Skip to content
Snippets Groups Projects

Adding new audit event scope for instance level audit events

Merged Hitesh Raghuvanshi requested to merge 404730-instance-scope into master
All threads resolved!

What does this MR do and why?

This MR is introducing a new scope instance_scope for audit events representing changes to instance level settings. Here scope of an audit event represents the level where the change is made, already present scopes were user, group and project.

We have created an abstract scope here as explained in #404730 (closed).

For testing it out, currently I have added one audit event which is using this new scope while creating a new instance level external destination as part of issue #404730 (closed).

How to set up and validate locally

  1. Enable feature flag by running ::Feature.enable(:ff_external_audit_events) in rails console, this is not required for the scope but for creating the instance destination which will create audit event using this scope.
  2. Login with instance admin credentials on http://127.0.0.1:3000 and then go to graphql explorer http://127.0.0.1:3000/-/graphql-explorer
  3. Run following mutation for creating a new instance level external audit event destination, replace https://www.example.com with your own webhook url
mutation {
  instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://www.example.com"}) {
    errors
    instanceExternalAuditEventDestination {
      destinationUrl
      id
    }
  }
}
  1. You will receive a new event on the webhook url with a payload which would look something like, notice the entity_type:
{
  "id": 5300,
  "author_id": 1,
  "entity_id": 1,
  "entity_type": "Gitlab::Audit::InstanceScope",
  "details": {
    "author_name": "Administrator",
    "author_class": "User",
    "target_id": 25,
    "target_type": "AuditEvents::InstanceExternalAuditEventDestination",
    "target_details": "Destination_e8ba8b07-de7b-4a49-ab32-997528f05628",
    "custom_message": "Create instance event streaming destination https://www.example.com",
    "ip_address": "127.0.0.1",
    "entity_path": "gitlab_instance"
  },
  "ip_address": "127.0.0.1",
  "author_name": "Administrator",
  "entity_path": "gitlab_instance",
  "target_details": "Destination_e8ba8b07-de7b-4a49-ab32-997528f05628",
  "created_at": "2023-06-27T11:33:59.069Z",
  "target_type": "AuditEvents::InstanceExternalAuditEventDestination",
  "target_id": 25,
  "event_type": "create_instance_event_streaming_destination"
}
  1. Also check the audit event dashboard at http://127.0.0.1:3000/admin/audit_logs, it should also show the audit event related to adding the new destination.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #404730 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Hitesh Raghuvanshi added 280 commits

    added 280 commits

    Compare with previous version

  • mentioned in issue #282428 (closed)

  • added 1 commit

    Compare with previous version

  • Hitesh Raghuvanshi added 179 commits

    added 179 commits

    Compare with previous version

  • Hitesh Raghuvanshi marked this merge request as ready

    marked this merge request as ready

  • Hitesh Raghuvanshi changed title from Draft: Instance scope added, need to test to Adding new audit event scope for instance level audit events

    changed title from Draft: Instance scope added, need to test to Adding new audit event scope for instance level audit events

  • Hitesh Raghuvanshi changed the description

    changed the description

  • Hitesh Raghuvanshi marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

    marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

  • Hitesh Raghuvanshi changed the description

    changed the description

  • added 1 commit

    • 26c20438 - Adding instance scope for audit events

    Compare with previous version

  • Hitesh Raghuvanshi changed the description

    changed the description

  • requested review from @harsimarsandhu

  • Harsimar Sandhu mentioned in merge request !123187 (merged)

    mentioned in merge request !123187 (merged)

  • Harsimar Sandhu
  • Harsimar Sandhu removed review request for @harsimarsandhu

    removed review request for @harsimarsandhu

  • Hitesh Raghuvanshi added 825 commits

    added 825 commits

    Compare with previous version

  • Hitesh Raghuvanshi changed the description

    changed the description

  • added 1 commit

    • b83c81e1 - Fixed issue with audit event presenter

    Compare with previous version

  • Hitesh Raghuvanshi added 203 commits

    added 203 commits

    Compare with previous version

  • requested review from @harsimarsandhu

  • Harsimar Sandhu approved this merge request

    approved this merge request

  • :wave: @harsimarsandhu, thanks for approving this merge request.

    This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.

    For more info, please refer to the following links:

  • Harsimar Sandhu requested review from @rkadam3 and removed review request for @harsimarsandhu

    requested review from @rkadam3 and removed review request for @harsimarsandhu

  • added 1 commit

    Compare with previous version

  • Hitesh Raghuvanshi added 187 commits

    added 187 commits

    Compare with previous version

  • Hitesh Raghuvanshi mentioned in merge request !124605 (merged)

    mentioned in merge request !124605 (merged)

  • Rajendra Kadam approved this merge request

    approved this merge request

  • Harsimar Sandhu approved this merge request

    approved this merge request

  • Rajendra Kadam resolved all threads

    resolved all threads

  • Rajendra Kadam enabled an automatic merge when the pipeline for c590be73 succeeds

    enabled an automatic merge when the pipeline for c590be73 succeeds

  • Hitesh Raghuvanshi mentioned in merge request !123335 (closed)

    mentioned in merge request !123335 (closed)

  • Hitesh Raghuvanshi aborted the automatic merge because source branch was updated

    aborted the automatic merge because source branch was updated

  • Hitesh Raghuvanshi added 317 commits

    added 317 commits

    Compare with previous version

  • @rkadam3 The merge pipeline failed because an unrelated test case, I have rebased the branch, can you please run the MWPS again?

  • merged

  • @rkadam3, did you forget to run a pipeline before you merged this work? Based on our code review process, if the latest pipeline was created more than 6 hours ago OR finished more than 2 hours ago, you should:

    1. Ensure the merge request is not in Draft status.
    2. Start a pipeline (especially important for Community contribution merge requests).
    3. Set the merge request to auto-merge.

    This is a guideline, not a rule. Please consider replying to this comment for transparency.

    This message was generated automatically. You're welcome to improve it.

  • Rajendra Kadam mentioned in commit 22bdc6c5

    mentioned in commit 22bdc6c5

  • mentioned in issue #404730 (closed)

  • Verified on staging-ref

    Staging rails console:

    image

    Audit event created on creating instance level external audit event destination

    image

    Event also streamed to destination

    image

  • mentioned in issue #418185 (closed)

  • Hitesh Raghuvanshi mentioned in merge request !128119 (merged)

    mentioned in merge request !128119 (merged)

  • Peter Leitzen mentioned in merge request !160362 (merged)

    mentioned in merge request !160362 (merged)

  • Please register or sign in to reply
    Loading