Skip to content
Snippets Groups Projects

Event type information in streaming access token audit events

Merged Harsimar Sandhu requested to merge 363087-access-tokens-event-type-info into master
All threads resolved!

What does this MR do and why?

This MR adds event type information in streaming audit events whenever project/group access tokens are created/revoked.

Following table list down event type information with respective actions

Action Event type
Group access token created group_access_token_created
Group access token revoked group_access_token_deleted
Group access token creation fail group_access_token_creation_failed
Group access token deletion fail group_access_token_deletion_failed
Project access token created project_access_token_created
Project access token revoked project_access_token_deleted
Project access token creation fail project_access_token_creation_failed
Project access token deletion fail project_access_token_deletion_failed

How to set up and validate locally

  1. Setup external destination using https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-gitlab-ui or https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-api .
  2. Create project access token, docs: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
  3. Check audit event is created and streamed with correct event type. Also check audit event is visible at http://localhost:3000/admin/audit_logs and log is present in audit_json.log
  4. Revoke project access token
  5. Repeat step 3
  6. Repeat steps 2 to 5 for Group Access token, docs: https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html
  7. To test failure event types try creating access token with insufficient permission this means you might need to override api params or you can simply https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/resource_access_tokens/create_service.rb#L13 make this return error.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #363087 (closed)

Edited by Harsimar Sandhu

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Harsimar Sandhu
  • Harsimar Sandhu requested review from @mwoolf

    requested review from @mwoolf

  • Max Woolf approved this merge request

    approved this merge request

  • :wave: @mwoolf, thanks for approving this merge request.

    This is the first time the merge request is approved. To ensure full test coverage, a new pipeline has been started.

    For more info, please refer to the following links:

  • Max Woolf requested review from @serenafang and removed review request for @mwoolf

    requested review from @serenafang and removed review request for @mwoolf

  • Max Woolf
  • Serena Fang approved this merge request

    approved this merge request

  • Serena Fang removed review request for @serenafang

    removed review request for @serenafang

  • Harsimar Sandhu requested review from @ebaque

    requested review from @ebaque

  • Etienne Baqué approved this merge request

    approved this merge request

  • Etienne Baqué resolved all threads

    resolved all threads

  • Etienne Baqué resolved all threads

    resolved all threads

  • Etienne Baqué enabled an automatic merge when the pipeline for b8862894 succeeds

    enabled an automatic merge when the pipeline for b8862894 succeeds

  • Etienne Baqué mentioned in commit 384477f3

    mentioned in commit 384477f3

  • added workflowstaging label and removed workflowcanary label

  • Also relates to #363088 (closed)

  • mentioned in issue #373963 (closed)

  • mentioned in issue #220982 (closed)

  • Please register or sign in to reply
    Loading