Added AWS validator for external destinations (!151659) · Merge requests · GitLab.org / GitLab

Hitesh Raghuvanshi requested to merge 436609-aws-handler into master May 01, 2024

What does this MR do and why?

Added validation of amazon s3 audit event streaming destinations in newly created consolidated external audit event destinations.

Following changes are added:

Config json schema added for aws destinations.
Validation of uniqueness of bucket name in config of destinations:
1. For group level external audit event destinations:
  1. No two destinations belonging to same group can have same bucker name in their configs.
  2. Two destinations can have same bucket name in config if they belong to different groups.
2. For instance level destinations, no two destinations can have same bucket name in their configs.
Moved validation of uniqueness of attribute to base destination validator.

The changes are similar to !150669 (merged) for http destinations.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

You need to have a group, let's say twitter and Gitlab instance with Ultimate license.
Go to http://gitlab.localdev:3000/-/graphql-explorer and run following mutations and queries.
First let's try to create a group level destination with category aws by running following mutation, it will create the destination successfully:

mutation groupAuditEventStreamingDestinationsCreate {
  groupAuditEventStreamingDestinationsCreate(input: {
    name: "aws_dest2",
    category: "aws",
    groupPath: "twitter",
    secretToken: "random_secret_token123"
    config: {
      accessKeyXid: "random_access_key_id",
      bucketName: "some-bucket2",
      awsRegion: "ap-south-2"
    }
  }) {
    errors
    externalAuditEventDestination {
      id
      name
      config
      category
    }
  }
}

The output will be something like following and there should not be any errors:

{
  "data": {
    "groupAuditEventStreamingDestinationsCreate": {
      "errors": [],
      "externalAuditEventDestination": {
        "id": "gid://gitlab/AuditEvents::Group::ExternalStreamingDestination/9",
        "name": "aws_dest2",
        "config": {
          "accessKeyXid": "random_access_key_id",
          "bucketName": "some-bucket-2",
          "awsRegion": "ap-south-2"
        },
        "category": "aws"
      }
    }
  }
}

Let's create another destination, this time we should get some errors, now run the following mutation:

mutation groupAuditEventStreamingDestinationsCreate {
  groupAuditEventStreamingDestinationsCreate(input: {
    name: "aws_dest2",
    category: "aws",
    groupPath: "twitter",
    secretToken: "random_secret_token123"
    config: {
      accessKeyXid: "random_access_key_id",
      bucketName: "some-bucket-2",
      awsRegion: "ap-south-2"
    }
  }) {
    errors
    externalAuditEventDestination {
      id
      name
      config
      category
    }
  }
}

Errors will be something like:

{
  "data": {
    "groupAuditEventStreamingDestinationsCreate": {
      "errors": [
        "Config bucketName is already taken.",
        "Name has already been taken"
      ],
      "externalAuditEventDestination": null
    }
  }
}

Related to #436609 (closed)

Edited May 02, 2024 by Hitesh Raghuvanshi

Added AWS validator for external destinations

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports