GraphQL API: Add update API for instance GCP audit event destinations

Add update API for instance level GCP audit event destinations.

added to epic &11303 (closed)

@hraghuvanshi, Please add a group or category label to identify issue ownership.

You can refer to the Features by Group handbook page for guidance.

If you are unsure about the correct group, please do not leave the issue without a group label, and refer to GitLab's shared responsibility functionality guidelines for more information on how to triage this kind of issue.

This message was generated automatically. You're welcome to improve it.

changed the description

changed milestone to %16.4

added devopsgovern groupcompliance priority2 sectionsec typefeature workflowplanning breakdown labels

assigned to @hraghuvanshi

16.4 expectation goaldevelopment

added 1 deleted label

@hraghuvanshi This issue looks like it may slip this current milestone. Can you leave a or to signify if you are on track to deliver this issue? Please also consider updating the issue's Health Status or Milestone to reflect its current state, and communicate with your Product Manager as appropriate.

Bot policy.

added workflowin dev label and removed workflowplanning breakdown label

changed the description

mentioned in merge request !131790 (merged)

@hraghuvanshi This issue looks like it may slip this current milestone. Can you leave a or to signify if you are on track to deliver this issue? Please also consider updating the issue's Health Status or Milestone to reflect its current state, and communicate with your Product Manager as appropriate.

Bot policy.

mentioned in issue gitlab-org/quality/triage-reports#14148 (closed)

This feature issue does not have the documentation label. Please add it if appropriate, because documentation is one of the aspects of our MR acceptance checklist.

changed milestone to %16.5

added missed:16.4 label

mentioned in issue gitlab-org/quality/triage-reports#14242 (closed)

marked this issue as blocking #415731 (closed)

mentioned in issue gitlab-org/quality/triage-reports#14356 (closed)

added 1 deleted label and removed 1 deleted label

added workflowin review label and removed workflowin dev label

added workflowverification label and removed workflowin review label

This issue is ready to be verified and according to our verification process we need your help with this activity.

@sam.figueroa, would you mind taking a look if this issue can be verified on production and close this issue?

Verification steps are mentioned in related MR description at !131790 (merged), you can check this on staging-ref.

@sam.figueroa Let me know if you have capacity, else I can assign this to someone else.

@hraghuvanshi Thanks for offering, I wouldn't mind if you passed it on.

Follow-the-sun: @jmontal mind taking over?

Sure I can takeover, I'll look at this today

Hey @hraghuvanshi, tried to verify. When I get to this step

3. 1. Run following mutation to add new instance level gcp configuration

mutation instanceGoogleCloudLoggingConfigurationCreate {
 instanceGoogleCloudLoggingConfigurationCreate(input: { googleProjectIdName: "my-google-project", >clientEmail: "my-email@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", >logIdName: "audit-events", name: "my-destination" }) {
   errors
   instanceGoogleCloudLoggingConfiguration {
     id
     logIdName
     googleProjectIdName
     clientEmail
     name
   }
 }
}

I get the following:

{
  "data": {
    "instanceGoogleCloudLoggingConfigurationCreate": null
  },
  "errors": [
    {
      "message": "You cannot perform write operations on a read-only instance",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "instanceGoogleCloudLoggingConfigurationCreate"
      ]
    }
  ]
}

Do we need to add this mutation to the allowlist as mentioned in the docs here? https://docs.gitlab.com/ee/administration/maintenance_mode/#graphql-api

@jmontal can you try using the UI?

@jmontal Were you using instance admin role on the staging-ref?

I tried the same with instance admin access and it worked

Yup I was using the qa-admin account, I'll retry

Tried a different account and was able to verify it on staging-ref

@nrosandich

@jmontal can you try using the UI?

Did you want me to verify as well on the UI or since it wasn't working with the other account I had tried?

@jmontal It was more around the other account not working. But if your offering, it would be great to verify this Stream audit events to GCP logging for instance... (#415731 - closed)

Ahh I don't think I have access to our google cloud to test out logging (when I go to check it says I need additional permissions)

Ignore the above, @harsimarsandhu pointed me in the right direction and I have verified it

assigned to @sam.figueroa

assigned to @jmontal

unassigned @sam.figueroa

This feature issue does not have the documentation label. Please add it if appropriate, because documentation is one of the aspects of our MR acceptance checklist.

closed

unassigned @jmontal

The workflow label was automatically updated to workflowcomplete because you closed the issue while in workflowverification.

If this is not the correct label, please update.

To avoid this message, update the workflow label as you close the issue. This message was generated automatically. You're welcome to improve it.

added workflowcomplete label and removed workflowverification label

mentioned in issue #415731 (closed)

mentioned in issue gitlab-org/govern/compliance/general#155