Skip to content

Create audit events for container repository destruction

Aaron Huntsman requested to merge 362290-container-registry-audit-events into master

What does this MR do and why?

Creates the container_repository_deletion_marked audit event, to be logged whenever a project's container registry is marked for deletion. This may happen by the user manually deleting a repository in the UI, or via API.

Creates the container_repository_deleted audit event, to be logged when ContainerRegistry::DeleteContainerRepositoryWorker destroys a repository marked for deletion.

How to set up and validate locally

  1. Create a project
  2. Build and push a container image to the repository as described here.
  3. Check Deploy > Container Registry for that project, and find the new repository (it may take a few minutes to appear).
  4. Click the Delete icon on the right for the new repository.
  5. Verify an audit event is created for the deletion being marked. Another event should be created when the repository is deleted on schedule.

For GraphQL

  1. Repeat steps 1-3 as above.
  2. Run a deleteContainerRepository mutation in the GraphQL explorer. The query will look something like this:
mutation {
  destroyContainerRepository(input:{ id: "gid://gitlab/ContainerRepository/4" }) {
    containerRepository {
  1. Verify audit events as above.

Related to #362290

Edited by Aaron Huntsman

Merge request reports