Changing time zone does not affect audit logs
Summary
When setting the timezone with gitlab_rails['time_zone'] = 'America/Chicago'
and setting the system time, so that /etc/localtime
reflects the same, all logs except the audit_json.log
file reflect the change.
It appears that the timestamp
is converted to UTC
prior to logging with the json_logger.rb
. Removing .utc
from the timestamp
will log in either the default UTC, or if a different timezone is set, would log in that timezone, however , would show the timezone offset, whereas before, it would only show without the offset.
This does not change what is logged in the database either. When viewing the audit logs in the UI, /admin/audit_logs
, all entries show UTC timezone formatted date/time. Changing the timezone of the database server has no effect, as the structure is created_at | timestamp without time zone
. I believe created_at
column would need to be adjusted to be timestamptz
to work.
Steps to reproduce
On an Omnibus installation, set gitlab_rails['time_zone'] = 'America/Chicago'
, then run sudo gitlab-ctl reconfigure
. Also, set the system time, in my case being on Ubuntu, dpkg-reconfigure tzdata
.
Restart GitLab with sudo gitlab-ctl restart
.
tail -f /var/log/gitlab/gitlab-rails/audit_json.log
, then sign into the instance. The timestamp will still show UTC. Navigation to /admin/audit_logs
shows timestamps in the same UTC.
Example Project
What is the current bug behavior?
Audit events do not honor time zone settings in the configuration.
What is the expected correct behavior?
When a user/administrator configures an instance to use a specific timezone, the audit logs should honor that timezone and log appropriately.
Relevant logs and/or screenshots
{"severity":"INFO","time":"2020-08-28T15:55:59.741Z","correlation_id":"pkWElJA9Rxa","author_id":1,"author_name":"Administrator","entity_id":1,"entity_type":"User","with":"standard","target_id":1,"target_type":"User","target_details":"Administrator"}
id | author_id | type | entity_id | entity_type | details | created_at | ip_address | author_name | entity_path | target_details | target_type
----+-----------+---------------+-----------+-------------+--------------------------------+----------------------------+------------+-------------+-------------+----------------+-------------
1 | 1 | SecurityEvent | 1 | User | --- +| 2020-08-28 14:41:34.908051 | | | | Administrator |
| | | | | :with: standard +| | | | | |
| | | | | :target_id: 1 +| | | | | |
| | | | | :target_type: User +| | | | | |
| | | | | :target_details: Administrator+| | | | | |
| | | | | | | | | | |
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
```bash root@ubuntu-bionic:/var/log/gitlab/gitlab-rails# sudo gitlab-rake gitlab:env:info System information System: Ubuntu 18.04 Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.6p146 Gem Version: 2.7.10 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.9 Git Version: 2.28.0 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.3.1-ee Revision: f0a10848821 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.7 URL: http://127.0.0.1 HTTP Clone URL: http://127.0.0.1/some-group/some-project.git SSH Clone URL: git@127.0.0.1:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.6.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git ```
Results of GitLab application Check
Expand for output related to the GitLab application check
root@ubuntu-bionic:/var/log/gitlab/gitlab-rails# sudo gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.6.0 ? ... OK (13.6.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... can't check, you have no projects Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.24.0 ? ... yes (2.28.0) Git user has default SSH configuration? ... yes Active users: ... 1 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 6.x - 7.x? ... skipped (elasticsearch is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished