Skip to content

Add audit event when sending runner usage report by e-mail

Pedro Pombeiro (OOO from July 16th till Aug 7th) requested to merge pedropombeiro/426562/add-auditing into master

What does this MR do and why?

This MR updates Ci::Runners::SendUsageCsvService to create an audit event when it is invoked, so that system admins know when sensitive data is sent out, in the event of a compromised admin account.

EE: true

Part of #426562 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Step Screenshot
Run mutation in http://gdk.test:3000/-/graphql-explorer image
Navigate to http://gdk.test:3000/admin/audit_logs image

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Start the clickhouse server ./clickhouse server

  2. Run migrations bundle exec rake gitlab:clickhouse:migrate

  3. Run mutation in http://gdk.test:3000/-/graphql-explorer:

    Query:

    mutation runnersExportUsage($input: RunnersExportUsageInput!) {
  runnersExportUsage(input: $input) {
    errors
  }
}

    Query variables:

    {
  "input": {
  	"type": "INSTANCE_TYPE"
	}
}

    This will dispatch the worker asynchronously in Sidekiq, and the email should be available shortly in http://gdk.test:3000/rails/letter_opener/.

  4. Navigate to http://gdk.test:3000/admin/audit_logs and confirm that an audit event was created.

Edited by Pedro Pombeiro (OOO from July 16th till Aug 7th)

Merge request reports