Audit Events: Log the name value in addition to username when users are scheduled for deletion
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
This feature request is to log the user.name value in addition to user.username in the Audit Event log that gets generated as a result of a user being scheduled for deletion.
Current behavior
If a user is scheduled for deletion, the Audit Events log entry that gets created will output a message of:
User #{user.username} scheduled for deletion based on the logic here.
There are some cases where it may be helpful to see the actual user.name value, for example when the user being deleted is actually a user created in relation to a Group Access Token or Project Access Token.
Currently if you create a Group Access Token, for example with a Token name of Spline Reticulation Bot, and the token expires or is later revoked, when the eventual removal task comes into play for the associated user, the Audit Events log entry will look like this:
| Author | Object | Action | Target | IP Address | Date |
|---|---|---|---|---|---|
| GitLab Admin Bot | group-name | User group_123456789_bot_123456aa7a4d12q0c77abcd1d0qqq11z scheduled for deletion. Reason: No active token assigned | group_123456789_bot_123456aa7a4d12q0c77abcd1d0qqq11z | 2025-04-29 16:20:00 UTC |
In this case, it's not immediately obvious what the removed user was actually used for, assuming when you create the Group Access Token, the Token name is assigned something meaningful so that it's purpose is understood.
When the Users::MigrateRecordsToGhostUserInBatchesWorker sidekiq job runs, it does actually log the user.name value in addition to user.username in the json.message output, so in the sidekiq logs you'd see:
"meta.caller_id": "Users::MigrateRecordsToGhostUserInBatchesWorker",
"message": "User \"Spline Reticulation Bot\" (group_123456789_bot_123456aa7a4d12q0c77abcd1d0qqq11z@noreply.gitlab.com) was removed"However - this isn't helpful for GitLab.com SaaS users as they can't directly see these logs (nor should a self-managed admin necessarily have to dig into these to see what could otherwise be shown within the Audit Event log entry in the UI)
What is the desired behavior?
Change the User #{user.username} scheduled for deletion. logic to instead be something like User \"#{user.name}\" #{user.username} scheduled for deletion.
The desired end result is to add the user.name value into the Action field for the Audit Event log entry that gets created in these cases, so that the audit log would instead look like this:
| Author | Object | Action | Target | IP Address | Date |
|---|---|---|---|---|---|
| GitLab Admin Bot | group-name | User "Spine Reticulation Bot" group_123456789_bot_123456aa7a4d12q0c77abcd1d0qqq11z scheduled for deletion. Reason: No active token assigned | group_123456789_bot_123456aa7a4d12q0c77abcd1d0qqq11z | 2025-04-29 16:20:00 UTC |
Additional notes
This genesis of this feature request was a GitLab.com Premium customer reaching out to GitLab Support via a ticket, as they were after further details about the user that had been removed per an Audit Event log entry that was generated similar to the example used above. If the user.name value was present in the log entry, then in their specific case it would have been clear as to what user/token the deletion was actually related to in terms of it's purpose.