From e4b8f56317fe4cb27c2f7b9a9ec280c6dee77b9d Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:46:01 -0600 Subject: [PATCH] Known issues: Vault Enterprise - Performance Standby nodes audit log all request headers (#26158) (#26159) * Add known issue docs for Ent Perf Standby audit header logging issue * attempt to improve description Co-authored-by: Peter Wilson --- website/content/docs/release-notes/1.15.0.mdx | 5 +++- .../docs/upgrading/upgrade-to-1.15.x.mdx | 2 ++ ...terprise-perf-standby-logs-all-headers.mdx | 27 +++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx diff --git a/website/content/docs/release-notes/1.15.0.mdx b/website/content/docs/release-notes/1.15.0.mdx index 2265b2afcd16..a70f9242e0c9 100644 --- a/website/content/docs/release-notes/1.15.0.mdx +++ b/website/content/docs/release-notes/1.15.0.mdx @@ -25,7 +25,10 @@ description: |- | 1.15.0+ | [URL change for KV v2 plugin](/vault/docs/upgrading/upgrade-to-1.15.x#kv2-url-change) | | 1.15.1 | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.15.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash) | | 1.15.0 - 1.15.4 | [Audit devices could log raw data despite configuration](/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration) | -| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts) +| 1.15.5 | [Unable to rotate LDAP credentials](/vault/docs/upgrading/upgrade-to-1.15.x#unable-to-rotate-ldap-credentials) | +| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts) | +| 1.15.0 - 1.15.5 | [Audit fails to recover from panics when formatting audit entries](/vault/docs/upgrading/upgrade-to-1.15.x#audit-fails-to-recover-from-panics-when-formatting-audit-entries) | +| 1.15.0 - 1.15.7 | [Vault Enterprise performance standby nodes audit all request headers regardless of settings](/vault/docs/upgrading/upgrade-to-1.15.x#vault-enterprise-performance-standby-nodes-audit-all-request-headers) | ## Vault companion updates diff --git a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx index 8caef06b9546..e6f75140c3b2 100644 --- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx @@ -74,3 +74,5 @@ option. @include 'known-issues/1_15-audit-panic-handling-with-eventlogger.mdx' @include 'known-issues/ocsp-redirect.mdx' + +@include 'known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx' diff --git a/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx new file mode 100644 index 000000000000..de2467ec66ec --- /dev/null +++ b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx @@ -0,0 +1,27 @@ +### Vault Enterprise Performance Standby nodes audit all request headers + +#### Affected versions + +- 1.15.0 - 1.15.7 + +#### Issue + +Due to an issue in the new event framework, Performance Standby nodes in a Vault +Enterprise cluster do not correctly receive configuration regarding which request +headers should be written to the audit log. + +Rather than no headers appearing in the audit logs by default, Vault Enterprise +logs **all** headers on Performance Standby nodes. + +The header issue was resolved in `1.15.8`. + +#### Workaround + +Set the `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to +disable the new underlying event framework and restart Vault: + +```shell-session +$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true +``` + +On startup, Vault reverts to the audit behavior used in `1.14.x`.