Skip to content
Snippets Groups Projects

Resolve "Revoked/Created agent access tokens should fire audit events"

All threads resolved!

What does this MR do and why?

This change set introduces two new audit events:

  • cluster_agent_token_created
  • cluster_agent_token_revoked

Those events are emitted in the Clusters::AgentTokens::CreateService and Clusters::AgentTokens::RevokeService, respectively.

The RevokeService is also implemented in this MR to share the revocation logic between the REST and GraphQL API.

Screenshots or screen recordings

image

How to set up and validate locally

  1. Create Project
  2. Create Kubernetes Cluster Agent
  3. Create Token for that agent
  4. Check audit events via UI (Security & Compliance -> Audit Events) or API

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #382133 (closed)

Edited by Timo Furrer

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Pam Artiaga
  • Pam Artiaga
  • Pam Artiaga
  • I have some suggestions/questions but none of them should be blockers for merging.

    I have confirmed that this works on my local machine:

    Screenshot_2023-02-16_at_14.33.17

  • Timo Furrer changed milestone to %15.10

    changed milestone to %15.10

  • Timo Furrer mentioned in commit 90adc1a2

    mentioned in commit 90adc1a2

  • Timo Furrer mentioned in commit f7397289

    mentioned in commit f7397289

  • Timo Furrer added 4 commits

    added 4 commits

    • 90adc1a2 - Add audit even for agent token creation
    • f7397289 - Add audit even for agent token revocation
    • c6eb6354 - revoke
    • d6144c5d - Add cluster agent token audit event docs

    Compare with previous version

  • Timo Furrer marked this merge request as ready

    marked this merge request as ready

  • Timo Furrer requested review from @partiaga and @tigerwnz

    requested review from @partiaga and @tigerwnz

  • Pam Artiaga resolved all threads

    resolved all threads

  • Tiger Watson
  • Tiger Watson
  • Timo Furrer added 3 commits

    added 3 commits

    • 2d5bb378 - wip
    • 07aa3162 - Refactor AgentTokens create service to deduplicate agent info
    • ed628323 - Refactor AgentTokens revoke service to deduplicate agent info

    Compare with previous version

  • Timo Furrer added 1 commit

    added 1 commit

    • eae2fca6 - Refactor AgentTokens revoke service to deduplicate agent info

    Compare with previous version

  • Timo Furrer added 1 commit

    added 1 commit

    • a67fb83d - Refactor AgentTokens revoke service to return service response error on failure

    Compare with previous version

  • Timo Furrer mentioned in commit c542a55c

    mentioned in commit c542a55c

  • Timo Furrer added 5 commits

    added 5 commits

    • c542a55c - Add audit even for agent token revocation
    • dfad651c - Add cluster agent token audit event docs
    • 0ef588cb - Refactor AgentTokens create service to deduplicate agent info
    • b178acd1 - Refactor AgentTokens revoke service to deduplicate agent info
    • 07348380 - Refactor AgentTokens revoke service to return service response error on failure

    Compare with previous version

  • Tiger Watson approved this merge request

    approved this merge request

  • Tiger Watson requested review from @ck3g and removed review request for @tigerwnz

    requested review from @ck3g and removed review request for @tigerwnz

  • :wave: @tigerwnz, thanks for approving this merge request.

    This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.

    For more info, please refer to the following links:

  • Timo Furrer removed review request for @partiaga

    removed review request for @partiaga

  • Vitali Tatarintev approved this merge request

    approved this merge request

  • Vitali Tatarintev resolved all threads

    resolved all threads

  • Vitali Tatarintev enabled an automatic merge when the pipeline for 63942b82 succeeds

    enabled an automatic merge when the pipeline for 63942b82 succeeds

  • mentioned in commit d8da3940

  • Timo Furrer mentioned in commit 458be4ee

    mentioned in commit 458be4ee

  • added workflowstaging label and removed workflowcanary label

  • mentioned in issue #382133 (closed)

  • Evan Read mentioned in merge request !116352 (merged)

    mentioned in merge request !116352 (merged)

  • Please register or sign in to reply
    Loading