Skip to content

Add audit events for activities performed by a project access token

Huzaifa Iftikhar requested to merge 323299_audit_token_activity into master

What does this MR do and why?

Add audit events when the following actions are performed by a project access token

  • When an MR is created, closed, reopened or merged
  • When a comment is added to an issue, MR etc. (streaming event is created in this case)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

image

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Create a project and then create a project access token for that project as per the steps in this doc.
  2. Create an issue inside the project and then using the notes API add a comment to that issue using the project access token. Example: curl -X POST --header "PRIVATE-TOKEN: <insert-token-here>" "https://gdk.test:3000/api/v4/projects/20/issues/1/notes?body=This+is+a+test+note".
  3. Ensure that a streaming audit event is created.
  4. Create a new branch (eg: feature) and commit some changes to it. Push the feature branch to remote.
  5. Create an MR using the project access token. Example: curl -X POST --header "PRIVATE-TOKEN: <token>" "https://gdk.test:3000/api/v4/projects/20/merge_requests?source_branch=feature&target_branch=main&title=MR+using+PAT"
  6. Ensure that an audit event is created corresponding to the create MR action.
  7. Close the MR using the project access token. Example: curl -X PUT --header "PRIVATE-TOKEN: <token>" "https://gdk.test:3000/api/v4/projects/20/merge_requests/16?state_event=close"
  8. Ensure that an audit event is created corresponding to the close MR action.
  9. Reopen the closed MR using the project access token. Example: curl -X PUT --header "PRIVATE-TOKEN: <token>" "https://gdk.test:3000/api/v4/projects/20/merge_requests/16?state_event=reopen"
  10. Ensure that an audit event is created corresponding to the reopen MR action.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #323299 (closed)

Edited by Huzaifa Iftikhar

Merge request reports