Added delete api for instance level audit streaming

Changelog: added EE: true

Added delete api for instance level audit streaming
e81b3ef2 · Hitesh Raghuvanshi · GitLab · ef206c97 · e81b3ef2 · e81b3ef2
Verified Commit e81b3ef2 authored 10 months ago by Hitesh Raghuvanshi Committed by GitLab 10 months ago
--- a/doc/administration/audit_event_types.md
+++ b/doc/administration/audit_event_types.md
@@ -59,11 +59,12 @@ Audit event types belong to the following product categories.
 | [`audit_events_streaming_instance_headers_update`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127228) | Triggered when a streaming header for instance level external audit event destination is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/417433) | Instance |
 | [`create_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74632) | Event triggered when an external audit event destination is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) | Group |
 | [`create_http_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/136047) | Event triggered when a namespace filter for an external audit event destination for a top-level group is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.6](https://gitlab.com/gitlab-org/gitlab/-/issues/424176) | Group |
-| [`create_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148383) | Event triggered when an external audit event destination for a GitLab instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance |
 | [`create_instance_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123882) | Event triggered when an instance level external audit event destination is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.2](https://gitlab.com/gitlab-org/gitlab/-/issues/404730) | Instance |
 | [`created_group_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147888) | Event triggered when an external audit event destination for a top-level group is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436610) | Group |
+| [`created_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148383) | Event triggered when an external audit event destination for a GitLab instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance |
 | [`delete_http_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/136302) | Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/424177) | Group |
 | [`deleted_group_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148738) | Event triggered when an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436610) | Group |
+| [`deleted_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14910) | Event triggered when an external audit event destination for a GitLab instance is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance |
 | [`destroy_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74632) | Event triggered when an external audit event destination is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) | Group |
 | [`destroy_instance_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125846) | Event triggered when an instance level external audit event destination is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.2](https://gitlab.com/gitlab-org/gitlab/-/issues/404730) | Instance |
 | [`event_type_filters_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/113081) | Event triggered when a new audit events streaming event type filter is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.10](https://gitlab.com/gitlab-org/gitlab/-/issues/344848) | Group |

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -5039,6 +5039,28 @@ Input type: `InstanceAuditEventStreamingDestinationsCreateInput`
 | <a id="mutationinstanceauditeventstreamingdestinationscreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
 | <a id="mutationinstanceauditeventstreamingdestinationscreateexternalauditeventdestination"></a>`externalAuditEventDestination` | [`InstanceAuditEventStreamingDestination`](#instanceauditeventstreamingdestination) | Destination created. |
  
+### `Mutation.instanceAuditEventStreamingDestinationsDelete`
+
+DETAILS:
+**Introduced** in GitLab 16.11.
+**Status**: Experiment.
+
+Input type: `InstanceAuditEventStreamingDestinationsDeleteInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationinstanceauditeventstreamingdestinationsdeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationinstanceauditeventstreamingdestinationsdeleteid"></a>`id` | [`AuditEventsInstanceExternalStreamingDestinationID!`](#auditeventsinstanceexternalstreamingdestinationid) | ID of the audit events external streaming destination to delete. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationinstanceauditeventstreamingdestinationsdeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationinstanceauditeventstreamingdestinationsdeleteerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+
 ### `Mutation.instanceExternalAuditEventDestinationCreate`
  
 Input type: `InstanceExternalAuditEventDestinationCreateInput`
@@ -34220,6 +34242,12 @@ A `AuditEventsInstanceExternalAuditEventDestinationID` is a global ID. It is enc
  
 An example `AuditEventsInstanceExternalAuditEventDestinationID` is: `"gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/1"`.
  
+### `AuditEventsInstanceExternalStreamingDestinationID`
+
+A `AuditEventsInstanceExternalStreamingDestinationID` is a global ID. It is encoded as a string.
+
+An example `AuditEventsInstanceExternalStreamingDestinationID` is: `"gid://gitlab/AuditEvents::Instance::ExternalStreamingDestination/1"`.
+
 ### `AuditEventsInstanceGoogleCloudLoggingConfigurationID`
  
 A `AuditEventsInstanceGoogleCloudLoggingConfigurationID` is a global ID. It is encoded as a string.
--- a/ee/app/graphql/ee/types/mutation_type.rb
+++ b/ee/app/graphql/ee/types/mutation_type.rb
@@ -176,6 +176,8 @@ module MutationType
          alpha: { milestone: '16.11' }
        mount_mutation ::Mutations::AuditEvents::Instance::AuditEventStreamingDestinations::Create,
          alpha: { milestone: '16.11' }
+        mount_mutation ::Mutations::AuditEvents::Instance::AuditEventStreamingDestinations::Delete,
+          alpha: { milestone: '16.11' }

        prepend(Types::DeprecatedMutations)
      end

--- a/ee/app/graphql/mutations/audit_events/instance/audit_event_streaming_destinations/create.rb
+++ b/ee/app/graphql/mutations/audit_events/instance/audit_event_streaming_destinations/create.rb
@@ -34,7 +34,7 @@ def resolve(secret_token: nil, name: nil, category: nil, config: nil)
              category: category
            )

-            audit(destination, action: :create) if destination.save
+            audit(destination, action: :created) if destination.save

            {
              external_audit_event_destination: (destination if destination.persisted?),

--- a/ee/app/graphql/mutations/audit_events/instance/audit_event_streaming_destinations/delete.rb
+++ b/ee/app/graphql/mutations/audit_events/instance/audit_event_streaming_destinations/delete.rb
+# frozen_string_literal: true
+
+module Mutations
+  module AuditEvents
+    module Instance
+      module AuditEventStreamingDestinations
+        class Delete < Base
+          graphql_name 'InstanceAuditEventStreamingDestinationsDelete'
+
+          argument :id, ::Types::GlobalIDType[::AuditEvents::Instance::ExternalStreamingDestination],
+            required: true,
+            description: 'ID of the audit events external streaming destination to delete.'
+
+          def resolve(id:)
+            config = authorized_find!(id: id)
+
+            audit(config, action: :deleted) if config.destroy
+            { errors: Array(config.errors) }
+          end
+        end
+      end
+    end
+  end
+end
--- a/ee/config/audit_events/types/create_instance_audit_event_streaming_destination.yml
+++ b/ee/config/audit_events/types/create_instance_audit_event_streaming_destination.yml
-name: create_instance_audit_event_streaming_destination
+name: created_instance_audit_event_streaming_destination
 description: Event triggered when an external audit event destination for a GitLab instance is created.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/436615
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148383

--- a/ee/config/audit_events/types/deleted_instance_audit_event_streaming_destination.yml
+++ b/ee/config/audit_events/types/deleted_instance_audit_event_streaming_destination.yml
+name: deleted_instance_audit_event_streaming_destination
+description: Event triggered when an external audit event destination for a GitLab instance is deleted.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/436615
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14910
+feature_category: audit_events
+milestone: "16.11"
+saved_to_database: true
+streamed: true
+scope: [Instance]
--- a/ee/spec/requests/api/graphql/mutations/audit_events/instance/audit_event_streaming_destinations/delete_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/audit_events/instance/audit_event_streaming_destinations/delete_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Delete instance level external audit event streaming destination', feature_category: :audit_events do
+  include GraphqlHelpers
+
+  let_it_be(:destination) { create(:audit_events_instance_external_streaming_destination) }
+  let_it_be(:current_user) { create(:admin) }
+
+  let(:mutation) do
+    graphql_mutation(:instance_audit_event_streaming_destinations_delete, id: global_id_of(destination))
+  end
+
+  let(:mutation_response) { graphql_mutation_response(:instance_audit_event_streaming_destinations_delete) }
+
+  subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) }
+
+  context 'when feature is licensed' do
+    before do
+      stub_licensed_features(external_audit_events: true)
+    end
+
+    context 'when current user is admin' do
+      it 'destroys the configuration' do
+        expect { mutate }.to change { AuditEvents::Instance::ExternalStreamingDestination.count }.by(-1)
+      end
+
+      it 'audits the deletion' do
+        expected_hash = {
+          name: 'deleted_instance_audit_event_streaming_destination',
+          author: current_user,
+          scope: an_instance_of(Gitlab::Audit::InstanceScope),
+          target: destination,
+          message: 'Deleted audit event streaming destination for HTTP',
+          additional_details: {
+            id: destination.id,
+            category: destination.category
+          }
+        }
+
+        expect(Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(expected_hash))
+
+        mutate
+      end
+
+      context 'when there is an error during destroy' do
+        before do
+          expect_next_found_instance_of(AuditEvents::Instance::ExternalStreamingDestination) do |destination|
+            allow(destination).to receive(:destroy).and_return(false)
+            errors = ActiveModel::Errors.new(destination).tap { |e| e.add(:base, 'error message') }
+            allow(destination).to receive(:errors).and_return(errors)
+          end
+        end
+
+        it 'does not destroy the configuration and returns the error' do
+          expect { mutate }.not_to change { AuditEvents::Instance::ExternalStreamingDestination.count }
+
+          expect(mutation_response).to include('errors' => ['error message'])
+        end
+      end
+    end
+
+    context 'when current user is not admin' do
+      let_it_be(:current_user) { create(:user) }
+
+      it_behaves_like 'a mutation on an unauthorized resource'
+    end
+  end
+
+  context 'when feature is unlicensed' do
+    before do
+      stub_licensed_features(external_audit_events: false)
+    end
+
+    it_behaves_like 'a mutation on an unauthorized resource'
+  end
+end