Filter audit events by namespace filters for group
What does this MR do and why?
This MR:
- Adds a feature flag
audit_events_streaming_namespace_filter
for controlling the rollout of the feature. - Filters audit events as per namespace(group or project) filter if added to a group-level external audit event destination.
By namespace filter we mean that if a namespace filter for a specific namespace is present then the audit events only for that specific namespace and its descendants will be streamed to the destination.
For learning more about audit event streaming, checkout https://docs.gitlab.com/ee/administration/audit_event_streaming/.
How to set up and validate locally
- Make sure you have a group with Ultimate license.
- Add a new http destination by following steps in https://docs.gitlab.com/ee/administration/audit_event_streaming/#add-a-new-http-destination.
- Create a namespace filter for the destination by following steps as mentioned in !136047 (merged).
- Once created, enable the feature flag from rails console by running
Feature.enable(:audit_events_streaming_namespace_filter, Group.find(<group_id>))
. - Once it is enabled for the group. Try creating audit events by triggering actions for the namespace for which the namespace filter was created, check https://docs.gitlab.com/ee/administration/audit_event_streaming/audit_event_types.html for the triggers of audit events. You will notice your http destination will be receiving the audit events for the namespace or its descendants.
- Try triggering actions for generating audit events for either sibling namespace or top-level group, they will not be streamed to the destination.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #424174 (closed)
Edited by Hitesh Raghuvanshi