Added delete api for instance GCP config for audit events (!131752) · Merge requests · GitLab.org / GitLab

Hitesh Raghuvanshi requested to merge 423040-destroy-instance-gcp into master Sep 14, 2023

What does this MR do and why?

This MR adds a new mutation to the GraphQL API that allows users to delete instance level Google Cloud Logging configurations. The mutation will delete the configuration and create an audit event. If there is an error during deletion, the mutation will return an error message. The mutation is available to only instance admins of instances with Ultimate license.

This is quite similar to group level api for deletion of gcp configs as mentioned in https://docs.gitlab.com/ee/administration/audit_event_streaming/graphql_api.html#delete-google-cloud-logging-configurations.

Creation API is being added in !130663 (merged).

Query plan

Select query

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/22209/commands/71768

SELECT 
  "audit_events_instance_google_cloud_logging_configurations".* 
FROM 
  "audit_events_instance_google_cloud_logging_configurations" 
WHERE 
  "audit_events_instance_google_cloud_logging_configurations"."id" = 6

Deletion query

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/22209/commands/71769

DELETE FROM 
  "audit_events_instance_google_cloud_logging_configurations" 
WHERE 
  "audit_events_instance_google_cloud_logging_configurations"."id" = 6

How to set up and validate locally

For this you need to have admin access of a GitLab instance with an Ultimate license.
Create an entry for the instance level GCP config by running following command in rails console

AuditEvents::Instance::GoogleCloudLoggingConfiguration.create!(google_project_id_name: "project-name", client_email: "abcd@rt.com", log_id_name: "some_log_name", name: "First destination", private_key: "random_private_key")

Visit graphql explorer https://gitlab.localdev:3000/-/graphql-explorer.
Run following query to list down the destination and note the graphql id for the same

query instanceGoogleCloudLoggingConfigurations {
  instanceGoogleCloudLoggingConfigurations {
    nodes {
        id
        logIdName
        googleProjectIdName
        clientEmail
        name
      }
  }
}

Then run the delete mutation in the explorer using the graphql id of the destination obtained in step 4.

mutation instanceGoogleCloudLoggingConfigurationDestroy {
  instanceGoogleCloudLoggingConfigurationDestroy(input: { id: "gid://gitlab/AuditEvents::Instance::GoogleCloudLoggingConfiguration/9" }) {
    errors
  }
}

Run the query in step 4 to verify the config got deleted. Also check for the audit event generated in https://gitlab.localdev:3000/admin/audit_logs, it should look something like following image

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #423040 (closed)

Edited Sep 14, 2023 by Hitesh Raghuvanshi

Added delete api for instance GCP config for audit events