Skip to content

Creation API for audit event type filter

Harsimar Sandhu requested to merge 344845-audit-event-filter-api into master

What does this MR do and why?

Implements API to allow streamed audit events to be filtered on a per-destination basis

Introduce APIs to:

  • List which events are being streamed to the given endpoint
query {
  group(fullPath: "flightjs") {
    id
    externalAuditEventDestinations {
      nodes {
        destinationUrl
        verificationToken
        id
        eventTypeFilters
      }
    }
  }
}
  • Cause the endpoint to receive a specific event
mutation createEventTypeFilter {
   auditEventsStreamingDestinationEventsAdd(
    input: {
      destinationId:  "gid://gitlab/AuditEvents::ExternalAuditEventDestination/10",
      eventTypeFilters:["geo"] 
    }
  ){
    errors
    eventTypeFilters
  }
}

How to set up and validate locally

  1. Enable feature flag allow_audit_event_type_filtering
  2. Setup audit event streaming destination https://docs.gitlab.com/ee/administration/audit_event_streaming.html#add-a-new-event-streaming-destination
  3. Perform audit action. for example: download repository using zip download button.
  4. Check streaming is working.
  5. Create event type filter using auditEventsStreamingDestinationEventsAdd mutation use any event name other than audit action we are performing.
  6. Perform action again, audit event should be created but not streamed.
  7. Create event type filter using auditEventsStreamingDestinationEventsAdd mutation for the action we are performing. for example for zip download use eventTypeFilters: ["repository_download_operation"].
  8. Perform action again, audit event should be created but streamed.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #344845 (closed)

Edited by Harsimar Sandhu

Merge request reports