From 2d1c3db46bd6953db676cbb243135572a225d93c Mon Sep 17 00:00:00 2001
From: miagilepner <mia.epner@hashicorp.com>
Date: Fri, 2 Aug 2024 10:28:34 +0200
Subject: [PATCH] VAULT-25883: Fix namespace errors with path filters on
 sys/internal/ui/mounts (#27939)

* include namespace in prefix fopr sys/internal/ui/mounts

* changelog
---
 changelog/27939.txt     | 3 +++
 vault/logical_system.go | 8 ++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 changelog/27939.txt

diff --git a/changelog/27939.txt b/changelog/27939.txt
new file mode 100644
index 000000000000..093b742b90bc
--- /dev/null
+++ b/changelog/27939.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core (enterprise): Fix 500 errors that occurred querying `sys/internal/ui/mounts` for a mount prefixed by a namespace path when path filters are configured.
+```
\ No newline at end of file
diff --git a/vault/logical_system.go b/vault/logical_system.go
index cbb0f37ade1d..e49c5651a369 100644
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@@ -5075,6 +5075,14 @@ func (b *SystemBackend) pathInternalUIMountRead(ctx context.Context, req *logica
 		routerPrefix = credentialRoutePrefix
 	}
 
+	// the mount's namespace is (at least partially) in the request path and not
+	// in the request's context, so we need to add the namespace from the
+	// request path to the router prefix
+	if me.NamespaceID != ns.ID {
+		namespaceRouterPrefix := strings.TrimPrefix(me.Namespace().Path, ns.Path)
+		routerPrefix = namespaceRouterPrefix + routerPrefix
+	}
+
 	filtered, err := b.Core.checkReplicatedFiltering(ctx, me, routerPrefix)
 	if err != nil {
 		return nil, err