Resolve "Revoked/Created agent access tokens should fire audit events"
What does this MR do and why?
This change set introduces two new audit events:
cluster_agent_token_created
cluster_agent_token_revoked
Those events are emitted in the Clusters::AgentTokens::CreateService
and Clusters::AgentTokens::RevokeService
, respectively.
The RevokeService
is also implemented in this MR to share the revocation logic between the REST and GraphQL API.
Screenshots or screen recordings
How to set up and validate locally
- Create Project
- Create Kubernetes Cluster Agent
- Create Token for that agent
- Check audit events via UI (
Security & Compliance -> Audit Events
) or API
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #382133 (closed)
Merge request reports
Activity
changed milestone to %15.9
assigned to @timofurrer
mentioned in commit 89e24be6
mentioned in commit 37becd94
2 Warnings 07348380: The commit subject may not be longer than 72 characters. For more information, take a look at our Commit message guidelines. 0ef588cb: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines. 1 Message This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/administration/audit_events.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Michael Becker (
@wandering_person
) (UTC+1, same timezone as@timofurrer
)Peter Leitzen (
@splattael
) (UTC+1, same timezone as@timofurrer
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger-
added featureenhancement label
mentioned in commit 3b94a98b
mentioned in commit 29c655fa
marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed
@partiaga since you've been working in this area and we've talked about it - do you want to give this a first review?
- Resolved by Timo Furrer
- Resolved by Pam Artiaga
- Resolved by Timo Furrer
- Resolved by Timo Furrer
changed milestone to %15.10
mentioned in commit 90adc1a2
mentioned in commit f7397289
added workflowready for review label and removed workflowready for development label
- Resolved by Timo Furrer
- Resolved by Timo Furrer
- Resolved by Tiger Watson
- Resolved by Timo Furrer
Looks great thanks @timofurrer, I've added a couple of extra suggestions
added 1 commit
- eae2fca6 - Refactor AgentTokens revoke service to deduplicate agent info
added 1 commit
- a67fb83d - Refactor AgentTokens revoke service to return service response error on failure
mentioned in commit c542a55c
added 5 commits
- c542a55c - Add audit even for agent token revocation
- dfad651c - Add cluster agent token audit event docs
- 0ef588cb - Refactor AgentTokens create service to deduplicate agent info
- b178acd1 - Refactor AgentTokens revoke service to deduplicate agent info
- 07348380 - Refactor AgentTokens revoke service to return service response error on failure
Toggle commit list@tigerwnz
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.
For more info, please refer to the following links:
added pipeline:mr-approved label
removed review request for @partiaga
enabled an automatic merge when the pipeline for 63942b82 succeeds
mentioned in commit d8da3940
mentioned in commit 458be4ee
added workflowcanary label and removed workflowready for review label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
mentioned in issue #382133 (closed)
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
mentioned in merge request kubitus-project/kubitus-installer!1990 (merged)
mentioned in merge request !116352 (merged)
added groupenvironments label and removed groupconfigure [DEPRECATED] label