Creation API for audit event type filter
What does this MR do and why?
Implements API to allow streamed audit events to be filtered on a per-destination basis
Introduce APIs to:
- List which events are being streamed to the given endpoint
query {
group(fullPath: "flightjs") {
id
externalAuditEventDestinations {
nodes {
destinationUrl
verificationToken
id
eventTypeFilters
}
}
}
}
- Cause the endpoint to receive a specific event
mutation createEventTypeFilter {
auditEventsStreamingDestinationEventsAdd(
input: {
destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/10",
eventTypeFilters:["geo"]
}
){
errors
eventTypeFilters
}
}
How to set up and validate locally
- Enable feature flag
allow_audit_event_type_filtering
- Setup audit event streaming destination https://docs.gitlab.com/ee/administration/audit_event_streaming.html#add-a-new-event-streaming-destination
- Perform audit action. for example: download repository using zip download button.
- Check streaming is working.
- Create event type filter using
auditEventsStreamingDestinationEventsAdd
mutation use any event name other than audit action we are performing. - Perform action again, audit event should be created but not streamed.
- Create event type filter using
auditEventsStreamingDestinationEventsAdd
mutation for the action we are performing. for example for zip download useeventTypeFilters: ["repository_download_operation"]
. - Perform action again, audit event should be created but streamed.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #344845 (closed)
Edited by Harsimar Sandhu