Adding validation for custom http audit event destinations
What does this MR do and why?
Added validation of custom http audit event streaming destinations in newly created consolidated external audit event destinations.
Following changes are added:
- Config json schema added for http destinations, which does following:
- Requires a field named url which should be a correct http or https url with max length of 255 characters.
- A json object headers, which can be null or empty or can contain hash of all headers in format
{ key: { value: 'value', active: true }}. There is limit of maximum 20 headers.
- Validation of uniqueness of HTTP url in config of destinations:
- For group level external audit event destinations:
- No two destinations belonging to same group can have same url in their configs.
- Two destinations can have same url in config if they belong to different groups.
- For instance level destinations, no two destinations can have same url in their configs.
- For group level external audit event destinations:
- Validation of secret token length: If secret token is provided then the length should be between 16 to 24 characters.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
- You need to have a group and Gitlab instance with Ultimate license.
- Go to http://gitlab.localdev:3000/-/graphql-explorer and run following mutations and queries.
- First let's try to create a group level destination with category http by running following mutation, it will create the destination successfully:
mutation groupAuditEventStreamingDestinationsCreate {
groupAuditEventStreamingDestinationsCreate(input: {
name: "testdest512",
category: "http",
groupPath: "twitter",
secretToken: "some_random_token_string"
config: {
url: "https://www.example562.com",
headers: {
key1: {
value: "value1",
active: true
},
key2: {
value: "value2"
},
key3: {
value: "value3",
active: false
}
}
}
}) {
errors
externalAuditEventDestination {
id
name
config
category
}
}
}- The response will be something like:
{
"data": {
"groupAuditEventStreamingDestinationsCreate": {
"errors": [],
"externalAuditEventDestination": {
"id": "gid://gitlab/AuditEvents::Group::ExternalStreamingDestination/7",
"name": "testdest512",
"config": {
"url": "https://www.example562.com",
"headers": {
"key1": {
"value": "value1",
"active": true
},
"key2": {
"value": "value2"
},
"key3": {
"value": "value3",
"active": false
}
}
},
"category": "http"
}
}
}
}- Let's create another destination, this time we should get some errors, now run the following mutation:
mutation groupAuditEventStreamingDestinationsCreate {
groupAuditEventStreamingDestinationsCreate(input: {
name: "testdest512",
category: "http",
groupPath: "twitter",
secretToken: "token"
config: {
url: "https://www.example562.com",
headers: {
key1: {
value: "value1",
active: true
},
key2: {
value: "value2"
},
key3: {
value: "value3",
active: false
}
}
}
}) {
errors
externalAuditEventDestination {
id
name
config
category
}
}
}- The error in response of step 5 mutation will be
{
"data": {
"groupAuditEventStreamingDestinationsCreate": {
"errors": [
"Config has url which is already being used by some other destination.",
"Secret token should have length between 16 to 24 characters.",
"Name has already been taken"
],
"externalAuditEventDestination": null
}
}
}Related to #436607
Edited by Hitesh Raghuvanshi