Add audit event for when job token policies are updated (!170930) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Follows from !169871 (merged)
Logs an audit event when CI job token policies are updated for an allowlist entry.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

How to set up and validate locally

Enable feature flag add_policies_to_ci_job_token
Navigate to /-/graphql_explorer and run the following mutations:

# creates an allowlist
mutation {
  ciJobTokenScopeAddGroupOrProject(input: {
    projectPath: "flightjs/Flight",
    targetPath: "gitlab-org",
    jobTokenPolicies: [READ_GROUP]
  }) {
    errors
  }
}

# edit an allowlist
mutation {
  ciJobTokenScopeUpdatePolicies(input: {
    projectPath: "flightjs/Flight",
    targetPath: "gitlab-org",
    jobTokenPolicies: [READ_GROUP, READ_PROJECT]
  }) {
    errors
  }
}

Then, log-in as an admin and navigate to /admin/audit_logs. You should see an audit event for when the policies are updated.

Related to #495144 (closed)

Edited Nov 04, 2024 by Hinam Mehra

Add audit event for when job token policies are updated

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports