Skip to content

API to allow streamed audit events to be filtered on a per-destination basis

See overarching epic for full context

Release notes

Problem to solve

Proposal

Introduce APIs to:

  • List which events are being streamed to the given endpoint
  • Cause the endpoint to receive all events
  • Cause the endpoint to receive no events (this is useful to reset the endpoint then add a few events to it)
  • Cause the endpoint to receive a specific event
  • Cause the endpoint to no longer receive a specific event

Important note: Allow these APIs to operate on one destination endpoint at a time so that different filtering settings are possible per destination endpoint. Filtering settings should not be globally applied to all destination endpoints.

Implementation Plan

Set up model and associations

  • Create new feature flag for all below functionality.
  • Create new model AuditEvents::Streaming::EventTypeFilter with attributes destination_id and audit_event_type.
  • Create has many association between new model and AuditEvent Destination.
  • Add a new method on audit event destinations that returns a list of audit event types.
    • Destinations with no filters should be presumed to receive all events.

Create GraphQL interfaces

  • Add a new type connection to externalAuditEventDestinations from group to enable a query such as:
query {
  group(fullPath: "compliance-tanuki") {
    id
    externalAuditEventDestinations {
      nodes {
        destinationUrl
        verificationToken
        id
        eventTypeFilters // Does this need to be a connectionType? Or is a collection of strings suitable? I'd lean towards the latter.
      }
    }
  }
}
  • eventTypeFilters should return an array of strings.
  • Create two new mutations to add and remove event types from a destination: auditEventsStreamingDestinationEventsInclude and auditEventsStreamingDestinationEventsExclude. Each of these should take a destination ID as well as an array of event types to either add, or remove from the list of filtered event types.

Documentation

Create user-facing documentation describing how to do filtering with the API as well as which events can be filtered. Consider working with @eread, our Tech Writing counterpart, on this part.

Intended Users

Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by Sam Kerr