ensure we supply namespace to the new context

hashicorp · Nov 22, 2023 · 7fcd913 · 7fcd913
1 parent 8a0a46f
commit 7fcd913
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/vault/audit_broker.go b/vault/audit_broker.go
@@ -10,6 +10,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/hashicorp/vault/helper/namespace"
+
 	"github.com/hashicorp/vault/internal/observability/event"
 
 	metrics "github.com/armon/go-metrics"
@@ -297,12 +299,21 @@ func (a *AuditBroker) LogResponse(ctx context.Context, in *logical.LogInput, hea
 
 			e.Data = in
 
-			// In cases where we are trying to audit the response, we will detach
-			// ourselves from the original context so that we get a fair run at
-			// committing audit entries (pipeline nodes may check for a cancelled
-			// context and refuse to process the nodes further).
+			// In cases where we are trying to audit the response, we detach
+			// ourselves from the original context (keeping only the namespace).
+			// This is so that we get a fair run at writing audit entries if Vault
+			// Took up a lot of time handling the request before audit (response)
+			// is triggered. Pipeline nodes may check for a cancelled context and
+			// refuse to process the nodes further.
+			ns, err := namespace.FromContext(ctx)
+			if err != nil {
+				retErr = multierror.Append(retErr, fmt.Errorf("namespace missing from context: %w", err))
+				return retErr.ErrorOrNil()
+			}
+
 			auditContext, auditCancel := context.WithTimeout(context.Background(), 5*time.Second)
 			defer auditCancel()
+			auditContext = namespace.ContextWithNamespace(auditContext, ns)
 			status, err := a.broker.Send(auditContext, eventlogger.EventType(event.AuditType.String()), e)
 			if err != nil {
 				retErr = multierror.Append(retErr, multierror.Append(err, status.Warnings...))