Skip to content

Fix user namespace scoped audit events

Problem Statement

We are currently scoping some audit events to the User namespace, which is incorrect. These events should ideally be tagged to InstanceScope since they are only visible at the instance level. One example of this event on staging is:

#<AuditEvent:0x00007fe0125b5dc0
 id: 46370012,
 author_id: 1614863,
 entity_id: 1974093,
 entity_type: "Namespaces::UserNamespace",
 details:
  {:remove=>"project",
   :author_name=>"QA User (Quality Team's Test Account)",
   :author_class=>"User",
   :target_id=>8820959,
   :target_type=>"Project",
   :target_details=>"gitlab-qa/api-basics-da5dc4878a942b0f",
   :custom_message=>"Project destroyed",
   :ip_address=>"34.148.172.192",
   :entity_path=>"gitlab-qa"},
 ip_address: #<IPAddr: IPv4:34.148.172.192/255.255.255.255>,
 author_name: "QA User (Quality Team's Test Account)",
 entity_path: "gitlab-qa",
 target_details: "gitlab-qa/api-basics-da5dc4878a942b0f",
 created_at: Thu, 20 Apr 2023 04:27:02.087847000 UTC +00:00,
 target_type: "Project",
 target_id: 8820959>

these events are being generated here: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/services/ee/projects/destroy_service.rb

Implementation Plan

  1. Implement a logger in Auditor to catch log all audit event scopes
  2. Find and move code using not a valid scope, valid scopes: Group, Project, User, Instance
  3. Write a Batched background migration to correct the wrong scopes and also move these events into respective new table
Edited by Harsimar Sandhu