Skip to content

Event type information in streaming access token audit events

Harsimar Sandhu requested to merge 363087-access-tokens-event-type-info into master

What does this MR do and why?

This MR adds event type information in streaming audit events whenever project/group access tokens are created/revoked.

Following table list down event type information with respective actions

Action Event type
Group access token created group_access_token_created
Group access token revoked group_access_token_deleted
Group access token creation fail group_access_token_creation_failed
Group access token deletion fail group_access_token_deletion_failed
Project access token created project_access_token_created
Project access token revoked project_access_token_deleted
Project access token creation fail project_access_token_creation_failed
Project access token deletion fail project_access_token_deletion_failed

How to set up and validate locally

  1. Setup external destination using https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-gitlab-ui or https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-api .
  2. Create project access token, docs: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
  3. Check audit event is created and streamed with correct event type. Also check audit event is visible at http://localhost:3000/admin/audit_logs and log is present in audit_json.log
  4. Revoke project access token
  5. Repeat step 3
  6. Repeat steps 2 to 5 for Group Access token, docs: https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html
  7. To test failure event types try creating access token with insufficient permission this means you might need to override api params or you can simply https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/resource_access_tokens/create_service.rb#L13 make this return error.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #363087 (closed)

Edited by Harsimar Sandhu

Merge request reports