Skip to content

AuditEvents: Inconsistent types for from/to/target_id values

Summary

The to, from, and target_id fields on the structure audit_json.log have inconsistent types depending on the audit event. This makes it difficult to ingest into common data processing pipelines without a large amount of custom pre-processing code, including any based on Elastic Search or BigQuery, that require consistent types when importing data.

In particular, the native true and false values being used for some settings conflict with the strings used for almost everything else.

In project events, including but not limited to add, the target_id is currently the name with namespace, not a numerical id.

Steps to reproduce

In any project with support for Packages, as project Maintainer or above, see the audit_json.log entry for any of these actions:

  • Add or remove a project member.
  • Enable or disable the Packages features.
  • Create a new project.

What is the expected correct behavior?

Consistent data types each field.

Proposal

These attributes should always be integers:

  • target_id

These attributes should always be strings:

Output of checks

This bug happens on GitLab.com.

Relevant logs and/or screenshots

Example messages with different types:


{
  "severity": "INFO",
  "time": "2019-02-28T18:29:52.100Z",
  "correlation_id": "4qogam6ous3",
  "author_id": 51,
  "entity_id": 18,
  "entity_type": "Project",
  "change": "packages_enabled",
  "from": true,
  "to": false,
  "author_name": "test2",
  "target_id": 18,
  "target_type": "Project",
  "target_details": "test2/pubproj",
  "ip_address": "127.0.0.1",
  "entity_path": "test2/pubproj"
}

{
  "severity": "INFO",
  "time": "2019-05-17T21:29:53.822Z",
  "correlation_id": "rRNgYZM9B59",
  "author_id": 50,
  "entity_id": 15,
  "entity_type": "Project",
  "change": "access_level",
  "from": "Reporter",
  "to": "Guest",
  "author_name": "test1",
  "target_id": 8040,
  "target_type": "User",
  "target_details": "test2",
  "ip_address": "127.0.0.1",
  "entity_path": "privet-group1/devproj"
}

# string for a target_id
{
  "severity": "INFO",
  "time": "2019-07-03T22:25:49.234Z",
  "correlation_id": "wDuJjAufRo6",
  "author_id": 1,
  "entity_id": 29,
  "entity_type": "Project",
  "add": "project",
  "author_name": "Administrator",
  "target_id": "root/test-project",
  "target_type": "Project",
  "target_details": "root/test-project",
  "ip_address": "127.0.0.1",
  "entity_path": "root/test-project"
}

cc @gitlab-com/gl-security/secops

Edited by Max Woolf