Revoked/Created agent access tokens should fire audit events

Release notes

The GitLab agent for Kubernetes manages the cluster - GitLab access with so called agent access tokens. We recommend regularly rotating and knowing about these tokens as they can be used to update your cluster from GitLab. Recently, we extended GitLab to fire audit events when the agent access tokens are created or revoked to support your security and compliance requirements.

https://docs.gitlab.com/ee/administration/audit_events.html#gitlab-agent-for-kubernetes-events

Problem to solve

As a security analyst, I want to know when agent tokens are created or revoked so that I can ensure safe access to the infrastructure.

Once #382131 is implemented, the agent tokens will no longer be shown in the APIs or the UI.

For compliance, we need to have a way to communicate the revoked agent tokens

Related discussions:

• !103170 (comment 1166261095)
• Sync standup discussion (7 November 2022), item 3 raised by Pam

Proposal

Integrate agent access token creation and removal into the audit events framework.

Intended users

• Sam (Security Analyst)

Feature Usage Metrics

The usage of audit events is tracked separately. New metrics are not needed.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.