Skip to content

Add audit events for protected environments

Ahmed Hemdan requested to merge add-audit-events-for-protected-environments into master

What does this MR do and why?

This merge request adds two audit events for when an environment is protected or unprotected:

  • environment_protected
  • environment_unprotected

The audit events are triggered regardless of whether this is a group-level or project-level protected environment.

Resolves #216164 (closed).

How to set up and validate locally

To validate locally, please do the following steps:

  • In your local GDK setup, create a new project if you don't have one already.
  • Inside that project, create an environment in Deployments > Environments.
  • Go to Settings > CI/CD, and expand the Protected Environments section.
  • Protect the environment you had created earlier.
  • From the same page, expand the Protected Environments section again.
  • Unprotect the environment.
  • Verify that you can see two audit events in the database (via the rails console) as follows:
> [1] pry(main)> AuditEvent.last(2)
  • You should see the two events each with the correct audit event type.
  • You can also verify the audit events were logged by checking log/audit_events.log as can be seen below:
{"severity":"INFO","time":"2023-01-05T22:58:13.858Z","correlation_id":"01GP22G1KB5XE9FVY1D2MMR61Z","id":457,"author_id":1,"entity_id":56,"entity_type":"Project","details":{"author_name":"Administrator","author_class":"User","target_id":55,"target_type":"ProtectedEnvironment","target_details":"production","custom_message":"Protected an environment: production","ip_address":"127.0.0.1","entity_path":"root/gitlab-216164"},"ip_address":"127.0.0.1","author_name":"Administrator","entity_path":"root/gitlab-216164","target_details":"production","created_at":"2023-01-05T22:58:13.840Z","target_type":"ProtectedEnvironment","target_id":55,"author_class":"User","custom_message":"Protected an environment: production"}
{"severity":"INFO","time":"2023-01-05T23:00:45.636Z","correlation_id":"01GP22MNRFA9ES120ERF7M012F","id":458,"author_id":1,"entity_id":56,"entity_type":"Project","details":{"author_name":"Administrator","author_class":"User","target_id":55,"target_type":"ProtectedEnvironment","target_details":"production","custom_message":"Unprotected an environment: production","ip_address":"127.0.0.1","entity_path":"root/gitlab-216164"},"ip_address":"127.0.0.1","author_name":"Administrator","entity_path":"root/gitlab-216164","target_details":"production","created_at":"2023-01-05T23:00:45.619Z","target_type":"ProtectedEnvironment","target_id":55,"author_class":"User","custom_message":"Unprotected an environment: production"}

Note: the same should apply if you protect or unprotect the environment via the API. Also, with group-level protected environments.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Ahmed Hemdan

Merge request reports