Set audit event HTTP destination (!70706) · Merge requests · GitLab.org / GitLab

Max Woolf requested to merge 332746-group-level-set-audit-event-emission-location into master Sep 20, 2021

What does this MR do and why?

Adds the first part of the ability to stream audit events to an external service. This MR adds a new table that will store the HTTP endpoints to stream audit events to along with GraphQL mutations to add/update/destroy those destinations.

Adds a new model ExternalAuditEventDestination and database table.
Adds new GraphQL edge: Namespace -> ExternalAuditEventDestinations.
Add mutations to create/update/destroy ExternalAuditEventDestination objects.
Places all work behind default-off feature flag.
Scopes work to GitLab Ultimate.
~~Documentation~~ - Moving this to the next stage as there's no functionality to document yet.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

Database Review

Migrate Down

== 20210819185500 CreateExternalAuditEventDestinationsTable: reverting ========
-- drop_table(:audit_events_external_audit_event_destinations)
   -> 0.0052s
== 20210819185500 CreateExternalAuditEventDestinationsTable: reverted (0.0255s)

Migrate Up

== 20210819185500 CreateExternalAuditEventDestinationsTable: migrating ========
-- create_table(:audit_events_external_audit_event_destinations, {})
-- quote_column_name(:destination_url)
   -> 0.0000s
   -> 0.0095s
== 20210819185500 CreateExternalAuditEventDestinationsTable: migrated (0.0096s)

How to set up and validate locally

Enable the feature. Disabled, none of the following steps should function.
```
Feature.enable(:ff_external_audit_events_namespace)
```

⚠ Note: These changes should only work for group owners.

Create a destination

Execute the externalAuditEventDestinationCreate mutation. Here's an example use of the mutation:

mutation {
  externalAuditEventDestinationCreate(input: { destinationUrl: "htfdftps://test.io", groupPath: "{GROUP PATH THAT current_user IS AN OWNER OF}" } ) {
    errors
    externalAuditEventDestination {
      destinationUrl
      group {
        name
      }
    }
  }
}

List all destinations

query {
  group(fullPath: "example-group-1") {
    id
    externalAuditEventDestinations {
      nodes {
        destinationUrl
        id
      }
    }
  }
}

Update a destination

Execute the externalAuditEventDestinationUpdate mutation. Here's an example use of the mutation:

mutation {
  externalAuditEventDestinationUpdate(input: { id: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", destinationUrl: "https://fdsfdsfsd.com"} ) {
    errors
    externalAuditEventDestination {
      id
      destinationUrl
    }
  }
}

Destroy a destination

Execute the externalAuditEventDestinationDestroy mutation. Here's an example use of the mutation:

mutation { externalAuditEventDestinationDestroy(input: { id: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/1" } ) { errors } }

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #332746 (closed)

Edited Oct 01, 2021 by Max Woolf

Set audit event HTTP destination