Skip to content

Add update API for instance GCP audit event destinations

Hitesh Raghuvanshi requested to merge 423039-update-instance-gcp into master

What does this MR do and why?

  1. This MR adds an GraphQL update API for instance level GCP audit event destinations.
  2. A concern CommonUpdate is added for containing common code of group level and instance level update mutations.

Query plan

Query:

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/22849/commands/73715

UPDATE 
  "audit_events_instance_google_cloud_logging_configurations" 
SET 
  "updated_at" = '2023-10-04 16:31:13.005842', 
  "google_project_id_name" = 'updated-project', 
  "client_email" = 'updated-email@example.com', 
  "log_id_name" = 'updated_log_id_name', 
  "name" = 'updated_destination_name', 
  "encrypted_private_key" = 'some_private_key', 
  "encrypted_private_key_iv" = 'some_private_key_iv' 
WHERE 
  "audit_events_instance_google_cloud_logging_configurations"."id" = 9

How to set up and validate locally

  1. For this you need to have admin access of a GitLab instance with an Ultimate license.
  2. Visit graphql explorer https://gitlab.localdev:3000/-/graphql-explorer.
  3. Run following mutation to add new instance level gcp configuration
mutation instanceGoogleCloudLoggingConfigurationCreate {
  instanceGoogleCloudLoggingConfigurationCreate(input: { googleProjectIdName: "my-google-project", clientEmail: "my-email@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", logIdName: "audit-events", name: "my-destination" }) {
    errors
    instanceGoogleCloudLoggingConfiguration {
      id
      logIdName
      googleProjectIdName
      clientEmail
      name
    }
  }
}
  1. For credentials you can refer to details in https://docs.gitlab.com/ee/administration/audit_event_streaming/#google-cloud-logging-destinations. But for now dummy details will also work. I will enable streaming for this in another MR which belongs to issue #423041 (closed).
  2. For checking if the configuration got added or not you can run following query for listing the details
query instanceGoogleCloudLoggingConfigurations {
  instanceGoogleCloudLoggingConfigurations {
    nodes {
        id
        logIdName
        googleProjectIdName
        clientEmail
        name
      }
  }
}
  1. Now run following mutation to update the configuration, use the id received in step 5, it should update the config
mutation instanceGoogleCloudLoggingConfigurationUpdate {
  instanceGoogleCloudLoggingConfigurationUpdate(
    input: {id: "gid://gitlab/AuditEvents::Instance::GoogleCloudLoggingConfiguration/11", googleProjectIdName: "updated-google-id", clientEmail: "updatedl@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", logIdName: "audit-events", name: "updated name"}
  ) {
    errors
    instanceGoogleCloudLoggingConfiguration {
      id
      logIdName
      googleProjectIdName
      clientEmail
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #423039 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports