Fix incorrect ordering of audit events
What does this MR do?
Fix incorrect ordering of audit events.
The audit events should be built and persisted in the same order as when they are emitted in the event queue. This bug only affects audit events recorded for MR approval rule changes (i.e. add/remove approvers and approval groups). Even that, for this particular use case, this bug is not relevant or causes any gap since users always make all these changes together when adding or creating new MR approval rules.
How to test
- Login as a user with project maintainer role or higher
- Navigate to Project > Settings > General and expand the 'Merge request (MR) approvals' section
- Create/Updated a MR approval rules by adding/removing approvers and approval groups
- Save the changes
- Navigate to Security & Compliance > Audit Events
- Observe the audit events recorded for the above actions.
Screenshots
Before
After
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Tan Le