Use SecureRandom uuid for streaming audit event (!102972) · Merge requests · GitLab.org / GitLab

Harsimar Sandhu requested to merge harsimarsandhu-replace-streamed-id-for-audit-events into master Nov 04, 2022

What does this MR do and why?

Currently audit events which are stream only have id in request body as created_at.to_i which have high chances of collisions. This MR changes this id to use SecureRandom.uuid which fixes this problem.

How to set up and validate locally

Setup external audit event streaming https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-gitlab-ui
Create stream only audit event for example you can take git clone of a repo it creates stream only audit event.
Check streamed audit event contains correct id.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 29, 2022 by Harsimar Sandhu

Use SecureRandom uuid for streaming audit event

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports