Audit duo namespace feature access rule updates (!217896) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Create audit events for updates to feature access rules at the top-level namespace

Since much of this change mirrors the auditing added in !217749 (merged) for Self-managed, the changes in this MR also include refactoring the auditing logic into Ai::FeatureAccessRuleAuditor.

Depends on !216946 (merged)

References

https://gitlab.com/gitlab-org/gitlab/-/work_items/584381+

Screenshots or screen recordings

How to set up and validate locally

Run GDK in SaaS mode: export GITLAB_SIMULATE_SAAS=1

In the rails console, enable the feature flag for a top-level namespace: Feature.enable(:duo_access_through_namespaces, root_namespace)

Create feature namespace access rules

curl -w 'http://gdk.test:3000/api/v4/groups/1000000' \
  -X 'PUT' \
  -H "Authorization: Bearer $GITLAB_TOKEN" \
  -H 'Content-Type: application/json' \
  --data-raw '{
    "duo_namespace_access_rules": [
      { "through_namespace": { "id": 963 }, "features": ["duo_classic", "duo_agent_platform"] },
      { "through_namespace": { "id": 964 }, "features": ["duo_agent_platform"] }
    ]
  }'

Check Audit events to verify that the event was created with correct information
```
AuditEvent.last
```

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #584381

Edited Jan 07, 2026 by Katherine Richards

Audit duo namespace feature access rule updates

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports