Skip to content

Add ssh audit events

sameer shaik requested to merge ssh-audit into master

What does this MR do and why?

This MR logs the audit event when the group SSH certificate is created or deleted.

Related issue: #427413 (closed)

Screenshots or screen recordings

After:

Screenshot_2023-10-19_at_9.59.09_PM

How to set up and validate locally

  1. Enable the feature flag ssh_certificates_rest_endpoints.
  2. add a SSH certificate to a group in your GDK: curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "http://127.0.0.1:3000/api/v4/groups/GROUP_ID/ssh_certificates?title=newtitle&key="http://127.0.0.1:3000/api/v4/groups/29/ssh_certificates?title=newtitle&key=ssh-rsa%20AAAAB3NzaC1yc2EAAAADAQABAAAAgQCxT%2BaWnicS3k2ckFuoaGH3lapt28Wbif72onlVdHIhtUXZCixzs9r%2Bjw2kme4GkUP%2Fu6YUYJ0eEnEQR76uRje1xtoEUeM%2FJoC43iFX%2B3jbOd32gTSWe0NNWtdwLBbt8NqeDGv3WbYAKZfZpEfV7ipb70ju9ML1i94SC45NzbzcRQ%3D%3D%20example%40gitlab.com"
  3. List the SSH Certificates for a group with: curl --header "PRIVATE-TOKEN: <your_access_token>" "http://127.0.0.1:3000/api/v4/groups/GROUP_ID/ssh_certificates
  4. Delete a SSH Certificate with: curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "http://127.0.0.1:3000/api/v4/groups/GROUP_ID/ssh_certificates/<ssh_cert_id_from_previous_request>"

For all the above actions, verify the audit logs.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by sameer shaik

Merge request reports