Skip audit event on download of export, if download should be silent
What does this MR do and why?
If the instance has enabled Silent Admin Exports, and the user who is downloading the export is an admin, we now skip creating the audit event.
https://gitlab.com/gitlab-org/gitlab/-/issues/294168
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create a project export
- As an instance admin (
@root
) download that project export when it's available - View project audit events, go Secure > Audit events. You should see an audit event for the export download (this is existing functionality).
- Now enable the Silent Admin Exports setting.
- Enable the
export_audit_events
feature flag: On the rails console:Feature.enable(:export_audit_events)
. - Go to
/admin/application_settings/general
, expand Import and Export Settings and checkSilent Admin Exports
.
- Enable the
- Wait a minute while for the application settings cache to expire.
- Download the export file again, and view the project audit events again. There should not be a new new audit event created.
Related to #294168