 00:00:00 2001
From: VioletHynes <violet.hynes@hashicorp.com>
Date: Fri, 26 Aug 2022 15:30:50 -0400
Subject: [PATCH 2/4] VAULT-6433 add changelog

---
 changelog/16911.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelog/16911.txt

diff --git a/changelog/16911.txt b/changelog/16911.txt
new file mode 100644
index 0000000000000..a451f690df57c
--- /dev/null
+++ b/changelog/16911.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+api/mfa: Add namespace path to the MFA read/list endpoint
+```

From 80d50fd50561c3177cf5bb2f84644853834926b3 Mon Sep 17 00:00:00 2001
From: VioletHynes <violet.hynes@hashicorp.com>
Date: Fri, 26 Aug 2022 16:39:37 -0400
Subject: [PATCH 3/4] VAULT-6433 Return error in case of error

---
 vault/login_mfa.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index db74f8689f57f..ee09140e9e1f1 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -1364,6 +1364,8 @@ func (b *LoginMFABackend) mfaLoginEnforcementConfigToMap(eConfig *mfa.MFAEnforce
 	ns, err := b.namespacer.NamespaceByID(context.Background(), eConfig.NamespaceID)
 	if ns != nil && err == nil {
 		resp["namespace_path"] = ns.Path
+	} else {
+		return nil, err
 	}
 	resp["namespace_id"] = eConfig.NamespaceID
 	resp["mfa_method_ids"] = append([]string{}, eConfig.MFAMethodIDs...)
@@ -1424,6 +1426,8 @@ func (b *MFABackend) mfaConfigToMap(mConfig *mfa.Config) (map[string]interface{}
 	ns, err := b.namespacer.NamespaceByID(context.Background(), mConfig.NamespaceID)
 	if ns != nil && err == nil {
 		respData["namespace_path"] = ns.Path
+	} else {
+		return nil, err
 	}
 
 	return respData, nil

From 90102f6839bbd25f9e6a5e4a9339278d0b84e645 Mon Sep 17 00:00:00 2001
From: VioletHynes <violet.hynes@hashicorp.com>
Date: Mon, 29 Aug 2022 08:49:53 -0400
Subject: [PATCH 4/4] VAULT-6433 Make logic a bit more concise

---
 vault/login_mfa.go | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index ee09140e9e1f1..ba3cd2b8b1596 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -1362,11 +1362,10 @@ func (b *LoginMFABackend) mfaLoginEnforcementConfigToMap(eConfig *mfa.MFAEnforce
 	resp := make(map[string]interface{})
 	resp["name"] = eConfig.Name
 	ns, err := b.namespacer.NamespaceByID(context.Background(), eConfig.NamespaceID)
-	if ns != nil && err == nil {
-		resp["namespace_path"] = ns.Path
-	} else {
+	if ns == nil || err != nil {
 		return nil, err
 	}
+	resp["namespace_path"] = ns.Path
 	resp["namespace_id"] = eConfig.NamespaceID
 	resp["mfa_method_ids"] = append([]string{}, eConfig.MFAMethodIDs...)
 	resp["auth_method_accessors"] = append([]string{}, eConfig.AuthMethodAccessors...)
@@ -1424,11 +1423,10 @@ func (b *MFABackend) mfaConfigToMap(mConfig *mfa.Config) (map[string]interface{}
 	respData["name"] = mConfig.Name
 	respData["namespace_id"] = mConfig.NamespaceID
 	ns, err := b.namespacer.NamespaceByID(context.Background(), mConfig.NamespaceID)
-	if ns != nil && err == nil {
-		respData["namespace_path"] = ns.Path
-	} else {
+	if ns == nil || err != nil {
 		return nil, err
 	}
+	respData["namespace_path"] = ns.Path
 
 	return respData, nil
 }