Add audit event logging feature for secrets manager

Why this MR ?

• To fix this issue based on this ADR
• We need to add Add audit event logging for activities related to secrets manager

What does this MR do ?

• Adds a new Internal API in Rails to receive POST requests from Openbao for audit events
• This API uses a shared secret token to authenticate requests from Openbao
• Define the required audit event types
• In the API, log the audit event

Setting up the shared authentication token Secret (Tackled separately after this MR is merged)

• See this issue
• On setting up the shared secret, see this thread.
• Our Helm chart can generate a random secret and mount it to both OpenBao and Rails. No need for users to configure this manually.

Screenshots

References

• Issue
• ADR
• ADR issue with discussions
• Define new audit events in Gitlab
• https://docs.gitlab.com/user/compliance/audit_event_schema/
• https://docs.gitlab.com/administration/compliance/audit_event_streaming/
• Openbao MR
• Openbao issue
• Openbao Charts MR
• Gitlab Charts MR
• Omnibus MR

How to set up and validate locally

• Pull this branch locally and switch to the branch
• In the root directory of Rails app, create a file to store the authentication token secret as shown below
• echo "12345abcde" > .gitlab_openbao_authentication_token_secret
• Configure the HTTP audit device in Openbao by updating the the config.hcl file and adding the following snippet

• audit "http" "debug" {
    options {
      uri = "http://gdk.test:3000/api/v4/internal/secrets_manager/audit_logs"
      headers = "{\"Content-Type\":[\"application/json\"], \"Accept\":[\"application/json\"], \"X-Gitlab-Openbao-Token\":[\"12345abcde\"]}"
    }
  }

• Restart Openbao to configure the new audit device - gdk restart openbao
• Go to any project, activate secrets manager and then do CRUD actions on project secrets
• Go to Secure -> Audit Events on the left side pane of the project page to see the Audit events

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.