Create apis for instance audit events
What does this MR do and why?
This MR adds a graphql api for creating instance level audit event streaming destinations as per the part of consolidation of apis efforts in &12339. This API is similar to the one created for group level destinations in !147888 (merged).
The code diff adds a new feature that allows administrators to create external destinations to stream instance-level audit events. This feature is disabled by default and requires a license to be enabled. Only administrators can create these destinations, and the action is audited. The code also includes tests to ensure the feature works as expected.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- For testing this, you need to have a GitLab instance with
Ultimate
license. - Visit graphql explorer, for example http://gitlab.localdev:3000/-/graphql-explorer on your local setup.
- Add following mutation for creating a new instance level external audit event destination.
mutation instanceAuditEventStreamingDestinationsCreate {
instanceAuditEventStreamingDestinationsCreate(input: {
name: "testdest5",
category: "http",
secretToken: "random_secret_token",
config: {
url: "https://www.example.com"
}
}) {
errors
externalAuditEventDestination {
id
name
config
category
}
}
}
- You should receive a destination object in response, something like, which means that the destination has been created.
{
"data": {
"instanceAuditEventStreamingDestinationsCreate": {
"errors": [],
"externalAuditEventDestination": {
"id": "gid://gitlab/AuditEvents::Instance::ExternalStreamingDestination/1",
"name": "testdest5",
"config": {
"url": "https://www.example.com"
},
"category": "http"
}
}
}
}
- You can also try by giving config as a string, or not passing required parameters, all of these should return errors.
- For verifying creation of the destination, you can also cross check in rails console by running
AuditEvents::Instance::ExternalStreamingDestination.all
Related to #436615 (closed)