We should add a UUID to each request, with the value enforced by the router.
One thing to figure out is whether we want to return that value to the user, or only display that in the audit logs.
jefferai
All 4 comments
Do you mean request id?
sergeyklay
on 15 Jul 2016
Yes
jefferai
on 15 Jul 2016
The request ID (a UUID) should be attached to the request object and should be part of both request and response entries of audit logs.
Router should cache the value of ID before forwarding the request to the backends and then restore it after the request is served.
The request ID should be added to the response as well. However, it should not be displayed as part of response of the CLI commands.
vishalnayak
on 15 Jul 2016
Also as part of this, we should analyze the existing code, and probably remove request logging by default, since the full request entry is also contained in the response. It should be toggle-able. Unsure yet if that should be in Vault config or audit mount config, but most likely it should be an audit mount property at enable time.
jefferai
on 21 Jul 2016
Related issues
dwdraju
路
3Comments
gtmtech
路
3Comments
andris9
路
3Comments
jasonmcintosh
路
3Comments
Wonder007
路
3Comments
Most helpful comment
The request ID (a UUID) should be attached to the request object and should be part of both request and response entries of audit logs.
Router should cache the value of ID before forwarding the request to the backends and then restore it after the request is served.
The request ID should be added to the response as well. However, it should not be displayed as part of response of the CLI commands.