Skip to content

Retrieve streaming destinations from new API

Sheldon Ledrequested to merge
led/442447-update-apis-group-audit-events-stream-destinations-read into master

What does this MR do and why?

This is the first of a series of MRs that will point the frontend of Audit events streaming destinations to the new API.

In this MR we retrieve streaming destinations. The work is under use_consolidated_audit_event_stream_dest_api FF.

MR cadence:

MR Description
!183848 (merged) 👈 you're here
!185411 (merged) Delete streaming destinations from new API
!186450 (merged) (refactoring) Rename stream destination editor vue component
!186456 (merged) (refactoring) Add refactored stream destination editor vue component
!186457 (merged) Add ability to create new stream destinations
!186647 (merged) Add ability to update stream destinations

References

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Group

HTTP GCP AWS
group_http_destination group_gcp_destination group_aws_destination

Instance

HTTP GCP AWS
instance_http_destination instance_gcp_destination instance_aws_destination

How to set up and validate locally

  1. To view Group destinations, navigate to Your Group > Secure > Audit Events > Streams tab
  2. To view Instance destinations, make sure to login with root, and navigate to Admin area > Monitoring > Audit Events > Streams tab
  3. Open GraphQL explorer (/-/graphql-explorer) and create 6 stream destinations: HTTP|GCP|AWS * Group|Instance

Group Destinations

HTTP 
mutation groupAuditEventStreamingDestinationsCreate {
  groupAuditEventStreamingDestinationsCreate(input: {
    name: "Testing Destination 1 - HTTP",
    category: "http",
    groupPath: "<group-path>",
    config: {
      url: "http://destination1-url"
      headers: { key1: { value: "test", active: true } }
    }
  }) {
    errors
    externalAuditEventDestination {
      id
    }
  }
}

In the response, grab the destination ID to use in the next mutations:

mutation CreateGroupNamespaceFilter {
  auditEventsGroupDestinationNamespaceFilterCreate(
    input: {
      destinationId: "gid://gitlab/AuditEvents::Group::ExternalStreamingDestination/<id>",
      namespacePath: "<group-path>/<subgroup | project>"
    }
  ) {
    namespaceFilter {
      id
    }
    errors
  }
}
mutation AddEventTypesToGroupDestination {
  auditEventsGroupDestinationEventsAdd(
    input: {
      destinationId: "gid://gitlab/AuditEvents::Group::ExternalStreamingDestination/<id>",
      eventTypeFilters: ["add_gpg_key", "user_created"]
    }
  ) {
    eventTypeFilters
    errors
  }
}
GCP 
mutation groupAuditEventStreamingDestinationsCreate {
  groupAuditEventStreamingDestinationsCreate(input: {
    name: "Testing Destination 2 - GCP",
    category: "gcp",
    groupPath: "<group-path>",
    secretToken:"SecretToken12345!",
    config: {
      googleProjectIdName: "google-project-id-name",
      clientEmail: "clientEmail@example.com",
      logIdName: "gcp-log-id-name"
    }
  }) {
    errors
    externalAuditEventDestination {
      id
    }
  }
}
AWS 
mutation groupAuditEventStreamingDestinationsCreate {
  groupAuditEventStreamingDestinationsCreate(input: {
    name: "Testing Destination 3 - AWS",
    category: "aws",
    groupPath: "<group-path>",
    secretToken:"SecretToken12345!",
    config: {
       accessKeyXid: "myAwsAccessKey_needs_16_chars_min",
       awsRegion: "us-test-1",
       bucketName: "bucket-name"
    }
  }) {
    errors
    externalAuditEventDestination {
      id
    }
  }
}

Instance Destinations

For these you'll need to open GraphQL explorer (/-/graphql-explorer) logged in as root

HTTP 
mutation instanceAuditEventStreamingDestinationsCreate {
  instanceAuditEventStreamingDestinationsCreate(input: {
    name: "Testing Destination 1 - HTTP - Instance",
    category: "http",
    config: {
      url: "http://destination1-url.instance"
      headers: { key1: { value: "test-instance", active: true } }
    }
  }) {
    errors
    externalAuditEventDestination {
      id
    }
  }
}

In the response, grab the destination ID to use in the next mutation:

mutation AddEventTypesToInstanceDestination {
  auditEventsInstanceDestinationEventsAdd(
    input: {
      destinationId: "gid://gitlab/AuditEvents::Instance::ExternalStreamingDestination/<id>",
      eventTypeFilters: ["add_gpg_key", "user_created"]
    }
  ) {
    eventTypeFilters
    errors
  }
}
GCP 
mutation instanceAuditEventStreamingDestinationsCreate {
  instanceAuditEventStreamingDestinationsCreate(input: {
    name: "Testing Destination 2 - GCP - Instance",
    category: "gcp",
    secretToken:"SecretToken12345!",
    config: {
      googleProjectIdName: "instance-project-id-name",
      clientEmail: "instance_client@example.com",
      logIdName: "gcp-log-id-name-instance"
    }
  }) {
    errors
    externalAuditEventDestination {
      id
    }
  }
}
AWS 
mutation instanceAuditEventStreamingDestinationsCreate {
  instanceAuditEventStreamingDestinationsCreate(input: {
    name: "Testing Destination 3 - AWS",
    category: "aws",
    secretToken:"SecretToken12345!",
    config: {
       accessKeyXid: "my_instance_AwsAccessKey_needs_16_chars_min",
       awsRegion: "us-test-1",
       bucketName: "bucket-name-instance"
    }
  }) {
    errors
    externalAuditEventDestination {
      id
    }
  }
}
Edited by Sheldon Led

Merge request reports