Add audit events for activities performed by a project access token
What does this MR do and why?
Add audit events when the following actions are performed by a project access token
- When an MR is created, closed, reopened or merged
- When a comment is added to an issue, MR etc. (streaming event is created in this case)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a project and then create a project access token for that project as per the steps in this doc.
- Create an issue inside the project and then using the notes API add a comment to that issue using the project access token. Example:
curl -X POST --header "PRIVATE-TOKEN: <insert-token-here>" "https://gdk.test:3000/api/v4/projects/20/issues/1/notes?body=This+is+a+test+note"
. - Ensure that a streaming audit event is created.
- Create a new branch (eg:
feature
) and commit some changes to it. Push thefeature
branch to remote. - Create an MR using the project access token. Example:
curl -X POST --header "PRIVATE-TOKEN: <token>" "https://gdk.test:3000/api/v4/projects/20/merge_requests?source_branch=feature&target_branch=main&title=MR+using+PAT"
- Ensure that an audit event is created corresponding to the create MR action.
- Close the MR using the project access token. Example:
curl -X PUT --header "PRIVATE-TOKEN: <token>" "https://gdk.test:3000/api/v4/projects/20/merge_requests/16?state_event=close"
- Ensure that an audit event is created corresponding to the close MR action.
- Reopen the closed MR using the project access token. Example:
curl -X PUT --header "PRIVATE-TOKEN: <token>" "https://gdk.test:3000/api/v4/projects/20/merge_requests/16?state_event=reopen"
- Ensure that an audit event is created corresponding to the reopen MR action.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #323299 (closed)
Edited by Huzaifa Iftikhar