Skip to content

GitLab

Projects Groups Snippets

/

Help
Sign in / Register

GitLab
Project information
- Project information
- Activity
- Labels
- Members
Repository
- Repository
- Files
- Commits
- Branches
- Tags
- Contributors
- Graph
- Compare
- Locked Files
Issues 44,761
- Issues 44,761
- List
- Boards
- Service Desk
- Milestones
- Iterations
- Requirements
Merge requests 1,329
- Merge requests 1,329
CI/CD
- CI/CD
- Pipelines
- Jobs
- Schedules
- Test Cases
Deployments
- Deployments
- Environments
- Releases
Packages and registries
- Packages and registries
- Package Registry
- Container Registry
- Infrastructure Registry
Monitor
- Monitor
- Metrics
- Incidents
Analytics
- Analytics
- Value stream
- CI/CD
- Code review
- Insights
- Issue
- Repository
Snippets
- Snippets
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards

Collapse sidebar

GitLab.org
GitLab
Issues
#220127

Closed

Open

Issue created Jun 03, 2020 by Manoj M J @manojmj3️⃣Developer20 of 20 checklist items completed20/20 checklist items

New Audit Event: AuditEvents not being created when creating/deleting SSHKeys/GPGKeys via API

Problem to solve

Via the API, we allow users or admins to create/destroy SSH keys and GPG Keys. In the lib/api/users.rb, this is performed directly using ActiveRecord operations like say user.keys.new(ssh_key_params).save. With this approach, AuditEvents are not being created.

Proposal

We have services (like Keys::CreateService) which take in the required params and do the same operation, while also making sure that AuditEvents are being created for these operations. The API should use these services to ensure AuditEvents are created when creating/destroying GPG and SSH keys.

Further details

A non-exhaustive list of endpoints where changes are required:

SSH Keys

POST :id/keys - Fix: !33859 (merged)
POST keys - Fix: !34645 (merged)
DELETE :id/keys/:key_id
- Technical debt fix for using DestroyService in this endpoint - !34535 (merged)
- Record audit event via EE::Keys::DestroyService - !65615 (merged)
DELETE keys/:key_id
- Technical debt fix for using DestroyService in this endpoint: !34718 (merged)
- Record audit event via EE::Keys::DestroyService - !65615 (merged)

GPG Keys

POST ':id/gpg_keys'
- Technical debt fix for using CreateService in this endpoint: !34737 (merged)
- Record audit event fix: Instrument EE::GPGKeys::CreateService - !65973 (merged)
POST 'gpg_keys'
- Technical debt fix for using CreateService in this endpoint: !34817 (merged)
- Record audit event fix: Instrument EE::GPGKeys::CreateService - !65973 (merged)
DELETE ':id/gpg_keys/:key_id'
- Technical debt fix for using DestroyService in this endpoint: !34935 (merged)
- Record audit event fix: Instrument EE::GPGKeys::DestroyService - !65973 (merged)
DELETE 'gpg_keys/key_id'
- Technical debt fix for using DestroyService in this endpoint: !35033 (merged)
- Record audit event fix: Instrument EE::GPGKeys::DestroyService - !65973 (merged)

The changes could be big, so it would make sense to split these changes across multiple MRs (~ 3 MRs for 3 services).

Edited Jul 14, 2021 by Tan Le

Assignee

Assign to

Time tracking