Instance Level Audit Event Enhancement for User Email Address Update Events
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Refer to https://gitlab.com/groups/gitlab-org/gl-security/-/epics/1+ for full details
Proposal
When the following event occurs, we're asking for streaming audit event to log the payload schema defined here:
- User Primary Email Updated
- User Secondary Email Added
- User Secondary Email Updated
- User Secondary Email Removed
- User Email Verification Sent -> Audit delivery of confirmation emails (!129261 - merged) • SAM FIGUEROA • 16.4
- User Email Verification Success
- User Email Verification Failure
In addition we need the following metadata added to the details field of the payload:
- content of field prior to the update
- content of the field after the update
- For
User Email Verification Failureplease add reason for the failure
Streaming-only event or normal event?
We are requesting for these logs to be streaming-only logs.
Edited by 🤖 GitLab Bot 🤖