Audit Events: Creating project access tokens generates duplicate audit events

Summary

When the user creates a project access token, 2 audit events are generated.

Steps to reproduce

  1. Create a project access token as per the instruction
  2. Navigate to Admin Area > Monitoring > Audit Events
  3. Observe 2 audit events generated for the user's action

Screen_Shot_2021-06-17_at_4.48.22_pm

Example Project

What is the current bug behavior?

Duplicate audit events generated when the user creates a new project access token.

What is the expected correct behavior?

There should be only one audit event generated when the user creates a new project access token.

Relevant logs and/or screenshots

As per the following sequence diagram, we are calling the AuditEventService twice

Output of checks

This bug happens on GitLab.com and > v13.9

Possible fixes

  • Extract access tokens creation logic from PersonalAccessTokens::CreateService to ResourceAccessTokens::CreateService
  • Remove the interaction between the ResourceAccessTokens and PersonalAccessTokens
Edited by Dan Jensen