Log audit event when updating protected environments
What does this MR do and why?
Record an audit event when changes are made to a Protected Environment.
The following changes would result in an audit event:
Protected Environment attributes
- Change in the required approval count
Protected Environment - Allowed to Deploy (protected_environment.deploy_access_levels)
- Added
- Deleted
- Updated, when the authorizable target (access_level/user/group) is changed
Protected Environment - Allowed to Approve (protected_environment.approval_rules)
- Added
- Deleted
- Updated
- when the authorizable target (access_level/user/group) is changed
- when the required approval count is changed
As proposed in the associated issue (#415603 (closed)), the way the audit_context is built is similar to the logic in FeatureFlag::UpdateService.
Screenshots or screen recordings
How to set up and validate locally
- Make sure you are testing on an EE instance.
- Select a project you want to test or create a new project
- Create an environment in the project
Following the Protected Environments guide:
- Protect the environment
- Update the Allowed to Deploy and Approvers, and Approval Rules of the protected environment.
Following the Audit Events guide:
- Verify that the changes you did in step 5 are recorded in the audit stream. (See screenshot above for an idea of how the list of edit events would look like.)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #415603 (closed)
Edited by Pam Artiaga