Skip to content

Log audit event when updating protected environments

What does this MR do and why?

Record an audit event when changes are made to a Protected Environment.

The following changes would result in an audit event:

Protected Environment attributes

  • Change in the required approval count

**Protected Environment - Allowed to Deploy (**protected_environment.deploy_access_levels)

  • Added
  • Deleted
  • Updated, when the authorizable target (access_level/user/group) is changed

**Protected Environment - Allowed to Approve (**protected_environment.approval_rules)

  • Added
  • Deleted
  • Updated
    • when the authorizable target (access_level/user/group) is changed
    • when the required approval count is changed

This is another iteration of !130494 (closed), which was closed because the implementation was based on code outside of the EE folder.

Screenshots or screen recordings


How to set up and validate locally

  1. Make sure you are testing on an EE instance.
  2. Select a project you want to test or create a new project
  3. Create an environment in the project

Following the Protected Environments guide:

  1. Protect the environment
  2. Update the Allowed to Deploy and Approvers, and Approval Rules of the protected environment.

Following the Audit Events guide:

  1. Verify that the changes you did in step 5 are recorded in the audit stream. (See screenshot above for an idea of how the list of edit events would look like.)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #415603 (closed)

Edited by Pam Artiaga

Merge request reports