Adding new audit event scope for instance level audit events
What does this MR do and why?
This MR is introducing a new scope instance_scope
for audit events representing changes to instance level settings.
Here scope of an audit event represents the level where the change is made, already present scopes were user, group and project.
We have created an abstract scope here as explained in #404730 (closed).
For testing it out, currently I have added one audit event which is using this new scope while creating a new instance level external destination as part of issue #404730 (closed).
How to set up and validate locally
- Enable feature flag by running
::Feature.enable(:ff_external_audit_events)
in rails console, this is not required for the scope but for creating the instance destination which will create audit event using this scope. - Login with instance admin credentials on http://127.0.0.1:3000 and then go to graphql explorer http://127.0.0.1:3000/-/graphql-explorer
- Run following mutation for creating a new instance level external audit event destination, replace
https://www.example.com
with your own webhook url
mutation {
instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://www.example.com"}) {
errors
instanceExternalAuditEventDestination {
destinationUrl
id
}
}
}
- You will receive a new event on the webhook url with a payload which would look something like, notice the entity_type:
{
"id": 5300,
"author_id": 1,
"entity_id": 1,
"entity_type": "Gitlab::Audit::InstanceScope",
"details": {
"author_name": "Administrator",
"author_class": "User",
"target_id": 25,
"target_type": "AuditEvents::InstanceExternalAuditEventDestination",
"target_details": "Destination_e8ba8b07-de7b-4a49-ab32-997528f05628",
"custom_message": "Create instance event streaming destination https://www.example.com",
"ip_address": "127.0.0.1",
"entity_path": "gitlab_instance"
},
"ip_address": "127.0.0.1",
"author_name": "Administrator",
"entity_path": "gitlab_instance",
"target_details": "Destination_e8ba8b07-de7b-4a49-ab32-997528f05628",
"created_at": "2023-06-27T11:33:59.069Z",
"target_type": "AuditEvents::InstanceExternalAuditEventDestination",
"target_id": 25,
"event_type": "create_instance_event_streaming_destination"
}
- Also check the audit event dashboard at http://127.0.0.1:3000/admin/audit_logs, it should also show the audit event related to adding the new destination.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #404730 (closed)
Edited by Hitesh Raghuvanshi