Adding details in audit events for user registration
What does this MR do and why?
Adding additional user information in audit event generated when a new user is registered as per #377756.
User information being added are:
- id
- name
- username
- email id
- access level
How to set up and validate locally
- Setup an instance level external audit event destination for your GitLab instance, you would require an Ultimate license for the instance.
- Register as a new user from UI on your instance, you should receive an audit event on your registered destination in step 1 with event_type
registration_created
and a hash with keyregistration_details
in the response payload underdetails
hash. It would look something like following:
Payload - Click to expand
{
"id": 5500,
"author_id": 67,
"entity_id": 67,
"entity_type": "User",
"details": {
"registration_details": {
"id": 67,
"username": "auditcheck1",
"name": "Audit check1",
"email": "auditcheck1@example.com",
"access_level": "regular"
},
"author_name": "Audit check1",
"author_class": "User",
"target_id": 67,
"target_type": "User",
"target_details": "auditcheck1",
"custom_message": "Instance access request",
"ip_address": "127.0.0.1",
"entity_path": "auditcheck1"
},
"ip_address": "127.0.0.1",
"author_name": "Audit check1",
"entity_path": "auditcheck1",
"target_details": "auditcheck1",
"created_at": "2023-08-10T07:17:10.072Z",
"target_type": "User",
"target_id": 67,
"event_type": "registration_created"
}
- Now create a new user from admin area by following steps in https://docs.gitlab.com/ee/user/profile/account/create_accounts.html#create-users-in-admin-area. You would receive an audit event to your external destination with event_type as
user_created
andregistration_details
hash similar to one received in step 2. - Register as a user via SSO, and then you would receive an audit event to your external destination with event_type as
authenticated_with_group_saml
andregistration_details
hash as similar to step 2.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #377756
Edited by Hitesh Raghuvanshi