Use SecureRandom uuid for streaming audit event
What does this MR do and why?
Related to #381533 (closed)
Currently audit events which are stream only have id in request body as created_at.to_i
which have high chances of collisions.
This MR changes this id to use SecureRandom.uuid
which fixes this problem.
How to set up and validate locally
- Setup external audit event streaming https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-gitlab-ui
- Create stream only audit event for example you can take
git clone
of a repo it creates stream only audit event. - Check streamed audit event contains correct id.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Harsimar Sandhu