Audit Events: Add merge request approval rule creation

Problem to solve

Audit merge request approval rule creation on project level.

For GitLab Premium, user can create multiple merge request approval rules and we would like to audit this creation.

For GitLab Starter, when the user initially lands on the Merge Request Approvals settings page, the UI was presented as if it was an update to an existing rule but indeed a new rule is created.

Screen_Shot_2020-02-24_at_8.33.59_pm

For this use case, the work on #7531 (closed) does not capture that first update action as it was technically a creation. However, from end-user perspective, I think it is valuable to capture that info in audit event too.

Intended users

Software Developer / Development Team Lead / System Admin

Further details

&474 (closed)

Proposal

Record an audit event when user creates a new MR approval rule. This event should be visible under Project > Audit Events and Admin Area > Audit Log. It would be useful to capture additional attributes in addition to the Rule name, perhaps the number of required approvals.

  • Author: User
  • Action: Added approval rule with number of required approvals of X
  • Target: Rule name

Screen_Shot_2020-03-06_at_1.36.30_pm

Permissions and Security

User who has Maintainer permissions and can view Project Audit Event page https://docs.gitlab.com/ee/administration/audit_events.html#project-events-starter

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references

Edited by Dan Jensen