Save audit events for start/stop user impersonation to group level
What does this MR do and why?
- Adds support for group namespace owners to see if an instance administrator has impersonated one of their users.
- When a user is impersonated by an instance admin, an audit event is now added to all group namespaces that the user belongs to.
- Another event is also added when the impersonation is explicitly ended.
Screenshots or screen recordings
| Admin Audit Log | Group Audit Log |
|---|---|
 |
 |
How to set up and validate locally
- Create a group and add a user to it.
- Impersonate that user, as an instance adminstrator.
- Stop the impersonation.
- Check the group audit log for a notification that the user has been impersonated, and that the impersonation has finished.
- Check the admin audit log for similar notifications and for copies of the group-level audit events too.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Relates to #300961 (closed)
Edited by Max Woolf