Skip to content
Snippets Groups Projects

Audit events for project access tokens

Merged Serena Fang requested to merge project-access-token-audit-events into master

What does this MR do?

Related issue: #230007 (closed)

Add app and audit events for project access token creation and revocation.

App logs can be found in application.log and look like this:

image

Audit events are available in EE and can be found in Project > Security & Compliance > Audit Events:

image

Edit: Successful token creation audit event message now includes the access token's scopes:

image

In the screenshot,

token-scopes has api, read_api, read_repository, and write_repository checked

no-scope has none of the boxes checked

api-token has api checked

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Serena Fang

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang resolved all threads

    resolved all threads

  • Serena Fang added 1 commit

    added 1 commit

    • 287b4d33 - Add ip address to attr reader

    Compare with previous version

  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang
  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang added 1 commit

    added 1 commit

    • 969499d4 - Add file for revoke project access token

    Compare with previous version

  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang
  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang
  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang marked this merge request as ready

    marked this merge request as ready

  • Serena Fang changed the description

    changed the description

  • Serena Fang changed the description

    changed the description

  • Serena Fang added 1 commit

    added 1 commit

    Compare with previous version

  • Serena Fang changed milestone to %13.9

    changed milestone to %13.9

  • Serena Fang added 1 commit

    added 1 commit

    • fc1da37c - Add project access token audit to docs

    Compare with previous version

  • Serena Fang
    • Author Developer
      Resolved by Serena Fang

      @mjang1 Hi Mike, would you mind TW reviewing this? The TW related changes are in:

      • app/services/resource_access_tokens/create_service.rb
      • app/services/resource_access_tokens/revoke_service.rb
      • ee/app/services/ee/resource_access_tokens/create_service.rb
      • ee/app/services/ee/resource_access_tokens/revoke_service.rb
      • doc/administration/audit_events.md

      I also put screenshots of the TW changes in the MR description and in the comments.

  • Serena Fang requested review from @mjang1

    requested review from @mjang1

  • assigned to @mjang1

  • Serena Fang requested review from @nmilojevic1

    requested review from @nmilojevic1

  • Serena Fang added 1 commit

    added 1 commit

    • c084077f - Add ip address to attr reader

    Compare with previous version

  • Serena Fang changed the description

    changed the description

  • Serena Fang mentioned in merge request !48094 (closed)

    mentioned in merge request !48094 (closed)

  • added workflowin review label and removed workflowin dev label

  • Serena Fang changed the description

    changed the description

  • Nikola Milojevic
  • Nikola Milojevic
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading