Audit Events: Creating project access tokens generates duplicate audit events
Summary
When the user creates a project access token, 2 audit events are generated.
Steps to reproduce
- Create a project access token as per the instruction
- Navigate to Admin Area > Monitoring > Audit Events
- Observe 2 audit events generated for the user's action
Example Project
What is the current bug behavior?
Duplicate audit events generated when the user creates a new project access token.
What is the expected correct behavior?
There should be only one audit event generated when the user creates a new project access token.
Relevant logs and/or screenshots
As per the following sequence diagram, we are calling the AuditEventService
twice
Output of checks
This bug happens on GitLab.com and > v13.9
Possible fixes
- Extract access tokens creation logic from
PersonalAccessTokens::CreateService
toResourceAccessTokens::CreateService
- Remove the interaction between the
ResourceAccessTokens
andPersonalAccessTokens
Edited by Dan Jensen