Update and destroy apis for instance external audit event destinations (!115157) · Merge requests · GitLab.org / GitLab

Hitesh Raghuvanshi requested to merge 335175-external-instance-audit-events into master Mar 20, 2023

What does this MR do and why?

We are adding support for storing instance level external audit event destinations, this MR is one of the MRs for supporting this functionality.

In MRs !118363 (merged) and !119602 (merged), we added a APIs for creation and listing of entries for instance level external audit event destinations. The original MR for adding different APIs became too huge so divided that into smaller MRs. This is the next MR in line. This MR adds update and destroy APIs for updating and destroying the instance level external audit event destinations.

Note: These APIs are only accessible to instance admins only and are behind a feature flag ff_external_audit_events.

GraphQL APIs

1. Update external destination

mutation {
  instanceExternalAuditEventDestinationUpdate(input: { id: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/18",destinationUrl: "https://www.examplenew.com"}) {
    errors
    instanceExternalAuditEventDestination {
      destinationUrl
      id
    }
  }
}

2. Destroy a destination

mutation {
  instanceExternalAuditEventDestinationDestroy(input: { id: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/17"}) {
    errors
  }
}

Query plans

Note: On production, the table audit_events_instance_external_audit_event_destinations is empty. There is a limit of at max 5 rows enforced for this table via model here, which means the queries will not be resource intensive.

Queries in Update API

Find destination

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/18335/commands/60806

Query

SELECT 
  "audit_events_instance_external_audit_event_destinations".* 
FROM 
  "audit_events_instance_external_audit_event_destinations" 
WHERE 
  "audit_events_instance_external_audit_event_destinations"."id" = 1

Before update check if no other destination has same url

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/18335/commands/60807

Click to expand


SELECT 
  1 AS one 
FROM 
  "audit_events_instance_external_audit_event_destinations" 
WHERE 
  "audit_events_instance_external_audit_event_destinations"."destination_url" = 'https://example.com/test' 
  AND "audit_events_instance_external_audit_event_destinations"."id" != 2 
LIMIT 
  1

Update destination

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/18335/commands/60811

Click to expand

UPDATE 
  "audit_events_instance_external_audit_event_destinations" 
SET 
  "updated_at" = '2023-05-08 11:36:57.163742', 
  "destination_url" = 'https://example.com/test' 
WHERE 
  "audit_events_instance_external_audit_event_destinations"."id" = 2

Delete API queries

Find destination

Same as that of update query

Delete destination

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/18335/commands/60813

Click to expand

DELETE FROM 
  "audit_events_instance_external_audit_event_destinations" 
WHERE 
  "audit_events_instance_external_audit_event_destinations"."id" = 3

How to set up and validate locally

Enable the feature flag ff_external_audit_events from rails console by running Feature.enable(:ff_external_audit_events).
Login as an instance admin in the browser on http://localhost:3000.
Open http://localhost:3000/-/graphql-explorer for testing out the APIs.
Create an entry for instance level external audit event destination by running following command in graphql-explorer.

mutation {
  instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://www.example.com"}) {
    errors
    instanceExternalAuditEventDestination {
      destinationUrl
      id
      verificationToken
    }
  }
}

Run following graphql query in the graphql-explorer to list all the destinations.

query {
  instanceExternalAuditEventDestinations {
    nodes {
      id
      destinationUrl
      verificationToken
    }
  }
}

Run following graphql mutation in the graphql-explorer to update any destination.

mutation {
  instanceExternalAuditEventDestinationUpdate(input: { id: "<gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/x>",destinationUrl: "https://www.example200.com"}) {
    errors
    instanceExternalAuditEventDestination {
      destinationUrl
      id
    }
  }
}

Run following graphql mutation in the graphql-explorer to delete destination.

mutation {
  instanceExternalAuditEventDestinationDestroy(input: { id: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/x"}) {
    errors
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #335175 (closed)

Edited May 08, 2023 by Hitesh Raghuvanshi

Update and destroy apis for instance external audit event destinations

What does this MR do and why?

GraphQL APIs

1. Update external destination

2. Destroy a destination

Query plans

Queries in Update API

Find destination

Before update check if no other destination has same url

Update destination

Delete API queries

Find destination

Delete destination

How to set up and validate locally

MR acceptance checklist

Merge request reports