New Audit Event for custom HTTP header changes
What does this MR do and why?
We added custom HTTP headers for streaming audit events in MR 88063
This change adds new audit events that will be emitted whenever one of these custom headers are created, updated, or destroyed.
The header key will be included in the audit event payload, but the
value will not be included
This commit is the part 2 of this refactor MR
This implements issue 366350
We want to emit audit events whenever the custom streaming event headers are creating/updated/destroyed
Screenshots
| create | update value | update key | destroy |
|---|---|---|---|
 |
 |
 |
 |
How to set up and validate locally
- the steps from !88063 (merged) should still work (copied below)
- Enable the feature flag (
streaming_audit_event_headers) - Ensure you have a valid ultimate licence.
- Inside a group, go to
Security & Compliance -> Audit Events -> Streams - Create a new streaming destination. (Requestbin is always good for this)
- Use the new mutation to create a header:
mutation {
auditEventsStreamingHeadersCreate(input: { destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/DESTINATION_ID_HERE", key: "X-Custom-Header-Tanuki", value: "EveryoneCanContribute" }) {
errors
clientMutationId
}
}- In the streamed event payload, you should see an event related to creating the header
- repeat with updating the header key/value and with destroying the header
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Michael Becker