Merge branch '423229_graphql_delete_api_for_amazon_s3_configuration' into 'master'

GraphQL API for deleting audit event streaming amazon_s3_configurations See merge request !133695 Merged-by: Harsimar Sandhu <hsandhu@gitlab.com> Approved-by: Harsimar Sandhu <hsandhu@gitlab.com> Reviewed-by: David Fernandez <dfernandez@gitlab.com> Reviewed-by: Huzaifa Iftikhar <hiftikhar@gitlab.com> Reviewed-by: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Co-authored-by: huzaifaiftikhar1 <hiftikhar@gitlab.com>

Merge branch '423229_graphql_delete_api_for_amazon_s3_configuration' into 'master'
9098e2a3 · Harsimar Sandhu · 7564f1bf · 74152c2f · 9098e2a3 · 9098e2a3
Commit 9098e2a3 authored 1 year ago by Harsimar Sandhu
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ b/doc/administration/audit_event_streaming/audit_event_types.md
@@ -37,6 +37,7 @@ Audit event types belong to the following product categories.
 | Name | Description | Saved to database | Streamed | Introduced in |
 |:-----|:------------|:------------------|:---------|:--------------|
 | [`amazon_s3_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132443) | Triggered when Amazon S3 configuration for audit events streaming is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423229) |
+| [`amazon_s3_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133695) | Triggered when Amazon S3 configuration for audit events streaming is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423229) |
 | [`amazon_s3_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133691) | Triggered when Amazon S3 configuration for audit events streaming is updated.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423229) |
 | [`audit_events_streaming_headers_create`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92068) | Triggered when a streaming header for audit events is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) |
 | [`audit_events_streaming_headers_destroy`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92068) | Triggered when a streaming header for audit events is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) |

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1277,94 +1277,112 @@ Input type: `AlertTodoCreateInput`
 | <a id="mutationalerttodocreateissue"></a>`issue` | [`Issue`](#issue) | Issue created after mutation. |
 | <a id="mutationalerttodocreatetodo"></a>`todo` | [`Todo`](#todo) | To-do item after mutation. |
  
-### `Mutation.amazonS3ConfigurationCreate`
+### `Mutation.approveDeployment`
  
-Input type: `AmazonS3ConfigurationCreateInput`
+Input type: `ApproveDeploymentInput`
  
 #### Arguments
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationamazons3configurationcreateaccesskeyxid"></a>`accessKeyXid` | [`String!`](#string) | Access key ID of the Amazon S3 account. |
-| <a id="mutationamazons3configurationcreateawsregion"></a>`awsRegion` | [`String!`](#string) | AWS region where the bucket is created. |
-| <a id="mutationamazons3configurationcreatebucketname"></a>`bucketName` | [`String!`](#string) | Name of the bucket where the audit events would be logged. |
-| <a id="mutationamazons3configurationcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationamazons3configurationcreategrouppath"></a>`groupPath` | [`ID!`](#id) | Group path. |
-| <a id="mutationamazons3configurationcreatename"></a>`name` | [`String`](#string) | Destination name. |
-| <a id="mutationamazons3configurationcreatesecretaccesskey"></a>`secretAccessKey` | [`String!`](#string) | Secret access key of the Amazon S3 account. |
+| <a id="mutationapprovedeploymentclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationapprovedeploymentcomment"></a>`comment` | [`String`](#string) | Comment to go with the approval. |
+| <a id="mutationapprovedeploymentid"></a>`id` | [`DeploymentID!`](#deploymentid) | ID of the deployment. |
+| <a id="mutationapprovedeploymentrepresentedas"></a>`representedAs` | [`String`](#string) | Name of the User/Group/Role to use for the approval, when the user belongs to multiple approval rules. |
+| <a id="mutationapprovedeploymentstatus"></a>`status` | [`DeploymentsApprovalStatus!`](#deploymentsapprovalstatus) | Status of the approval (either `APPROVED` or `REJECTED`). |
  
 #### Fields
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationamazons3configurationcreateamazons3configuration"></a>`amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | configuration created. |
-| <a id="mutationamazons3configurationcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationamazons3configurationcreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationapprovedeploymentclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationapprovedeploymentdeploymentapproval"></a>`deploymentApproval` | [`DeploymentApproval!`](#deploymentapproval) | DeploymentApproval after mutation. |
+| <a id="mutationapprovedeploymenterrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
  
-### `Mutation.amazonS3ConfigurationUpdate`
+### `Mutation.artifactDestroy`
  
-Input type: `AmazonS3ConfigurationUpdateInput`
+Input type: `ArtifactDestroyInput`
  
 #### Arguments
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationamazons3configurationupdateaccesskeyxid"></a>`accessKeyXid` | [`String`](#string) | Access key ID of the Amazon S3 account. |
-| <a id="mutationamazons3configurationupdateawsregion"></a>`awsRegion` | [`String`](#string) | AWS region where the bucket is created. |
-| <a id="mutationamazons3configurationupdatebucketname"></a>`bucketName` | [`String`](#string) | Name of the bucket where the audit events would be logged. |
-| <a id="mutationamazons3configurationupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationamazons3configurationupdateid"></a>`id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to update. |
-| <a id="mutationamazons3configurationupdatename"></a>`name` | [`String`](#string) | Destination name. |
-| <a id="mutationamazons3configurationupdatesecretaccesskey"></a>`secretAccessKey` | [`String`](#string) | Secret access key of the Amazon S3 account. |
+| <a id="mutationartifactdestroyclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationartifactdestroyid"></a>`id` | [`CiJobArtifactID!`](#cijobartifactid) | ID of the artifact to delete. |
  
 #### Fields
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationamazons3configurationupdateamazons3configuration"></a>`amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | Updated Amazon S3 configuration. |
-| <a id="mutationamazons3configurationupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationamazons3configurationupdateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationartifactdestroyartifact"></a>`artifact` | [`CiJobArtifact`](#cijobartifact) | Deleted artifact. |
+| <a id="mutationartifactdestroyclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationartifactdestroyerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
  
-### `Mutation.approveDeployment`
+### `Mutation.auditEventsAmazonS3ConfigurationCreate`
  
-Input type: `ApproveDeploymentInput`
+Input type: `AuditEventsAmazonS3ConfigurationCreateInput`
  
 #### Arguments
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationapprovedeploymentclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationapprovedeploymentcomment"></a>`comment` | [`String`](#string) | Comment to go with the approval. |
-| <a id="mutationapprovedeploymentid"></a>`id` | [`DeploymentID!`](#deploymentid) | ID of the deployment. |
-| <a id="mutationapprovedeploymentrepresentedas"></a>`representedAs` | [`String`](#string) | Name of the User/Group/Role to use for the approval, when the user belongs to multiple approval rules. |
-| <a id="mutationapprovedeploymentstatus"></a>`status` | [`DeploymentsApprovalStatus!`](#deploymentsapprovalstatus) | Status of the approval (either `APPROVED` or `REJECTED`). |
+| <a id="mutationauditeventsamazons3configurationcreateaccesskeyxid"></a>`accessKeyXid` | [`String!`](#string) | Access key ID of the Amazon S3 account. |
+| <a id="mutationauditeventsamazons3configurationcreateawsregion"></a>`awsRegion` | [`String!`](#string) | AWS region where the bucket is created. |
+| <a id="mutationauditeventsamazons3configurationcreatebucketname"></a>`bucketName` | [`String!`](#string) | Name of the bucket where the audit events would be logged. |
+| <a id="mutationauditeventsamazons3configurationcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsamazons3configurationcreategrouppath"></a>`groupPath` | [`ID!`](#id) | Group path. |
+| <a id="mutationauditeventsamazons3configurationcreatename"></a>`name` | [`String`](#string) | Destination name. |
+| <a id="mutationauditeventsamazons3configurationcreatesecretaccesskey"></a>`secretAccessKey` | [`String!`](#string) | Secret access key of the Amazon S3 account. |
  
 #### Fields
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationapprovedeploymentclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationapprovedeploymentdeploymentapproval"></a>`deploymentApproval` | [`DeploymentApproval!`](#deploymentapproval) | DeploymentApproval after mutation. |
-| <a id="mutationapprovedeploymenterrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationauditeventsamazons3configurationcreateamazons3configuration"></a>`amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | configuration created. |
+| <a id="mutationauditeventsamazons3configurationcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsamazons3configurationcreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
  
-### `Mutation.artifactDestroy`
+### `Mutation.auditEventsAmazonS3ConfigurationDelete`
  
-Input type: `ArtifactDestroyInput`
+Input type: `AuditEventsAmazonS3ConfigurationDeleteInput`
  
 #### Arguments
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationartifactdestroyclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationartifactdestroyid"></a>`id` | [`CiJobArtifactID!`](#cijobartifactid) | ID of the artifact to delete. |
+| <a id="mutationauditeventsamazons3configurationdeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsamazons3configurationdeleteid"></a>`id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to destroy. |
  
 #### Fields
  
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="mutationartifactdestroyartifact"></a>`artifact` | [`CiJobArtifact`](#cijobartifact) | Deleted artifact. |
-| <a id="mutationartifactdestroyclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationartifactdestroyerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationauditeventsamazons3configurationdeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsamazons3configurationdeleteerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+
+### `Mutation.auditEventsAmazonS3ConfigurationUpdate`
+
+Input type: `AuditEventsAmazonS3ConfigurationUpdateInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationauditeventsamazons3configurationupdateaccesskeyxid"></a>`accessKeyXid` | [`String`](#string) | Access key ID of the Amazon S3 account. |
+| <a id="mutationauditeventsamazons3configurationupdateawsregion"></a>`awsRegion` | [`String`](#string) | AWS region where the bucket is created. |
+| <a id="mutationauditeventsamazons3configurationupdatebucketname"></a>`bucketName` | [`String`](#string) | Name of the bucket where the audit events would be logged. |
+| <a id="mutationauditeventsamazons3configurationupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsamazons3configurationupdateid"></a>`id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to update. |
+| <a id="mutationauditeventsamazons3configurationupdatename"></a>`name` | [`String`](#string) | Destination name. |
+| <a id="mutationauditeventsamazons3configurationupdatesecretaccesskey"></a>`secretAccessKey` | [`String`](#string) | Secret access key of the Amazon S3 account. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationauditeventsamazons3configurationupdateamazons3configuration"></a>`amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | Updated Amazon S3 configuration. |
+| <a id="mutationauditeventsamazons3configurationupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsamazons3configurationupdateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
  
 ### `Mutation.auditEventsStreamingDestinationEventsAdd`
  
--- a/ee/app/graphql/ee/types/mutation_type.rb
+++ b/ee/app/graphql/ee/types/mutation_type.rb
@@ -123,6 +123,7 @@ module MutationType
        mount_mutation ::Mutations::AuditEvents::GoogleCloudLoggingConfigurations::Destroy
        mount_mutation ::Mutations::AuditEvents::GoogleCloudLoggingConfigurations::Update
        mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Create
+        mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Delete
        mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Update
        mount_mutation ::Mutations::AuditEvents::Instance::GoogleCloudLoggingConfigurations::Create
        mount_mutation ::Mutations::Forecasting::BuildForecast, alpha: { milestone: '16.0' }

--- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb
+++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb
@@ -4,6 +4,8 @@ module Mutations
  module AuditEvents
    module AmazonS3Configurations
      class Base < BaseMutation
+        authorize :admin_external_audit_events
+
        private

        def audit(config, action:)
@@ -18,6 +20,10 @@ def audit(config, action:)

          ::Gitlab::Audit::Auditor.audit(audit_context)
        end
+
+        def find_object(config_gid)
+          GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration)
+        end
      end
    end
  end

--- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb
+++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb
@@ -4,9 +4,7 @@ module Mutations
  module AuditEvents
    module AmazonS3Configurations
      class Create < Base
-        graphql_name 'AmazonS3ConfigurationCreate'
-
-        authorize :admin_external_audit_events
+        graphql_name 'AuditEventsAmazonS3ConfigurationCreate'

        argument :name, GraphQL::Types::String,
          required: false,

--- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/delete.rb
+++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/delete.rb
+# frozen_string_literal: true
+
+module Mutations
+  module AuditEvents
+    module AmazonS3Configurations
+      class Delete < Base
+        graphql_name 'AuditEventsAmazonS3ConfigurationDelete'
+
+        argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration],
+          required: true,
+          description: 'ID of the Amazon S3 configuration to destroy.'
+
+        def resolve(id:)
+          config = authorized_find!(id)
+
+          audit(config, action: :deleted) if config.destroy
+          { errors: Array(config.errors) }
+        end
+      end
+    end
+  end
+end
--- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb
+++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb
@@ -4,15 +4,13 @@ module Mutations
  module AuditEvents
    module AmazonS3Configurations
      class Update < Base
-        graphql_name 'AmazonS3ConfigurationUpdate'
+        graphql_name 'AuditEventsAmazonS3ConfigurationUpdate'

        include ::Audit::Changes

        UPDATE_EVENT_NAME = 'amazon_s3_configuration_updated'
        AUDIT_EVENT_COLUMNS = [:access_key_xid, :secret_access_key, :bucket_name, :aws_region, :name].freeze

-        authorize :admin_external_audit_events
-
        argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration],
          required: true,
          description: 'ID of the Amazon S3 configuration to update.'
@@ -72,10 +70,6 @@ def audit_update(config)
            )
          end
        end
-
-        def find_object(config_gid)
-          GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration).sync
-        end
      end
    end
  end

--- a/ee/config/audit_events/types/amazon_s3_configuration_deleted.yml
+++ b/ee/config/audit_events/types/amazon_s3_configuration_deleted.yml
+---
+name: amazon_s3_configuration_deleted
+description: Triggered when Amazon S3 configuration for audit events streaming is deleted.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/423229
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133695
+feature_category: audit_events
+milestone: '16.5'
+saved_to_database: true
+streamed: true
--- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/create_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/create_spec.rb
@@ -13,8 +13,8 @@
  let_it_be(:bucket_name) { 'test-bucket' }
  let_it_be(:aws_region) { 'us-east-1' }

-  let(:mutation) { graphql_mutation(:amazon_s3_configuration_create, input) }
-  let(:mutation_response) { graphql_mutation_response(:amazon_s3_configuration_create) }
+  let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_create, input) }
+  let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_create) }

  let(:input) do
    {

--- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/delete_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/delete_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Delete Amazon S3 configuration', feature_category: :audit_events do
+  include GraphqlHelpers
+
+  let_it_be(:config) { create(:amazon_s3_configuration) }
+  let_it_be(:group) { config.group }
+  let_it_be(:current_user) { create(:user) }
+
+  let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_delete, id: global_id_of(config)) }
+  let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_delete) }
+
+  subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) }
+
+  context 'when feature is licensed' do
+    before do
+      stub_licensed_features(external_audit_events: true)
+    end
+
+    context 'when current user is a group owner' do
+      before_all do
+        group.add_owner(current_user)
+      end
+
+      it 'destroys the configuration' do
+        expect { mutate }.to change { AuditEvents::AmazonS3Configuration.count }.by(-1)
+      end
+
+      it 'audits the deletion' do
+        expected_hash = {
+          name: 'amazon_s3_configuration_deleted',
+          author: current_user,
+          scope: group,
+          target: group,
+          message: "Deleted Amazon S3 configuration with name: #{config.name} bucket: " \
+                   "#{config.bucket_name} and AWS region: #{config.aws_region}"
+        }
+
+        expect(Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(expected_hash))
+
+        mutate
+      end
+
+      context 'when there is an error during destroy' do
+        before do
+          expect_next_found_instance_of(AuditEvents::AmazonS3Configuration) do |config|
+            allow(config).to receive(:destroy).and_return(false)
+            errors = ActiveModel::Errors.new(config).tap { |e| e.add(:base, 'error message') }
+            allow(config).to receive(:errors).and_return(errors)
+          end
+        end
+
+        it 'does not destroy the configuration and returns the error' do
+          expect { mutate }.not_to change { AuditEvents::AmazonS3Configuration.count }
+
+          expect(mutation_response).to include('errors' => ['error message'])
+        end
+      end
+    end
+
+    context 'when current user is a group maintainer' do
+      before_all do
+        group.add_maintainer(current_user)
+      end
+
+      it_behaves_like 'a mutation on an unauthorized resource'
+    end
+  end
+
+  context 'when feature is unlicensed' do
+    before do
+      stub_licensed_features(external_audit_events: false)
+    end
+
+    it_behaves_like 'a mutation on an unauthorized resource'
+  end
+end
--- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/update_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/update_spec.rb
@@ -16,8 +16,8 @@
  let_it_be(:updated_destination_name) { 'updated_destination_name' }
  let_it_be(:config_gid) { global_id_of(config) }

-  let(:mutation) { graphql_mutation(:amazon_s3_configuration_update, input) }
-  let(:mutation_response) { graphql_mutation_response(:amazon_s3_configuration_update) }
+  let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_update, input) }
+  let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_update) }

  let(:input) do
    {