upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Audit: log 'warnings' from eventlogger even if audit is deemed a success (#27809)

Browse source 
* make sure we still log underyling pipeline errors even if audit is deemed a success

* changelog
This commit is contained in:
Peter Wilson 2024-07-19 11:12:51 +01:00 committed by GitHub
parent f959f46dd0
commit 39b99b2e05
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
audit/broker.go
View file

@ -315,6 +315,12 @@ func (b *Broker) LogRequest(ctx context.Context, in *logical.LogInput) (ret erro
// Audit event ended up in at least 1 sink.
if len(status.CompleteSinks()) > 0 {
// We should log warnings to the operational logs regardless of whether
// we consider the overall auditing attempt to be successful.
if len(status.Warnings) > 0 {
b.logger.Error("log request underlying pipeline error(s)", "error", &multierror.Error{Errors: status.Warnings})
}
return retErr.ErrorOrNil()
}
@ -397,6 +403,12 @@ func (b *Broker) LogResponse(ctx context.Context, in *logical.LogInput) (ret err
// Audit event ended up in at least 1 sink.
if len(status.CompleteSinks()) > 0 {
// We should log warnings to the operational logs regardless of whether
// we consider the overall auditing attempt to be successful.
if len(status.Warnings) > 0 {
b.logger.Error("log response underlying pipeline error(s)", "error", &multierror.Error{Errors: status.Warnings})
}
return retErr.ErrorOrNil()
}

3
changelog/27809.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:improvement
audit: Ensure that any underyling errors from audit devices are logged even if we consider auditing to be a success.
```