From f93af22d59c05dda6c18cd2ed8ee6678e352a027 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 19:23:37 +0530
Subject: [PATCH 01/19] Refactored audit events for projects

For project creation and branch updation correct audit event name will
be sent

Changelog: other
EE: true
---
 ee/app/services/ee/projects/create_service.rb | 18 ++++++++++++-----
 ee/app/services/ee/projects/update_service.rb | 20 +++++++++++++------
 .../services/projects/create_service_spec.rb  |  6 +++++-
 .../services/projects/update_service_spec.rb  | 11 ++++++----
 4 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb
index 220c81419f8b2257..f82858bec6d81c5d 100644
--- a/ee/app/services/ee/projects/create_service.rb
+++ b/ee/app/services/ee/projects/create_service.rb
@@ -152,11 +152,19 @@ def setup_ci_cd_project
       end
 
       def log_audit_event(project)
-        ::AuditEventService.new(
-          current_user,
-          project,
-          action: :create
-        ).for_project.security_event
+        audit_context = {
+          name: 'project_created',
+          author: current_user,
+          scope: project,
+          target: project,
+          message: 'Project created',
+          target_details: project.full_path,
+          additional_details: {
+            add: 'project'
+          }
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb
index 3e52b57adefaed78..aec449e99085becd 100644
--- a/ee/app/services/ee/projects/update_service.rb
+++ b/ee/app/services/ee/projects/update_service.rb
@@ -92,12 +92,20 @@ def remove_unallowed_params
 
       override :after_default_branch_change
       def after_default_branch_change(previous_default_branch)
-        ::AuditEventService.new(
-          current_user,
-          project,
-          action: :custom,
-          custom_message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}"
-        ).for_project.security_event
+        audit_context = {
+          name: 'project_default_branch_updated',
+          author: current_user,
+          scope: project,
+          target: project,
+          message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}",
+          target_details: project.full_path,
+          additional_details: {
+            from: previous_default_branch,
+            to: project.default_branch
+          }
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
 
       # A user who enables shared runners must meet the credit card requirement if
diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb
index 785ada13dd9bdc04..74ad0bbb9801d376 100644
--- a/ee/spec/services/projects/create_service_spec.rb
+++ b/ee/spec/services/projects/create_service_spec.rb
@@ -392,6 +392,8 @@
         allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false)
       end
 
+      let(:event_type) { 'project_created' }
+
       let(:attributes) do
         {
            author_id: user.id,
@@ -402,7 +404,9 @@
              author_name: user.name,
              target_id: @resource.id,
              target_type: 'Project',
-             target_details: @resource.full_path
+             target_details: @resource.full_path,
+             custom_message: 'Project created',
+             author_class: user.class.name
            }
          }
       end
diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb
index 9dd3368c15d32791..d0002a8c3f9cd7e4 100644
--- a/ee/spec/services/projects/update_service_spec.rb
+++ b/ee/spec/services/projects/update_service_spec.rb
@@ -242,12 +242,15 @@ def operation
           update_project(project, user, default_branch: 'feature')
         end
 
+        let_it_be(:event_type) { 'project_default_branch_updated' }
+
         let(:attributes) do
           audit_event_params.tap do |param|
-            param[:details][:custom_message] = "Default branch changed from master to feature"
-            # Default branch change event still uses legacy AuditEventService instead of Gitlab::Audit::Auditor.
-            # The following attributes exist once we switched to Gitlab::Audit::Auditor.
-            param[:details].delete(:author_class)
+            param[:details].merge!(
+              from: project.previous_default_branch,
+              to: project.default_branch,
+              custom_message: "Default branch changed from #{project.previous_default_branch} to #{project.default_branch}"
+            )
           end
         end
       end
-- 
GitLab


From 337d3d74d2045118387f348eca074d46e0fe8bf6 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 19:27:47 +0530
Subject: [PATCH 02/19] Added audit yml files

---
 ee/config/audit_events/types/project_created.yml         | 9 +++++++++
 .../types/project_default_branch_updated.yml             | 9 +++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 ee/config/audit_events/types/project_created.yml
 create mode 100644 ee/config/audit_events/types/project_default_branch_updated.yml

diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml
new file mode 100644
index 0000000000000000..111fe97a48986a75
--- /dev/null
+++ b/ee/config/audit_events/types/project_created.yml
@@ -0,0 +1,9 @@
+---
+name: project_created
+description: Event triggered when a project is created.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml
new file mode 100644
index 0000000000000000..41626d8d7d25f1c8
--- /dev/null
+++ b/ee/config/audit_events/types/project_default_branch_updated.yml
@@ -0,0 +1,9 @@
+---
+name: project_default_branch_updated
+description: Event triggered when default branch of a project's repository is updated.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
-- 
GitLab


From 880c0de8a5921094d5d81006229aba47c3e4dd04 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 20:39:56 +0530
Subject: [PATCH 03/19] Fixed failing rspecs

---
 ...with_trial_from_external_site_without_confirmation_spec.rb | 2 +-
 ...tart_trial_from_external_site_without_confirmation_spec.rb | 2 +-
 ee/spec/requests/registrations/project_creation_spec.rb       | 2 +-
 ee/spec/services/projects/fork_service_spec.rb                | 4 +++-
 ee/spec/support/helpers/saas_registration_helpers.rb          | 2 +-
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
index 658080bd8e0ab77a..b7639a4bd787bc54 100644
--- a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
+++ b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
@@ -15,7 +15,7 @@
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(155)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(158)
 
     stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials")
   end
diff --git a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
index 9d271da56776c04b..8c7a65a71af03a71 100644
--- a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
+++ b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
@@ -14,7 +14,7 @@
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(155)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(158)
 
     stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials")
   end
diff --git a/ee/spec/requests/registrations/project_creation_spec.rb b/ee/spec/requests/registrations/project_creation_spec.rb
index 9be8b3429fd9ff33..08ef01c2904f5b7c 100644
--- a/ee/spec/requests/registrations/project_creation_spec.rb
+++ b/ee/spec/requests/registrations/project_creation_spec.rb
@@ -35,7 +35,7 @@
       context 'when group and project can be created' do
         it 'creates a group' do
           # 204 before creating learn gitlab in worker
-          allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(149)
+          allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(152)
 
           expect { post users_sign_up_groups_projects_path, params: params }.to change { Group.count }.by(1)
         end
diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb
index 34fcf77d729cd2c7..201164ab820d9162 100644
--- a/ee/spec/services/projects/fork_service_spec.rb
+++ b/ee/spec/services/projects/fork_service_spec.rb
@@ -18,7 +18,9 @@
 
     subject(:execute) { described_class.new(project, user).execute }
 
-    it 'call auditor with currect context' do
+    it 'call auditor with correct context' do
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(name: "project_created"))
+
       audit_context = {
         name: event_type,
         stream_only: true,
diff --git a/ee/spec/support/helpers/saas_registration_helpers.rb b/ee/spec/support/helpers/saas_registration_helpers.rb
index 2155075d9e997087..452db7787d26961e 100644
--- a/ee/spec/support/helpers/saas_registration_helpers.rb
+++ b/ee/spec/support/helpers/saas_registration_helpers.rb
@@ -104,7 +104,7 @@ def fills_in_group_and_project_creation_form
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/404805
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159)
 
     fill_in 'group_name', with: 'Test Group'
     fill_in 'blank_project_name', with: 'Test Project'
-- 
GitLab


From 5540aabab6fea9d636f31c663490b752d7a2b9ce Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 22:40:02 +0530
Subject: [PATCH 04/19] Fixed audit event feature spec

---
 ee/lib/audit/details.rb           |  3 +++
 ee/spec/lib/audit/details_spec.rb | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/ee/lib/audit/details.rb b/ee/lib/audit/details.rb
index 48e2cbd89e9bbd8a..bd1dca3cf2c2fe06 100644
--- a/ee/lib/audit/details.rb
+++ b/ee/lib/audit/details.rb
@@ -19,6 +19,9 @@ def humanize
         "#{action_text} via system job. Reason: #{@details[:reason]}"
       elsif impersonated_event?
         "#{action_text} (by #{@details[:impersonated_by]})"
+      elsif @details[:author_class].to_s == "Gitlab::Audit::ImpersonatedAuthor" &&
+        @details[:custom_message].present?
+        @details[:custom_message]
       else
         action_text
       end
diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb
index 2aeae04520c7f897..b6621607b985f2df 100644
--- a/ee/spec/lib/audit/details_spec.rb
+++ b/ee/spec/lib/audit/details_spec.rb
@@ -22,6 +22,26 @@
 
         expect(string).to end_with('(by Agent 47)')
       end
+
+      context 'when custom_message is present' do
+        let(:project) { create(:project) }
+        let(:impersonated_action) do
+          {
+            add: 'project',
+            author_name: user.name,
+            author_class: 'Gitlab::Audit::ImpersonatedAuthor',
+            target_id: project.id,
+            target_type: 'Project',
+            custom_message: "Project created (by Administrator)"
+          }
+
+          it 'includes impersonation details' do
+            string = described_class.humanize(impersonated_action)
+
+            expect(string).to eq('Project created (by Administrator)')
+          end
+        end
+      end
     end
 
     context 'user' do
-- 
GitLab


From 99e751d5a1f6a8fe150c3b606b97c97a536a4cea Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 22:47:50 +0530
Subject: [PATCH 05/19] Fixed audit event feature spec

---
 ee/lib/audit/details.rb           | 2 +-
 ee/spec/lib/audit/details_spec.rb | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ee/lib/audit/details.rb b/ee/lib/audit/details.rb
index bd1dca3cf2c2fe06..206f26a3ffead694 100644
--- a/ee/lib/audit/details.rb
+++ b/ee/lib/audit/details.rb
@@ -20,7 +20,7 @@ def humanize
       elsif impersonated_event?
         "#{action_text} (by #{@details[:impersonated_by]})"
       elsif @details[:author_class].to_s == "Gitlab::Audit::ImpersonatedAuthor" &&
-        @details[:custom_message].present?
+          @details[:custom_message].present?
         @details[:custom_message]
       else
         action_text
diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb
index b6621607b985f2df..42e90af8d4604bd5 100644
--- a/ee/spec/lib/audit/details_spec.rb
+++ b/ee/spec/lib/audit/details_spec.rb
@@ -25,6 +25,7 @@
 
       context 'when custom_message is present' do
         let(:project) { create(:project) }
+
         let(:impersonated_action) do
           {
             add: 'project',
@@ -34,12 +35,12 @@
             target_type: 'Project',
             custom_message: "Project created (by Administrator)"
           }
+        end
 
-          it 'includes impersonation details' do
-            string = described_class.humanize(impersonated_action)
+        it 'includes impersonation details' do
+          string = described_class.humanize(impersonated_action)
 
-            expect(string).to eq('Project created (by Administrator)')
-          end
+          expect(string).to eq('Project created (by Administrator)')
         end
       end
     end
-- 
GitLab


From b7b31f2074890345944dba3933ee20e879f94c84 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 23:09:50 +0530
Subject: [PATCH 06/19] Replaced let with letitbe

---
 ee/spec/lib/audit/details_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb
index 42e90af8d4604bd5..32249cf4a1edb120 100644
--- a/ee/spec/lib/audit/details_spec.rb
+++ b/ee/spec/lib/audit/details_spec.rb
@@ -24,7 +24,7 @@
       end
 
       context 'when custom_message is present' do
-        let(:project) { create(:project) }
+        let_it_be(:project) { create(:project) }
 
         let(:impersonated_action) do
           {
-- 
GitLab


From a462232765bb756138026e70d42197c5d038307c Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Fri, 14 Apr 2023 11:01:01 +0530
Subject: [PATCH 07/19] Fixed rspec query count

---
 ee/spec/features/registrations/combined_registration_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb
index 36d9184cfbc5e417..af38f32cfd098ec1 100644
--- a/ee/spec/features/registrations/combined_registration_spec.rb
+++ b/ee/spec/features/registrations/combined_registration_spec.rb
@@ -9,7 +9,7 @@
 
   before do
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(147)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(150)
     stub_experiments(experiments)
     sign_in(user)
     visit users_sign_up_welcome_path
-- 
GitLab


From 7e11fe6763fbaa610efc43694cb363fe89952a8c Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 20 Apr 2023 15:27:54 +0530
Subject: [PATCH 08/19] Modified rspec for calling original

---
 ee/spec/services/projects/fork_service_spec.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb
index 201164ab820d9162..5fcbebc96bb846fc 100644
--- a/ee/spec/services/projects/fork_service_spec.rb
+++ b/ee/spec/services/projects/fork_service_spec.rb
@@ -19,7 +19,9 @@
     subject(:execute) { described_class.new(project, user).execute }
 
     it 'call auditor with correct context' do
-      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(name: "project_created"))
+      expect(::Gitlab::Audit::Auditor).to receive(:audit)
+                                            .with(hash_including(name: "project_created"))
+                                            .and_call_original
 
       audit_context = {
         name: event_type,
-- 
GitLab


From 418e7b5c4afd1b57b3d4da6054907ca05f8844cc Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 20 Apr 2023 15:50:29 +0530
Subject: [PATCH 09/19] Removing impersonated author chcek

---
 ee/lib/audit/details.rb           |  3 ---
 ee/spec/lib/audit/details_spec.rb | 21 ---------------------
 2 files changed, 24 deletions(-)

diff --git a/ee/lib/audit/details.rb b/ee/lib/audit/details.rb
index 206f26a3ffead694..48e2cbd89e9bbd8a 100644
--- a/ee/lib/audit/details.rb
+++ b/ee/lib/audit/details.rb
@@ -19,9 +19,6 @@ def humanize
         "#{action_text} via system job. Reason: #{@details[:reason]}"
       elsif impersonated_event?
         "#{action_text} (by #{@details[:impersonated_by]})"
-      elsif @details[:author_class].to_s == "Gitlab::Audit::ImpersonatedAuthor" &&
-          @details[:custom_message].present?
-        @details[:custom_message]
       else
         action_text
       end
diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb
index 32249cf4a1edb120..2aeae04520c7f897 100644
--- a/ee/spec/lib/audit/details_spec.rb
+++ b/ee/spec/lib/audit/details_spec.rb
@@ -22,27 +22,6 @@
 
         expect(string).to end_with('(by Agent 47)')
       end
-
-      context 'when custom_message is present' do
-        let_it_be(:project) { create(:project) }
-
-        let(:impersonated_action) do
-          {
-            add: 'project',
-            author_name: user.name,
-            author_class: 'Gitlab::Audit::ImpersonatedAuthor',
-            target_id: project.id,
-            target_type: 'Project',
-            custom_message: "Project created (by Administrator)"
-          }
-        end
-
-        it 'includes impersonation details' do
-          string = described_class.humanize(impersonated_action)
-
-          expect(string).to eq('Project created (by Administrator)')
-        end
-      end
     end
 
     context 'user' do
-- 
GitLab


From 3773e69b1b141833a23e9657a33aa2ea0ff9d026 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 20 Apr 2023 17:45:59 +0530
Subject: [PATCH 10/19] Fixed query threshold rspec failures

---
 ee/spec/features/registrations/combined_registration_spec.rb    | 2 +-
 ...p_with_trial_from_external_site_without_confirmation_spec.rb | 2 +-
 .../start_trial_from_external_site_without_confirmation_spec.rb | 2 +-
 ee/spec/requests/registrations/project_creation_spec.rb         | 2 +-
 ee/spec/support/helpers/saas_registration_helpers.rb            | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb
index 64757e831173bc31..0e2e38a8d2b6e0e3 100644
--- a/ee/spec/features/registrations/combined_registration_spec.rb
+++ b/ee/spec/features/registrations/combined_registration_spec.rb
@@ -9,7 +9,7 @@
 
   before do
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(148)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(151)
     stub_experiments(experiments)
     sign_in(user)
     visit users_sign_up_welcome_path
diff --git a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
index 87bb7ac29c27d8d0..6a308460ddcafd8e 100644
--- a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
+++ b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
@@ -15,7 +15,7 @@
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159)
 
     stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials")
   end
diff --git a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
index 59ac6728ab04ec1b..7e3282c08b3ba765 100644
--- a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
+++ b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
@@ -14,7 +14,7 @@
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159)
 
     stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials")
   end
diff --git a/ee/spec/requests/registrations/project_creation_spec.rb b/ee/spec/requests/registrations/project_creation_spec.rb
index ea1d7051514219fc..6dbd7b7743464069 100644
--- a/ee/spec/requests/registrations/project_creation_spec.rb
+++ b/ee/spec/requests/registrations/project_creation_spec.rb
@@ -35,7 +35,7 @@
       context 'when group and project can be created' do
         it 'creates a group' do
           # 204 before creating learn gitlab in worker
-          allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(150)
+          allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(153)
 
           expect { post users_sign_up_groups_projects_path, params: params }.to change { Group.count }.by(1)
         end
diff --git a/ee/spec/support/helpers/saas_registration_helpers.rb b/ee/spec/support/helpers/saas_registration_helpers.rb
index 4d87897d2b4eaa85..8d27dc8ab700910c 100644
--- a/ee/spec/support/helpers/saas_registration_helpers.rb
+++ b/ee/spec/support/helpers/saas_registration_helpers.rb
@@ -104,7 +104,7 @@ def fills_in_group_and_project_creation_form
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/404805
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(157)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(160)
 
     fill_in 'group_name', with: 'Test Group'
     fill_in 'blank_project_name', with: 'Test Project'
-- 
GitLab


From 68b3ca305783d03f955ac34d5a17ff00318bdae4 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 20 Apr 2023 18:17:24 +0530
Subject: [PATCH 11/19] Removing add for fixing feature test

---
 ee/app/services/ee/projects/create_service.rb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb
index f82858bec6d81c5d..23ebfde518633965 100644
--- a/ee/app/services/ee/projects/create_service.rb
+++ b/ee/app/services/ee/projects/create_service.rb
@@ -158,10 +158,7 @@ def log_audit_event(project)
           scope: project,
           target: project,
           message: 'Project created',
-          target_details: project.full_path,
-          additional_details: {
-            add: 'project'
-          }
+          target_details: project.full_path
         }
 
         ::Gitlab::Audit::Auditor.audit(audit_context)
-- 
GitLab


From e69301e830a43e88ab8e7fa26dc5d99033015793 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Fri, 21 Apr 2023 11:41:56 +0530
Subject: [PATCH 12/19] Fixed failing rspec

---
 ee/spec/services/projects/create_service_spec.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb
index 74ad0bbb9801d376..4ce85d2c51ab21a7 100644
--- a/ee/spec/services/projects/create_service_spec.rb
+++ b/ee/spec/services/projects/create_service_spec.rb
@@ -400,7 +400,6 @@
            entity_id: @resource.id,
            entity_type: 'Project',
            details: {
-             add: 'project',
              author_name: user.name,
              target_id: @resource.id,
              target_type: 'Project',
-- 
GitLab


From d7ecd9fc5562578fa6c4f962e8ab42f22a514e43 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Fri, 21 Apr 2023 11:45:14 +0530
Subject: [PATCH 13/19] Changed milestone version

---
 ee/config/audit_events/types/project_created.yml                | 2 +-
 ee/config/audit_events/types/project_default_branch_updated.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml
index 111fe97a48986a75..3b18ba8e23f71f1b 100644
--- a/ee/config/audit_events/types/project_created.yml
+++ b/ee/config/audit_events/types/project_created.yml
@@ -4,6 +4,6 @@ description: Event triggered when a project is created.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
 feature_category: compliance_management
-milestone: '15.11'
+milestone: '16.0'
 saved_to_database: true
 streamed: true
diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml
index 41626d8d7d25f1c8..a2edf80abcaab71b 100644
--- a/ee/config/audit_events/types/project_default_branch_updated.yml
+++ b/ee/config/audit_events/types/project_default_branch_updated.yml
@@ -4,6 +4,6 @@ description: Event triggered when default branch of a project's repository is up
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
 feature_category: compliance_management
-milestone: '15.11'
+milestone: '16.0'
 saved_to_database: true
 streamed: true
-- 
GitLab


From 35fd077bd6cbf3d210a7e78b456012d37c84dec9 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Fri, 21 Apr 2023 07:15:53 +0000
Subject: [PATCH 14/19] Changed feature category

---
 ee/config/audit_events/types/project_created.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml
index 3b18ba8e23f71f1b..101daccced51bc1c 100644
--- a/ee/config/audit_events/types/project_created.yml
+++ b/ee/config/audit_events/types/project_created.yml
@@ -3,7 +3,7 @@ name: project_created
 description: Event triggered when a project is created.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
-feature_category: compliance_management
+feature_category: projects
 milestone: '16.0'
 saved_to_database: true
 streamed: true
-- 
GitLab


From e5e6ff85d443b65dc49fbad0b455b0ce9b8cb2c7 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Fri, 21 Apr 2023 07:16:20 +0000
Subject: [PATCH 15/19] Changed feature category

---
 ee/config/audit_events/types/project_default_branch_updated.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml
index a2edf80abcaab71b..350993c00d019f4a 100644
--- a/ee/config/audit_events/types/project_default_branch_updated.yml
+++ b/ee/config/audit_events/types/project_default_branch_updated.yml
@@ -3,7 +3,7 @@ name: project_default_branch_updated
 description: Event triggered when default branch of a project's repository is updated.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
-feature_category: compliance_management
+feature_category: projects
 milestone: '16.0'
 saved_to_database: true
 streamed: true
-- 
GitLab


From b33f7466d1a02256b7edf7898f695a77762f17cf Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Fri, 28 Apr 2023 15:29:06 +0530
Subject: [PATCH 16/19] Using constants for strings

---
 ee/app/services/ee/projects/create_service.rb    | 7 +++++--
 ee/app/services/ee/projects/update_service.rb    | 4 +++-
 ee/spec/services/projects/create_service_spec.rb | 4 ++--
 ee/spec/services/projects/fork_service_spec.rb   | 2 +-
 ee/spec/services/projects/update_service_spec.rb | 2 +-
 5 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb
index 23ebfde518633965..6eb834d4bff03469 100644
--- a/ee/app/services/ee/projects/create_service.rb
+++ b/ee/app/services/ee/projects/create_service.rb
@@ -5,6 +5,9 @@ module Projects
     module CreateService
       extend ::Gitlab::Utils::Override
 
+      AUDIT_EVENT_TYPE = 'project_created'
+      AUDIT_EVENT_MESSAGE = 'Project created'
+
       attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id
 
       override :initialize
@@ -153,11 +156,11 @@ def setup_ci_cd_project
 
       def log_audit_event(project)
         audit_context = {
-          name: 'project_created',
+          name: AUDIT_EVENT_TYPE,
           author: current_user,
           scope: project,
           target: project,
-          message: 'Project created',
+          message: AUDIT_EVENT_MESSAGE,
           target_details: project.full_path
         }
 
diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb
index 8d107517f44400fc..4e1b5ea352567528 100644
--- a/ee/app/services/ee/projects/update_service.rb
+++ b/ee/app/services/ee/projects/update_service.rb
@@ -5,6 +5,8 @@ module Projects
     module UpdateService
       extend ::Gitlab::Utils::Override
 
+      DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'
+
       PULL_MIRROR_ATTRIBUTES = %i[
         mirror
         mirror_user_id
@@ -107,7 +109,7 @@ def remove_unallowed_params
       override :after_default_branch_change
       def after_default_branch_change(previous_default_branch)
         audit_context = {
-          name: 'project_default_branch_updated',
+          name: DEFAULT_BRANCH_CHANGE_AUDIT_TYPE,
           author: current_user,
           scope: project,
           target: project,
diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb
index 4ce85d2c51ab21a7..28ec918f1617cf57 100644
--- a/ee/spec/services/projects/create_service_spec.rb
+++ b/ee/spec/services/projects/create_service_spec.rb
@@ -392,7 +392,7 @@
         allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false)
       end
 
-      let(:event_type) { 'project_created' }
+      let(:event_type) { Projects::CreateService::AUDIT_EVENT_TYPE }
 
       let(:attributes) do
         {
@@ -404,7 +404,7 @@
              target_id: @resource.id,
              target_type: 'Project',
              target_details: @resource.full_path,
-             custom_message: 'Project created',
+             custom_message: Projects::CreateService::AUDIT_EVENT_MESSAGE,
              author_class: user.class.name
            }
          }
diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb
index 5fcbebc96bb846fc..2794349566b46cde 100644
--- a/ee/spec/services/projects/fork_service_spec.rb
+++ b/ee/spec/services/projects/fork_service_spec.rb
@@ -20,7 +20,7 @@
 
     it 'call auditor with correct context' do
       expect(::Gitlab::Audit::Auditor).to receive(:audit)
-                                            .with(hash_including(name: "project_created"))
+                                            .with(hash_including(name: Projects::CreateService::AUDIT_EVENT_TYPE))
                                             .and_call_original
 
       audit_context = {
diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb
index c6fa96df18bd58d7..1c79fb7cc7dcccdd 100644
--- a/ee/spec/services/projects/update_service_spec.rb
+++ b/ee/spec/services/projects/update_service_spec.rb
@@ -242,7 +242,7 @@ def operation
           update_project(project, user, default_branch: 'feature')
         end
 
-        let_it_be(:event_type) { 'project_default_branch_updated' }
+        let_it_be(:event_type) { Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_TYPE }
 
         let(:attributes) do
           audit_event_params.tap do |param|
-- 
GitLab


From 896aaafdfb4578e211cf77ec285244581389b898 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Mon, 1 May 2023 15:04:41 +0530
Subject: [PATCH 17/19] Replaced string with constant in update service

---
 ee/app/services/ee/projects/create_service.rb    | 4 ++--
 ee/app/services/ee/projects/update_service.rb    | 5 +++--
 ee/spec/services/projects/update_service_spec.rb | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb
index 6eb834d4bff03469..e2e7c75ec6b40a2c 100644
--- a/ee/app/services/ee/projects/create_service.rb
+++ b/ee/app/services/ee/projects/create_service.rb
@@ -5,8 +5,8 @@ module Projects
     module CreateService
       extend ::Gitlab::Utils::Override
 
-      AUDIT_EVENT_TYPE = 'project_created'
-      AUDIT_EVENT_MESSAGE = 'Project created'
+      AUDIT_EVENT_TYPE = 'project_created'.freeze
+      AUDIT_EVENT_MESSAGE = 'Project created'.freeze
 
       attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id
 
diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb
index 4e1b5ea352567528..8f7f519466376f2a 100644
--- a/ee/app/services/ee/projects/update_service.rb
+++ b/ee/app/services/ee/projects/update_service.rb
@@ -5,7 +5,8 @@ module Projects
     module UpdateService
       extend ::Gitlab::Utils::Override
 
-      DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'
+      DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'.freeze
+      DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s".freeze
 
       PULL_MIRROR_ATTRIBUTES = %i[
         mirror
@@ -113,7 +114,7 @@ def after_default_branch_change(previous_default_branch)
           author: current_user,
           scope: project,
           target: project,
-          message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}",
+          message: sprintf(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch),
           target_details: project.full_path,
           additional_details: {
             from: previous_default_branch,
diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb
index 1c79fb7cc7dcccdd..1bbbed245c07b083 100644
--- a/ee/spec/services/projects/update_service_spec.rb
+++ b/ee/spec/services/projects/update_service_spec.rb
@@ -249,7 +249,7 @@ def operation
             param[:details].merge!(
               from: project.previous_default_branch,
               to: project.default_branch,
-              custom_message: "Default branch changed from #{project.previous_default_branch} to #{project.default_branch}"
+              custom_message: sprintf(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch)
             )
           end
         end
-- 
GitLab


From 8f104c87694f871c9de82607d935d3250fa4059c Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Mon, 1 May 2023 15:10:12 +0530
Subject: [PATCH 18/19] Removed freeze and used format

---
 ee/app/services/ee/projects/create_service.rb    | 4 ++--
 ee/app/services/ee/projects/update_service.rb    | 6 +++---
 ee/spec/services/projects/update_service_spec.rb | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb
index e2e7c75ec6b40a2c..6eb834d4bff03469 100644
--- a/ee/app/services/ee/projects/create_service.rb
+++ b/ee/app/services/ee/projects/create_service.rb
@@ -5,8 +5,8 @@ module Projects
     module CreateService
       extend ::Gitlab::Utils::Override
 
-      AUDIT_EVENT_TYPE = 'project_created'.freeze
-      AUDIT_EVENT_MESSAGE = 'Project created'.freeze
+      AUDIT_EVENT_TYPE = 'project_created'
+      AUDIT_EVENT_MESSAGE = 'Project created'
 
       attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id
 
diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb
index 8f7f519466376f2a..673f88947cec78a4 100644
--- a/ee/app/services/ee/projects/update_service.rb
+++ b/ee/app/services/ee/projects/update_service.rb
@@ -5,8 +5,8 @@ module Projects
     module UpdateService
       extend ::Gitlab::Utils::Override
 
-      DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'.freeze
-      DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s".freeze
+      DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'
+      DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s"
 
       PULL_MIRROR_ATTRIBUTES = %i[
         mirror
@@ -114,7 +114,7 @@ def after_default_branch_change(previous_default_branch)
           author: current_user,
           scope: project,
           target: project,
-          message: sprintf(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch),
+          message: format(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch),
           target_details: project.full_path,
           additional_details: {
             from: previous_default_branch,
diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb
index 1bbbed245c07b083..c489fbb81ebd9291 100644
--- a/ee/spec/services/projects/update_service_spec.rb
+++ b/ee/spec/services/projects/update_service_spec.rb
@@ -249,7 +249,7 @@ def operation
             param[:details].merge!(
               from: project.previous_default_branch,
               to: project.default_branch,
-              custom_message: sprintf(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch)
+              custom_message: format(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch)
             )
           end
         end
-- 
GitLab


From fc6a74e55148bdc2dbf39961ce809b142f5b4964 Mon Sep 17 00:00:00 2001
From: Harsha Muralidhar <hmuralidhar@gitlab.com>
Date: Tue, 2 May 2023 03:25:50 +0000
Subject: [PATCH 19/19] Apply 1 suggestion(s) to 1 file(s)

---
 ee/spec/services/projects/fork_service_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb
index 2794349566b46cde..efe22c00340156dc 100644
--- a/ee/spec/services/projects/fork_service_spec.rb
+++ b/ee/spec/services/projects/fork_service_spec.rb
@@ -18,7 +18,7 @@
 
     subject(:execute) { described_class.new(project, user).execute }
 
-    it 'call auditor with correct context' do
+    it 'calls auditor with correct context' do
       expect(::Gitlab::Audit::Auditor).to receive(:audit)
                                             .with(hash_including(name: Projects::CreateService::AUDIT_EVENT_TYPE))
                                             .and_call_original
-- 
GitLab