Skip to content

Add streaming audit event header model

Max Woolf requested to merge 361216-create-streaming-event-headers into master

What does this MR do and why?

  • Allows root group owners to set up to 20 customer HTTP headers that are sent with each streamed audit event. This could be useful if the destination requires some sort of authentication or other predefined header.
  • Adds a new model class (AuditEvents::Streaming::Header) and associated database table. AuditEvents::Streaming is a new namespce and we should consider moving the other streaming classes within it at a later date.
  • Adds a new graphQL type and mutation to create a new header.
  • Creates a new feature flag (default-off for now).
  • Creates a new documentation section for this new feature.

Approvals

Reviewer Maintainer
backend
database

Database Review

Up

== 20220524141800 CreateAuditEventsStreamingHeaders: migrating ================
-- create_table(:audit_events_streaming_headers, {})
-- quote_column_name(:key)
   -> 0.0000s
-- quote_column_name(:value)
   -> 0.0000s
   -> 0.0281s
== 20220524141800 CreateAuditEventsStreamingHeaders: migrated (0.0282s) =======

Rollback

== 20220524141800 CreateAuditEventsStreamingHeaders: reverting ================
-- drop_table(:audit_events_streaming_headers, {})
   -> 0.0186s
== 20220524141800 CreateAuditEventsStreamingHeaders: reverted (0.0224s) =======

Screenshots or screen recordings

Screenshot_2022-05-25_at_13.25.40

How to set up and validate locally

  • Enable the feature flag (streaming_audit_event_headers)
  • Ensure you have a valid ultimate licence.
  • Inside a group, go to Security & Compliance -> Audit Events -> Streams
  • Create a new streaming destination. (Requestbin is always good for this)
  • Use the new mutation to create a header:
mutation {
  auditEventsStreamingHeadersCreate(input: { destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/DESTINATION_ID_HERE", key: "X-Custom-Header-Tanuki", value: "EveryoneCanContribute" }) {
    errors
    clientMutationId
  }
}
  • Perform an auditable task. (Add a user to a project, create a project, etc.)
  • In the streamed event payload, ensure that the list of headers contains the newly created header.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Max Woolf

Merge request reports