Adding new audit event scope for instance level audit events
What does this MR do and why?
This MR is introducing a new scope instance_scope
for audit events representing changes to instance level settings.
Here scope of an audit event represents the level where the change is made, already present scopes were user, group and project.
We have created an abstract scope here as explained in #404730 (closed).
For testing it out, currently I have added one audit event which is using this new scope while creating a new instance level external destination as part of issue #404730 (closed).
How to set up and validate locally
- Enable feature flag by running
::Feature.enable(:ff_external_audit_events)
in rails console, this is not required for the scope but for creating the instance destination which will create audit event using this scope. - Login with instance admin credentials on http://127.0.0.1:3000 and then go to graphql explorer http://127.0.0.1:3000/-/graphql-explorer
- Run following mutation for creating a new instance level external audit event destination, replace
https://www.example.com
with your own webhook url
mutation {
instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://www.example.com"}) {
errors
instanceExternalAuditEventDestination {
destinationUrl
id
}
}
}
- You will receive a new event on the webhook url with a payload which would look something like, notice the entity_type:
{
"id": 5300,
"author_id": 1,
"entity_id": 1,
"entity_type": "Gitlab::Audit::InstanceScope",
"details": {
"author_name": "Administrator",
"author_class": "User",
"target_id": 25,
"target_type": "AuditEvents::InstanceExternalAuditEventDestination",
"target_details": "Destination_e8ba8b07-de7b-4a49-ab32-997528f05628",
"custom_message": "Create instance event streaming destination https://www.example.com",
"ip_address": "127.0.0.1",
"entity_path": "gitlab_instance"
},
"ip_address": "127.0.0.1",
"author_name": "Administrator",
"entity_path": "gitlab_instance",
"target_details": "Destination_e8ba8b07-de7b-4a49-ab32-997528f05628",
"created_at": "2023-06-27T11:33:59.069Z",
"target_type": "AuditEvents::InstanceExternalAuditEventDestination",
"target_id": 25,
"event_type": "create_instance_event_streaming_destination"
}
- Also check the audit event dashboard at http://127.0.0.1:3000/admin/audit_logs, it should also show the audit event related to adding the new destination.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #404730 (closed)
Merge request reports
Activity
changed milestone to %16.1
assigned to @hraghuvanshi
2 Warnings 14d139eb: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines. Please add a merge request subtype to this merge request. Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Sam Kim (
@samsam_kim
) (UTC-7, 12.5 hours behind@hraghuvanshi
)Mayra Cabrera (
@mayra-cabrera
) (UTC-6, 11.5 hours behind@hraghuvanshi
)test for spec/features/*
Harsha Muralidhar (
@hmuralidhar
) (UTC+10, 4.5 hours ahead of@hraghuvanshi
)Maintainer review is optional for test for spec/features/*
groupcompliance Reviewer review is optional for groupcompliance Jay Montal (
@jmontal
) (UTC-6, 11.5 hours behind@hraghuvanshi
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger @hraghuvanshi Some end-to-end (E2E) tests have been selected based on the stage label on this MR. If not run already, please run thee2e:package-and-test-ee
job in theqa
stage and review the results before merging this MR. (E2E tests are not run automatically on some MRs due to runner resource constraints.)If you would like to run all e2e tests, please apply the pipeline:run-all-e2e label and restart the pipeline.
Once done, please apply the
emoji on this comment.For any questions or help in reviewing the E2E test results, please reach out on the internal #quality Slack channel.
Allure report
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for e12042f2expand test summary
+-------------------------------------------------------------+ | suites summary | +--------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +--------+--------+--------+---------+-------+-------+--------+ | Govern | 2 | 0 | 0 | 0 | 2 | ✅ | +--------+--------+--------+---------+-------+-------+--------+ | Total | 2 | 0 | 0 | 0 | 2 | ✅ | +--------+--------+--------+---------+-------+-------+--------+
changed milestone to %16.2
added missed:16.1 label
added 1195 commits
-
6fa99ade...db3260ae - 1193 commits from branch
master
- 0b84d8ba - Merge branch 'master' into 404730-instance-scope
- 2a734c32 - Fixed failing rspecs
-
6fa99ade...db3260ae - 1193 commits from branch
- Resolved by Rajendra Kadam
added 280 commits
-
2a734c32...b1cc2b62 - 278 commits from branch
master
- 592d0551 - Added external destination audit event
- 7b4bab14 - Merge branch 'master' into 404730-instance-scope
-
2a734c32...b1cc2b62 - 278 commits from branch
mentioned in issue #282428 (closed)
added 179 commits
-
55fc0ebd...c23410b6 - 178 commits from branch
master
- 835bd90c - Merge branch 'master' into 404730-instance-scope
-
55fc0ebd...c23410b6 - 178 commits from branch
marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed
- Resolved by Rajendra Kadam
@harsimarsandhu Can you please do backend and groupcompliance review here?
requested review from @harsimarsandhu
mentioned in merge request !123187 (merged)
- Resolved by Hitesh Raghuvanshi
- Resolved by Rajendra Kadam
removed review request for @harsimarsandhu
added 825 commits
-
26c20438...409ed30a - 824 commits from branch
master
- a1d6f09c - Adding instance scope for audit events
-
26c20438...409ed30a - 824 commits from branch
added 203 commits
-
b83c81e1...15b62a4b - 199 commits from branch
master
- 9202622a - Removed extra param
- e2208cf7 - Removed extra param
- cbe3c6a0 - Merge branch 'master' into 404730-instance-scope
- d096e496 - Added feature test cases
Toggle commit list-
b83c81e1...15b62a4b - 199 commits from branch
requested review from @harsimarsandhu
mentioned in merge request gitlab-com/www-gitlab-com!126627 (merged)
@harsimarsandhu
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.
For more info, please refer to the following links:
added pipeline:mr-approved label
requested review from @rkadam3 and removed review request for @harsimarsandhu
- Resolved by Rajendra Kadam
@hraghuvanshi - There is a coverage failure. Can you check? It seems related.
added 187 commits
-
d8af7fea...773e5f86 - 186 commits from branch
master
- db2f9b51 - Merge branch 'master' into 404730-instance-scope
-
d8af7fea...773e5f86 - 186 commits from branch
mentioned in merge request !124605 (merged)
- Resolved by Rajendra Kadam
@rkadam3 Can you please set MWPS here?
enabled an automatic merge when the pipeline for c590be73 succeeds
mentioned in merge request !123335 (closed)
added 317 commits
Toggle commit listmentioned in merge request gitlab-com/www-gitlab-com!126546 (merged)
@rkadam3 The merge pipeline failed because an unrelated test case, I have rebased the branch, can you please run the MWPS again?
@rkadam3, did you forget to run a pipeline before you merged this work? Based on our code review process, if the latest pipeline was created more than 6 hours ago OR finished more than 2 hours ago, you should:
- Ensure the merge request is not in Draft status.
- Start a pipeline (especially important for Community contribution merge requests).
- Set the merge request to auto-merge.
This is a guideline, not a rule. Please consider replying to this comment for transparency.
This message was generated automatically. You're welcome to improve it.
mentioned in commit 22bdc6c5
added workflowstaging-canary label and removed workflowsolution validation label
mentioned in issue #404730 (closed)
added workflowcanary label and removed workflowstaging-canary label
added self-managed workflowstaging labels and removed self-managed workflowcanary labels
added workflowproduction label and removed workflowstaging label
mentioned in issue #418185 (closed)
added releasedcandidate label
mentioned in merge request !128119 (merged)
added releasedpublished label and removed releasedcandidate label
mentioned in merge request !160362 (merged)