Added AWS validator for external destinations
What does this MR do and why?
Added validation of amazon s3 audit event streaming destinations in newly created consolidated external audit event destinations.
Following changes are added:
- Config json schema added for aws destinations.
- Validation of uniqueness of bucket name in config of destinations:
- For group level external audit event destinations:
- No two destinations belonging to same group can have same bucker name in their configs.
- Two destinations can have same bucket name in config if they belong to different groups.
- For instance level destinations, no two destinations can have same bucket name in their configs.
- For group level external audit event destinations:
- Moved validation of uniqueness of attribute to base destination validator.
The changes are similar to !150669 (merged) for http destinations.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- You need to have a group, let's say
twitter
and Gitlab instance with Ultimate license. - Go to http://gitlab.localdev:3000/-/graphql-explorer and run following mutations and queries.
- First let's try to create a group level destination with category aws by running following mutation, it will create the destination successfully:
mutation groupAuditEventStreamingDestinationsCreate {
groupAuditEventStreamingDestinationsCreate(input: {
name: "aws_dest2",
category: "aws",
groupPath: "twitter",
secretToken: "random_secret_token123"
config: {
accessKeyXid: "random_access_key_id",
bucketName: "some-bucket2",
awsRegion: "ap-south-2"
}
}) {
errors
externalAuditEventDestination {
id
name
config
category
}
}
}
- The output will be something like following and there should not be any errors:
{
"data": {
"groupAuditEventStreamingDestinationsCreate": {
"errors": [],
"externalAuditEventDestination": {
"id": "gid://gitlab/AuditEvents::Group::ExternalStreamingDestination/9",
"name": "aws_dest2",
"config": {
"accessKeyXid": "random_access_key_id",
"bucketName": "some-bucket-2",
"awsRegion": "ap-south-2"
},
"category": "aws"
}
}
}
}
- Let's create another destination, this time we should get some errors, now run the following mutation:
mutation groupAuditEventStreamingDestinationsCreate {
groupAuditEventStreamingDestinationsCreate(input: {
name: "aws_dest2",
category: "aws",
groupPath: "twitter",
secretToken: "random_secret_token123"
config: {
accessKeyXid: "random_access_key_id",
bucketName: "some-bucket-2",
awsRegion: "ap-south-2"
}
}) {
errors
externalAuditEventDestination {
id
name
config
category
}
}
}
- Errors will be something like:
{
"data": {
"groupAuditEventStreamingDestinationsCreate": {
"errors": [
"Config bucketName is already taken.",
"Name has already been taken"
],
"externalAuditEventDestination": null
}
}
}
Related to #436609 (closed)
Edited by Hitesh Raghuvanshi