Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unwrap failures are not logged #6491

Closed
nvx opened this issue Mar 28, 2019 · 1 comment · Fixed by #6541
Closed

Unwrap failures are not logged #6491

nvx opened this issue Mar 28, 2019 · 1 comment · Fixed by #6541
Assignees
@calvn
Milestone
1.2

Comments

@nvx
Copy link
Contributor

nvx commented Mar 28, 2019

Describe the bug
Attempting to unwrap an invalid wrapping token, or unwrapping an already unwrapped wrapping token does not result in any log message appearing in the audit log. This is surprising to me as even requests to the metrics endpoints always generates log messages.

To Reproduce
Steps to reproduce the behavior:

  1. Configure vault with at least one audit device (I used file)
  2. Tail audit log and observe other actions are producing audit log entries
  3. Run vault unwrap invalid-token
  4. See error returned from server * wrapping token is not valid or does not exist
  5. Observe nothing added to the audit log

Expected behavior
I expect every request to Vault to appear in the audit log.

Environment:

  • Vault Server Version: 1.1.0
  • Vault CLI Version: 1.1.0
  • Server Operating System/Architecture: Linux x64
@jefferai jefferai added this to the 1.1.1 milestone Mar 28, 2019
@jefferai
Copy link
Member

Hi there,

We do validation checks on wrapping tokens before they hit the main request flow, which is why they don't hit audit. That said, if we're auditing normal invalid tokens, we should audit this too, so we'll get that added!

@calvn calvn self-assigned this Apr 1, 2019
@jefferai jefferai modified the milestones: 1.1.1, 1.1.2 Apr 10, 2019
@calvn calvn mentioned this issue Apr 16, 2019
Merged
@briankassouf briankassouf modified the milestones: 1.1.2, 1.1.3 Apr 29, 2019
@briankassouf briankassouf modified the milestones: 1.1.3, 1.2 May 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@calvn calvn

Labels
None yet
Projects
None yet
Milestone
1.2
Development

Successfully merging a pull request may close this issue.

audit: log invalid wrapping token request/response hashicorp/vault
4 participants
@jefferai @nvx @calvn @briankassouf