Skip to content

Create apis for instance audit events

Hitesh Raghuvanshi requested to merge 436615-create-instance into master

What does this MR do and why?

This MR adds a graphql api for creating instance level audit event streaming destinations as per the part of consolidation of apis efforts in &12339. This API is similar to the one created for group level destinations in !147888 (merged).

The code diff adds a new feature that allows administrators to create external destinations to stream instance-level audit events. This feature is disabled by default and requires a license to be enabled. Only administrators can create these destinations, and the action is audited. The code also includes tests to ensure the feature works as expected.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. For testing this, you need to have a GitLab instance with Ultimate license.
  2. Visit graphql explorer, for example http://gitlab.localdev:3000/-/graphql-explorer on your local setup.
  3. Add following mutation for creating a new instance level external audit event destination.
mutation instanceAuditEventStreamingDestinationsCreate {
  instanceAuditEventStreamingDestinationsCreate(input: {
    name: "testdest5",
    category: "http",
    secretToken: "random_secret_token",
    config: {
      url: ""
  }) {
    externalAuditEventDestination {
  1. You should receive a destination object in response, something like, which means that the destination has been created.
  "data": {
    "instanceAuditEventStreamingDestinationsCreate": {
      "errors": [],
      "externalAuditEventDestination": {
        "id": "gid://gitlab/AuditEvents::Instance::ExternalStreamingDestination/1",
        "name": "testdest5",
        "config": {
          "url": ""
        "category": "http"
  1. You can also try by giving config as a string, or not passing required parameters, all of these should return errors.
  2. For verifying creation of the destination, you can also cross check in rails console by running AuditEvents::Instance::ExternalStreamingDestination.all

Related to #436615 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports