New Audit Event for custom HTTP header changes

Merged Michael Becker requested to merge feat/366350-pt2 into master

What does this MR do and why?

We added custom HTTP headers for streaming audit events in MR 88063

This change adds new audit events that will be emitted whenever one of these custom headers are created, updated, or destroyed.

The header key will be included in the audit event payload, but the value will not be included

This commit is the part 2 of this refactor MR

This implements issue 366350

We want to emit audit events whenever the custom streaming event headers are creating/updated/destroyed

Screenshots

create update value update key destroy
create update-value update-key destroy

How to set up and validate locally

  1. the steps from !88063 (merged) should still work (copied below)
  • Enable the feature flag (streaming_audit_event_headers)
  • Ensure you have a valid ultimate licence.
  • Inside a group, go to Security & Compliance -> Audit Events -> Streams
  • Create a new streaming destination. (Requestbin is always good for this)
  • Use the new mutation to create a header:
mutation {
  auditEventsStreamingHeadersCreate(input: { destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/DESTINATION_ID_HERE", key: "X-Custom-Header-Tanuki", value: "EveryoneCanContribute" }) {
    errors
    clientMutationId
  }
}
  • In the streamed event payload, you should see an event related to creating the header
  • repeat with updating the header key/value and with destroying the header

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Michael Becker