From f93af22d59c05dda6c18cd2ed8ee6678e352a027 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 13 Apr 2023 19:23:37 +0530 Subject: [PATCH 01/19] Refactored audit events for projects For project creation and branch updation correct audit event name will be sent Changelog: other EE: true --- ee/app/services/ee/projects/create_service.rb | 18 ++++++++++++----- ee/app/services/ee/projects/update_service.rb | 20 +++++++++++++------ .../services/projects/create_service_spec.rb | 6 +++++- .../services/projects/update_service_spec.rb | 11 ++++++---- 4 files changed, 39 insertions(+), 16 deletions(-) diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb index 220c81419f8b2257..f82858bec6d81c5d 100644 --- a/ee/app/services/ee/projects/create_service.rb +++ b/ee/app/services/ee/projects/create_service.rb @@ -152,11 +152,19 @@ def setup_ci_cd_project end def log_audit_event(project) - ::AuditEventService.new( - current_user, - project, - action: :create - ).for_project.security_event + audit_context = { + name: 'project_created', + author: current_user, + scope: project, + target: project, + message: 'Project created', + target_details: project.full_path, + additional_details: { + add: 'project' + } + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end end end diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb index 3e52b57adefaed78..aec449e99085becd 100644 --- a/ee/app/services/ee/projects/update_service.rb +++ b/ee/app/services/ee/projects/update_service.rb @@ -92,12 +92,20 @@ def remove_unallowed_params override :after_default_branch_change def after_default_branch_change(previous_default_branch) - ::AuditEventService.new( - current_user, - project, - action: :custom, - custom_message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}" - ).for_project.security_event + audit_context = { + name: 'project_default_branch_updated', + author: current_user, + scope: project, + target: project, + message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}", + target_details: project.full_path, + additional_details: { + from: previous_default_branch, + to: project.default_branch + } + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end # A user who enables shared runners must meet the credit card requirement if diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb index 785ada13dd9bdc04..74ad0bbb9801d376 100644 --- a/ee/spec/services/projects/create_service_spec.rb +++ b/ee/spec/services/projects/create_service_spec.rb @@ -392,6 +392,8 @@ allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false) end + let(:event_type) { 'project_created' } + let(:attributes) do { author_id: user.id, @@ -402,7 +404,9 @@ author_name: user.name, target_id: @resource.id, target_type: 'Project', - target_details: @resource.full_path + target_details: @resource.full_path, + custom_message: 'Project created', + author_class: user.class.name } } end diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb index 9dd3368c15d32791..d0002a8c3f9cd7e4 100644 --- a/ee/spec/services/projects/update_service_spec.rb +++ b/ee/spec/services/projects/update_service_spec.rb @@ -242,12 +242,15 @@ def operation update_project(project, user, default_branch: 'feature') end + let_it_be(:event_type) { 'project_default_branch_updated' } + let(:attributes) do audit_event_params.tap do |param| - param[:details][:custom_message] = "Default branch changed from master to feature" - # Default branch change event still uses legacy AuditEventService instead of Gitlab::Audit::Auditor. - # The following attributes exist once we switched to Gitlab::Audit::Auditor. - param[:details].delete(:author_class) + param[:details].merge!( + from: project.previous_default_branch, + to: project.default_branch, + custom_message: "Default branch changed from #{project.previous_default_branch} to #{project.default_branch}" + ) end end end -- GitLab From 337d3d74d2045118387f348eca074d46e0fe8bf6 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 13 Apr 2023 19:27:47 +0530 Subject: [PATCH 02/19] Added audit yml files --- ee/config/audit_events/types/project_created.yml | 9 +++++++++ .../types/project_default_branch_updated.yml | 9 +++++++++ 2 files changed, 18 insertions(+) create mode 100644 ee/config/audit_events/types/project_created.yml create mode 100644 ee/config/audit_events/types/project_default_branch_updated.yml diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml new file mode 100644 index 0000000000000000..111fe97a48986a75 --- /dev/null +++ b/ee/config/audit_events/types/project_created.yml @@ -0,0 +1,9 @@ +--- +name: project_created +description: Event triggered when a project is created. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543 +feature_category: compliance_management +milestone: '15.11' +saved_to_database: true +streamed: true diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml new file mode 100644 index 0000000000000000..41626d8d7d25f1c8 --- /dev/null +++ b/ee/config/audit_events/types/project_default_branch_updated.yml @@ -0,0 +1,9 @@ +--- +name: project_default_branch_updated +description: Event triggered when default branch of a project's repository is updated. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543 +feature_category: compliance_management +milestone: '15.11' +saved_to_database: true +streamed: true -- GitLab From 880c0de8a5921094d5d81006229aba47c3e4dd04 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 13 Apr 2023 20:39:56 +0530 Subject: [PATCH 03/19] Fixed failing rspecs --- ...with_trial_from_external_site_without_confirmation_spec.rb | 2 +- ...tart_trial_from_external_site_without_confirmation_spec.rb | 2 +- ee/spec/requests/registrations/project_creation_spec.rb | 2 +- ee/spec/services/projects/fork_service_spec.rb | 4 +++- ee/spec/support/helpers/saas_registration_helpers.rb | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb index 658080bd8e0ab77a..b7639a4bd787bc54 100644 --- a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb +++ b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb @@ -15,7 +15,7 @@ # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(155) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(158) stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials") end diff --git a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb index 9d271da56776c04b..8c7a65a71af03a71 100644 --- a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb +++ b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb @@ -14,7 +14,7 @@ # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(155) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(158) stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials") end diff --git a/ee/spec/requests/registrations/project_creation_spec.rb b/ee/spec/requests/registrations/project_creation_spec.rb index 9be8b3429fd9ff33..08ef01c2904f5b7c 100644 --- a/ee/spec/requests/registrations/project_creation_spec.rb +++ b/ee/spec/requests/registrations/project_creation_spec.rb @@ -35,7 +35,7 @@ context 'when group and project can be created' do it 'creates a group' do # 204 before creating learn gitlab in worker - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(149) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(152) expect { post users_sign_up_groups_projects_path, params: params }.to change { Group.count }.by(1) end diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb index 34fcf77d729cd2c7..201164ab820d9162 100644 --- a/ee/spec/services/projects/fork_service_spec.rb +++ b/ee/spec/services/projects/fork_service_spec.rb @@ -18,7 +18,9 @@ subject(:execute) { described_class.new(project, user).execute } - it 'call auditor with currect context' do + it 'call auditor with correct context' do + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(name: "project_created")) + audit_context = { name: event_type, stream_only: true, diff --git a/ee/spec/support/helpers/saas_registration_helpers.rb b/ee/spec/support/helpers/saas_registration_helpers.rb index 2155075d9e997087..452db7787d26961e 100644 --- a/ee/spec/support/helpers/saas_registration_helpers.rb +++ b/ee/spec/support/helpers/saas_registration_helpers.rb @@ -104,7 +104,7 @@ def fills_in_group_and_project_creation_form # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. # https://gitlab.com/gitlab-org/gitlab/-/issues/404805 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159) fill_in 'group_name', with: 'Test Group' fill_in 'blank_project_name', with: 'Test Project' -- GitLab From 5540aabab6fea9d636f31c663490b752d7a2b9ce Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 13 Apr 2023 22:40:02 +0530 Subject: [PATCH 04/19] Fixed audit event feature spec --- ee/lib/audit/details.rb | 3 +++ ee/spec/lib/audit/details_spec.rb | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/ee/lib/audit/details.rb b/ee/lib/audit/details.rb index 48e2cbd89e9bbd8a..bd1dca3cf2c2fe06 100644 --- a/ee/lib/audit/details.rb +++ b/ee/lib/audit/details.rb @@ -19,6 +19,9 @@ def humanize "#{action_text} via system job. Reason: #{@details[:reason]}" elsif impersonated_event? "#{action_text} (by #{@details[:impersonated_by]})" + elsif @details[:author_class].to_s == "Gitlab::Audit::ImpersonatedAuthor" && + @details[:custom_message].present? + @details[:custom_message] else action_text end diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb index 2aeae04520c7f897..b6621607b985f2df 100644 --- a/ee/spec/lib/audit/details_spec.rb +++ b/ee/spec/lib/audit/details_spec.rb @@ -22,6 +22,26 @@ expect(string).to end_with('(by Agent 47)') end + + context 'when custom_message is present' do + let(:project) { create(:project) } + let(:impersonated_action) do + { + add: 'project', + author_name: user.name, + author_class: 'Gitlab::Audit::ImpersonatedAuthor', + target_id: project.id, + target_type: 'Project', + custom_message: "Project created (by Administrator)" + } + + it 'includes impersonation details' do + string = described_class.humanize(impersonated_action) + + expect(string).to eq('Project created (by Administrator)') + end + end + end end context 'user' do -- GitLab From 99e751d5a1f6a8fe150c3b606b97c97a536a4cea Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 13 Apr 2023 22:47:50 +0530 Subject: [PATCH 05/19] Fixed audit event feature spec --- ee/lib/audit/details.rb | 2 +- ee/spec/lib/audit/details_spec.rb | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ee/lib/audit/details.rb b/ee/lib/audit/details.rb index bd1dca3cf2c2fe06..206f26a3ffead694 100644 --- a/ee/lib/audit/details.rb +++ b/ee/lib/audit/details.rb @@ -20,7 +20,7 @@ def humanize elsif impersonated_event? "#{action_text} (by #{@details[:impersonated_by]})" elsif @details[:author_class].to_s == "Gitlab::Audit::ImpersonatedAuthor" && - @details[:custom_message].present? + @details[:custom_message].present? @details[:custom_message] else action_text diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb index b6621607b985f2df..42e90af8d4604bd5 100644 --- a/ee/spec/lib/audit/details_spec.rb +++ b/ee/spec/lib/audit/details_spec.rb @@ -25,6 +25,7 @@ context 'when custom_message is present' do let(:project) { create(:project) } + let(:impersonated_action) do { add: 'project', @@ -34,12 +35,12 @@ target_type: 'Project', custom_message: "Project created (by Administrator)" } + end - it 'includes impersonation details' do - string = described_class.humanize(impersonated_action) + it 'includes impersonation details' do + string = described_class.humanize(impersonated_action) - expect(string).to eq('Project created (by Administrator)') - end + expect(string).to eq('Project created (by Administrator)') end end end -- GitLab From b7b31f2074890345944dba3933ee20e879f94c84 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 13 Apr 2023 23:09:50 +0530 Subject: [PATCH 06/19] Replaced let with letitbe --- ee/spec/lib/audit/details_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb index 42e90af8d4604bd5..32249cf4a1edb120 100644 --- a/ee/spec/lib/audit/details_spec.rb +++ b/ee/spec/lib/audit/details_spec.rb @@ -24,7 +24,7 @@ end context 'when custom_message is present' do - let(:project) { create(:project) } + let_it_be(:project) { create(:project) } let(:impersonated_action) do { -- GitLab From a462232765bb756138026e70d42197c5d038307c Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Fri, 14 Apr 2023 11:01:01 +0530 Subject: [PATCH 07/19] Fixed rspec query count --- ee/spec/features/registrations/combined_registration_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb index 36d9184cfbc5e417..af38f32cfd098ec1 100644 --- a/ee/spec/features/registrations/combined_registration_spec.rb +++ b/ee/spec/features/registrations/combined_registration_spec.rb @@ -9,7 +9,7 @@ before do # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(147) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(150) stub_experiments(experiments) sign_in(user) visit users_sign_up_welcome_path -- GitLab From 7e11fe6763fbaa610efc43694cb363fe89952a8c Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 20 Apr 2023 15:27:54 +0530 Subject: [PATCH 08/19] Modified rspec for calling original --- ee/spec/services/projects/fork_service_spec.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb index 201164ab820d9162..5fcbebc96bb846fc 100644 --- a/ee/spec/services/projects/fork_service_spec.rb +++ b/ee/spec/services/projects/fork_service_spec.rb @@ -19,7 +19,9 @@ subject(:execute) { described_class.new(project, user).execute } it 'call auditor with correct context' do - expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(name: "project_created")) + expect(::Gitlab::Audit::Auditor).to receive(:audit) + .with(hash_including(name: "project_created")) + .and_call_original audit_context = { name: event_type, -- GitLab From 418e7b5c4afd1b57b3d4da6054907ca05f8844cc Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 20 Apr 2023 15:50:29 +0530 Subject: [PATCH 09/19] Removing impersonated author chcek --- ee/lib/audit/details.rb | 3 --- ee/spec/lib/audit/details_spec.rb | 21 --------------------- 2 files changed, 24 deletions(-) diff --git a/ee/lib/audit/details.rb b/ee/lib/audit/details.rb index 206f26a3ffead694..48e2cbd89e9bbd8a 100644 --- a/ee/lib/audit/details.rb +++ b/ee/lib/audit/details.rb @@ -19,9 +19,6 @@ def humanize "#{action_text} via system job. Reason: #{@details[:reason]}" elsif impersonated_event? "#{action_text} (by #{@details[:impersonated_by]})" - elsif @details[:author_class].to_s == "Gitlab::Audit::ImpersonatedAuthor" && - @details[:custom_message].present? - @details[:custom_message] else action_text end diff --git a/ee/spec/lib/audit/details_spec.rb b/ee/spec/lib/audit/details_spec.rb index 32249cf4a1edb120..2aeae04520c7f897 100644 --- a/ee/spec/lib/audit/details_spec.rb +++ b/ee/spec/lib/audit/details_spec.rb @@ -22,27 +22,6 @@ expect(string).to end_with('(by Agent 47)') end - - context 'when custom_message is present' do - let_it_be(:project) { create(:project) } - - let(:impersonated_action) do - { - add: 'project', - author_name: user.name, - author_class: 'Gitlab::Audit::ImpersonatedAuthor', - target_id: project.id, - target_type: 'Project', - custom_message: "Project created (by Administrator)" - } - end - - it 'includes impersonation details' do - string = described_class.humanize(impersonated_action) - - expect(string).to eq('Project created (by Administrator)') - end - end end context 'user' do -- GitLab From 3773e69b1b141833a23e9657a33aa2ea0ff9d026 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 20 Apr 2023 17:45:59 +0530 Subject: [PATCH 10/19] Fixed query threshold rspec failures --- ee/spec/features/registrations/combined_registration_spec.rb | 2 +- ...p_with_trial_from_external_site_without_confirmation_spec.rb | 2 +- .../start_trial_from_external_site_without_confirmation_spec.rb | 2 +- ee/spec/requests/registrations/project_creation_spec.rb | 2 +- ee/spec/support/helpers/saas_registration_helpers.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb index 64757e831173bc31..0e2e38a8d2b6e0e3 100644 --- a/ee/spec/features/registrations/combined_registration_spec.rb +++ b/ee/spec/features/registrations/combined_registration_spec.rb @@ -9,7 +9,7 @@ before do # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(148) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(151) stub_experiments(experiments) sign_in(user) visit users_sign_up_welcome_path diff --git a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb index 87bb7ac29c27d8d0..6a308460ddcafd8e 100644 --- a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb +++ b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb @@ -15,7 +15,7 @@ # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159) stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials") end diff --git a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb index 59ac6728ab04ec1b..7e3282c08b3ba765 100644 --- a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb +++ b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb @@ -14,7 +14,7 @@ # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159) stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials") end diff --git a/ee/spec/requests/registrations/project_creation_spec.rb b/ee/spec/requests/registrations/project_creation_spec.rb index ea1d7051514219fc..6dbd7b7743464069 100644 --- a/ee/spec/requests/registrations/project_creation_spec.rb +++ b/ee/spec/requests/registrations/project_creation_spec.rb @@ -35,7 +35,7 @@ context 'when group and project can be created' do it 'creates a group' do # 204 before creating learn gitlab in worker - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(150) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(153) expect { post users_sign_up_groups_projects_path, params: params }.to change { Group.count }.by(1) end diff --git a/ee/spec/support/helpers/saas_registration_helpers.rb b/ee/spec/support/helpers/saas_registration_helpers.rb index 4d87897d2b4eaa85..8d27dc8ab700910c 100644 --- a/ee/spec/support/helpers/saas_registration_helpers.rb +++ b/ee/spec/support/helpers/saas_registration_helpers.rb @@ -104,7 +104,7 @@ def fills_in_group_and_project_creation_form # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. # https://gitlab.com/gitlab-org/gitlab/-/issues/404805 - allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(157) + allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(160) fill_in 'group_name', with: 'Test Group' fill_in 'blank_project_name', with: 'Test Project' -- GitLab From 68b3ca305783d03f955ac34d5a17ff00318bdae4 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Thu, 20 Apr 2023 18:17:24 +0530 Subject: [PATCH 11/19] Removing add for fixing feature test --- ee/app/services/ee/projects/create_service.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb index f82858bec6d81c5d..23ebfde518633965 100644 --- a/ee/app/services/ee/projects/create_service.rb +++ b/ee/app/services/ee/projects/create_service.rb @@ -158,10 +158,7 @@ def log_audit_event(project) scope: project, target: project, message: 'Project created', - target_details: project.full_path, - additional_details: { - add: 'project' - } + target_details: project.full_path } ::Gitlab::Audit::Auditor.audit(audit_context) -- GitLab From e69301e830a43e88ab8e7fa26dc5d99033015793 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Fri, 21 Apr 2023 11:41:56 +0530 Subject: [PATCH 12/19] Fixed failing rspec --- ee/spec/services/projects/create_service_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb index 74ad0bbb9801d376..4ce85d2c51ab21a7 100644 --- a/ee/spec/services/projects/create_service_spec.rb +++ b/ee/spec/services/projects/create_service_spec.rb @@ -400,7 +400,6 @@ entity_id: @resource.id, entity_type: 'Project', details: { - add: 'project', author_name: user.name, target_id: @resource.id, target_type: 'Project', -- GitLab From d7ecd9fc5562578fa6c4f962e8ab42f22a514e43 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Fri, 21 Apr 2023 11:45:14 +0530 Subject: [PATCH 13/19] Changed milestone version --- ee/config/audit_events/types/project_created.yml | 2 +- ee/config/audit_events/types/project_default_branch_updated.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml index 111fe97a48986a75..3b18ba8e23f71f1b 100644 --- a/ee/config/audit_events/types/project_created.yml +++ b/ee/config/audit_events/types/project_created.yml @@ -4,6 +4,6 @@ description: Event triggered when a project is created. introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543 feature_category: compliance_management -milestone: '15.11' +milestone: '16.0' saved_to_database: true streamed: true diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml index 41626d8d7d25f1c8..a2edf80abcaab71b 100644 --- a/ee/config/audit_events/types/project_default_branch_updated.yml +++ b/ee/config/audit_events/types/project_default_branch_updated.yml @@ -4,6 +4,6 @@ description: Event triggered when default branch of a project's repository is up introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543 feature_category: compliance_management -milestone: '15.11' +milestone: '16.0' saved_to_database: true streamed: true -- GitLab From 35fd077bd6cbf3d210a7e78b456012d37c84dec9 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Fri, 21 Apr 2023 07:15:53 +0000 Subject: [PATCH 14/19] Changed feature category --- ee/config/audit_events/types/project_created.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml index 3b18ba8e23f71f1b..101daccced51bc1c 100644 --- a/ee/config/audit_events/types/project_created.yml +++ b/ee/config/audit_events/types/project_created.yml @@ -3,7 +3,7 @@ name: project_created description: Event triggered when a project is created. introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543 -feature_category: compliance_management +feature_category: projects milestone: '16.0' saved_to_database: true streamed: true -- GitLab From e5e6ff85d443b65dc49fbad0b455b0ce9b8cb2c7 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Fri, 21 Apr 2023 07:16:20 +0000 Subject: [PATCH 15/19] Changed feature category --- ee/config/audit_events/types/project_default_branch_updated.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml index a2edf80abcaab71b..350993c00d019f4a 100644 --- a/ee/config/audit_events/types/project_default_branch_updated.yml +++ b/ee/config/audit_events/types/project_default_branch_updated.yml @@ -3,7 +3,7 @@ name: project_default_branch_updated description: Event triggered when default branch of a project's repository is updated. introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543 -feature_category: compliance_management +feature_category: projects milestone: '16.0' saved_to_database: true streamed: true -- GitLab From b33f7466d1a02256b7edf7898f695a77762f17cf Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Fri, 28 Apr 2023 15:29:06 +0530 Subject: [PATCH 16/19] Using constants for strings --- ee/app/services/ee/projects/create_service.rb | 7 +++++-- ee/app/services/ee/projects/update_service.rb | 4 +++- ee/spec/services/projects/create_service_spec.rb | 4 ++-- ee/spec/services/projects/fork_service_spec.rb | 2 +- ee/spec/services/projects/update_service_spec.rb | 2 +- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb index 23ebfde518633965..6eb834d4bff03469 100644 --- a/ee/app/services/ee/projects/create_service.rb +++ b/ee/app/services/ee/projects/create_service.rb @@ -5,6 +5,9 @@ module Projects module CreateService extend ::Gitlab::Utils::Override + AUDIT_EVENT_TYPE = 'project_created' + AUDIT_EVENT_MESSAGE = 'Project created' + attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id override :initialize @@ -153,11 +156,11 @@ def setup_ci_cd_project def log_audit_event(project) audit_context = { - name: 'project_created', + name: AUDIT_EVENT_TYPE, author: current_user, scope: project, target: project, - message: 'Project created', + message: AUDIT_EVENT_MESSAGE, target_details: project.full_path } diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb index 8d107517f44400fc..4e1b5ea352567528 100644 --- a/ee/app/services/ee/projects/update_service.rb +++ b/ee/app/services/ee/projects/update_service.rb @@ -5,6 +5,8 @@ module Projects module UpdateService extend ::Gitlab::Utils::Override + DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated' + PULL_MIRROR_ATTRIBUTES = %i[ mirror mirror_user_id @@ -107,7 +109,7 @@ def remove_unallowed_params override :after_default_branch_change def after_default_branch_change(previous_default_branch) audit_context = { - name: 'project_default_branch_updated', + name: DEFAULT_BRANCH_CHANGE_AUDIT_TYPE, author: current_user, scope: project, target: project, diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb index 4ce85d2c51ab21a7..28ec918f1617cf57 100644 --- a/ee/spec/services/projects/create_service_spec.rb +++ b/ee/spec/services/projects/create_service_spec.rb @@ -392,7 +392,7 @@ allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false) end - let(:event_type) { 'project_created' } + let(:event_type) { Projects::CreateService::AUDIT_EVENT_TYPE } let(:attributes) do { @@ -404,7 +404,7 @@ target_id: @resource.id, target_type: 'Project', target_details: @resource.full_path, - custom_message: 'Project created', + custom_message: Projects::CreateService::AUDIT_EVENT_MESSAGE, author_class: user.class.name } } diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb index 5fcbebc96bb846fc..2794349566b46cde 100644 --- a/ee/spec/services/projects/fork_service_spec.rb +++ b/ee/spec/services/projects/fork_service_spec.rb @@ -20,7 +20,7 @@ it 'call auditor with correct context' do expect(::Gitlab::Audit::Auditor).to receive(:audit) - .with(hash_including(name: "project_created")) + .with(hash_including(name: Projects::CreateService::AUDIT_EVENT_TYPE)) .and_call_original audit_context = { diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb index c6fa96df18bd58d7..1c79fb7cc7dcccdd 100644 --- a/ee/spec/services/projects/update_service_spec.rb +++ b/ee/spec/services/projects/update_service_spec.rb @@ -242,7 +242,7 @@ def operation update_project(project, user, default_branch: 'feature') end - let_it_be(:event_type) { 'project_default_branch_updated' } + let_it_be(:event_type) { Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_TYPE } let(:attributes) do audit_event_params.tap do |param| -- GitLab From 896aaafdfb4578e211cf77ec285244581389b898 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Mon, 1 May 2023 15:04:41 +0530 Subject: [PATCH 17/19] Replaced string with constant in update service --- ee/app/services/ee/projects/create_service.rb | 4 ++-- ee/app/services/ee/projects/update_service.rb | 5 +++-- ee/spec/services/projects/update_service_spec.rb | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb index 6eb834d4bff03469..e2e7c75ec6b40a2c 100644 --- a/ee/app/services/ee/projects/create_service.rb +++ b/ee/app/services/ee/projects/create_service.rb @@ -5,8 +5,8 @@ module Projects module CreateService extend ::Gitlab::Utils::Override - AUDIT_EVENT_TYPE = 'project_created' - AUDIT_EVENT_MESSAGE = 'Project created' + AUDIT_EVENT_TYPE = 'project_created'.freeze + AUDIT_EVENT_MESSAGE = 'Project created'.freeze attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb index 4e1b5ea352567528..8f7f519466376f2a 100644 --- a/ee/app/services/ee/projects/update_service.rb +++ b/ee/app/services/ee/projects/update_service.rb @@ -5,7 +5,8 @@ module Projects module UpdateService extend ::Gitlab::Utils::Override - DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated' + DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'.freeze + DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s".freeze PULL_MIRROR_ATTRIBUTES = %i[ mirror @@ -113,7 +114,7 @@ def after_default_branch_change(previous_default_branch) author: current_user, scope: project, target: project, - message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}", + message: sprintf(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch), target_details: project.full_path, additional_details: { from: previous_default_branch, diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb index 1c79fb7cc7dcccdd..1bbbed245c07b083 100644 --- a/ee/spec/services/projects/update_service_spec.rb +++ b/ee/spec/services/projects/update_service_spec.rb @@ -249,7 +249,7 @@ def operation param[:details].merge!( from: project.previous_default_branch, to: project.default_branch, - custom_message: "Default branch changed from #{project.previous_default_branch} to #{project.default_branch}" + custom_message: sprintf(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch) ) end end -- GitLab From 8f104c87694f871c9de82607d935d3250fa4059c Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com> Date: Mon, 1 May 2023 15:10:12 +0530 Subject: [PATCH 18/19] Removed freeze and used format --- ee/app/services/ee/projects/create_service.rb | 4 ++-- ee/app/services/ee/projects/update_service.rb | 6 +++--- ee/spec/services/projects/update_service_spec.rb | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb index e2e7c75ec6b40a2c..6eb834d4bff03469 100644 --- a/ee/app/services/ee/projects/create_service.rb +++ b/ee/app/services/ee/projects/create_service.rb @@ -5,8 +5,8 @@ module Projects module CreateService extend ::Gitlab::Utils::Override - AUDIT_EVENT_TYPE = 'project_created'.freeze - AUDIT_EVENT_MESSAGE = 'Project created'.freeze + AUDIT_EVENT_TYPE = 'project_created' + AUDIT_EVENT_MESSAGE = 'Project created' attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb index 8f7f519466376f2a..673f88947cec78a4 100644 --- a/ee/app/services/ee/projects/update_service.rb +++ b/ee/app/services/ee/projects/update_service.rb @@ -5,8 +5,8 @@ module Projects module UpdateService extend ::Gitlab::Utils::Override - DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'.freeze - DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s".freeze + DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated' + DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s" PULL_MIRROR_ATTRIBUTES = %i[ mirror @@ -114,7 +114,7 @@ def after_default_branch_change(previous_default_branch) author: current_user, scope: project, target: project, - message: sprintf(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch), + message: format(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch), target_details: project.full_path, additional_details: { from: previous_default_branch, diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb index 1bbbed245c07b083..c489fbb81ebd9291 100644 --- a/ee/spec/services/projects/update_service_spec.rb +++ b/ee/spec/services/projects/update_service_spec.rb @@ -249,7 +249,7 @@ def operation param[:details].merge!( from: project.previous_default_branch, to: project.default_branch, - custom_message: sprintf(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch) + custom_message: format(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch) ) end end -- GitLab From fc6a74e55148bdc2dbf39961ce809b142f5b4964 Mon Sep 17 00:00:00 2001 From: Harsha Muralidhar <hmuralidhar@gitlab.com> Date: Tue, 2 May 2023 03:25:50 +0000 Subject: [PATCH 19/19] Apply 1 suggestion(s) to 1 file(s) --- ee/spec/services/projects/fork_service_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb index 2794349566b46cde..efe22c00340156dc 100644 --- a/ee/spec/services/projects/fork_service_spec.rb +++ b/ee/spec/services/projects/fork_service_spec.rb @@ -18,7 +18,7 @@ subject(:execute) { described_class.new(project, user).execute } - it 'call auditor with correct context' do + it 'calls auditor with correct context' do expect(::Gitlab::Audit::Auditor).to receive(:audit) .with(hash_including(name: Projects::CreateService::AUDIT_EVENT_TYPE)) .and_call_original -- GitLab