Skip to content

Added audit events for creation and deletion of filters

Hitesh Raghuvanshi requested to merge 417559-event-audit-events into master

What does this MR do and why?

This MR adds audit events on creation and deletion of event filters used for streaming to instance level external audit event streaming destinations.

How to set up and validate locally

  1. For this your gitlab instance should have Ultimate license.
  2. Login in your local gitlab instance http://gitlab.localdev:3000/ with instance admin credentials as the API is only accessible by instance admins.
  3. Visit http://gitlab.localdev:3000/admin/audit_logs?tab=streams and create a new streaming destination by clicking "Add streaming destination" button on right and then select "HTTP endpoint". Enter an endpoint of your choice, for example https://www/example.com(you can try pipedream) in the url and then click on Add button. This will create a new audit event streaming destination for your instance.
  4. Visit http://gitlab.localdev:3000/-/graphql-explorer for running GraphQl APIs.
  5. Run following query for listing down all the destinations added to your instance:
query {
  instanceExternalAuditEventDestinations {
    nodes {
      id
      destinationUrl
      verificationToken
      headers {
        nodes {
          id
          key
          value
        }
      }
      eventTypeFilters
    }
  }
}
  1. Note down the destination id from output of step 5, it would look something like: gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/45.
  2. Now create event filters for the destination by running following mutation:(Do add the filters event_type_filters_created and event_type_filters_deleted otherwise you will not receive events on your destination)
mutation {
   auditEventsStreamingDestinationInstanceEventsAdd(
    input: {
      destinationId:  "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/<id>",
      eventTypeFilters:["filter1", "event_type_filters_deleted", "event_type_filters_created", "filter2"] 
    }
  ){
    errors
    eventTypeFilters
  }
}
  1. You can run query in step 5 to check if filters got created or not.
  2. Visit http://gitlab.localdev:3000/admin/audit_logs?tab=log and you will notice a new audit event with entry something like Created audit event type filter(s): filter1, event_type_filters_deleted, event_type_filters_created and filter2.
  3. Now let's delete some filters by running following mutation:
mutation auditEventsStreamirubngDestinationInstanceEventsRemove {
  auditEventsStreamingDestinationInstanceEventsRemove(input: { 
    destinationId: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/46", 
    eventTypeFilters: ["filter1", "filter2"]
  }) {
    errors 
  }
}
  1. You can run query in step 5 to check if filters got deleted or not.
  2. Visit http://gitlab.localdev:3000/admin/audit_logs?tab=log and you will notice a new audit event with entry something like Deleted audit event type filter(s): filter1 and filter2.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #417559 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports