From 9f7b33ae06df87acbc8280390b1460ba14cc0eb6 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Tue, 26 Mar 2024 14:54:11 +0000 Subject: [PATCH] Known issues: Vault Enterprise - Performance Standby nodes audit log all request headers (#26158) * Add known issue docs for Ent Perf Standby audit header logging issue * attempt to improve description --- website/content/docs/release-notes/1.15.0.mdx | 5 +++- .../docs/upgrading/upgrade-to-1.15.x.mdx | 2 ++ ...terprise-perf-standby-logs-all-headers.mdx | 27 +++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx diff --git a/website/content/docs/release-notes/1.15.0.mdx b/website/content/docs/release-notes/1.15.0.mdx index 83420ab30783..a49be20a43b5 100644 --- a/website/content/docs/release-notes/1.15.0.mdx +++ b/website/content/docs/release-notes/1.15.0.mdx @@ -25,7 +25,10 @@ description: |- | 1.15.0+ | [URL change for KV v2 plugin](/vault/docs/upgrading/upgrade-to-1.15.x#kv2-url-change) | | 1.15.1 | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.15.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash) | | 1.15.0 - 1.15.4 | [Audit devices could log raw data despite configuration](/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration) | -| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts) +| 1.15.5 | [Unable to rotate LDAP credentials](/vault/docs/upgrading/upgrade-to-1.15.x#unable-to-rotate-ldap-credentials) | +| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts) | +| 1.15.0 - 1.15.5 | [Audit fails to recover from panics when formatting audit entries](/vault/docs/upgrading/upgrade-to-1.15.x#audit-fails-to-recover-from-panics-when-formatting-audit-entries) | +| 1.15.0 - 1.15.7 | [Vault Enterprise performance standby nodes audit all request headers regardless of settings](/vault/docs/upgrading/upgrade-to-1.15.x#vault-enterprise-performance-standby-nodes-audit-all-request-headers) | ## Vault companion updates diff --git a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx index ec631093cbb0..916fb7043b46 100644 --- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx @@ -72,3 +72,5 @@ option. @include 'known-issues/perf-secondary-many-mounts-deadlock.mdx' @include 'known-issues/ocsp-redirect.mdx' + +@include 'known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx' diff --git a/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx new file mode 100644 index 000000000000..de2467ec66ec --- /dev/null +++ b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx @@ -0,0 +1,27 @@ +### Vault Enterprise Performance Standby nodes audit all request headers + +#### Affected versions + +- 1.15.0 - 1.15.7 + +#### Issue + +Due to an issue in the new event framework, Performance Standby nodes in a Vault +Enterprise cluster do not correctly receive configuration regarding which request +headers should be written to the audit log. + +Rather than no headers appearing in the audit logs by default, Vault Enterprise +logs **all** headers on Performance Standby nodes. + +The header issue was resolved in `1.15.8`. + +#### Workaround + +Set the `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to +disable the new underlying event framework and restart Vault: + +```shell-session +$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true +``` + +On startup, Vault reverts to the audit behavior used in `1.14.x`.