Event type information in streaming access token audit events
What does this MR do and why?
This MR adds event type information in streaming audit events whenever project/group access tokens are created/revoked.
Following table list down event type information with respective actions
Action | Event type |
---|---|
Group access token created | group_access_token_created |
Group access token revoked | group_access_token_deleted |
Group access token creation fail | group_access_token_creation_failed |
Group access token deletion fail | group_access_token_deletion_failed |
Project access token created | project_access_token_created |
Project access token revoked | project_access_token_deleted |
Project access token creation fail | project_access_token_creation_failed |
Project access token deletion fail | project_access_token_deletion_failed |
How to set up and validate locally
- Setup external destination using https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-gitlab-ui or https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-api .
- Create project access token, docs: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
- Check audit event is created and streamed with correct event type. Also check audit event is visible at http://localhost:3000/admin/audit_logs and log is present in audit_json.log
- Revoke project access token
- Repeat step 3
- Repeat steps 2 to 5 for Group Access token, docs: https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html
- To test failure event types try creating access token with insufficient permission this means you might need to override api params or you can simply https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/resource_access_tokens/create_service.rb#L13 make this return error.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #363087 (closed)
Merge request reports
Activity
changed milestone to %15.2
assigned to @harsimarsandhu
added 1 commit
- 85520278 - Event type information in streaming access token audit events
Suggested Reviewers (beta)
The individuals below may be good candidates to participate in the review based on various factors.
You can use slash commands in comments to quickly assign
/assign_reviewer @user1
.Suggested Reviewers @rspeicher
,@mwoolf
,@reprazent
,@nmilojevic1
,@jameslopez
If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/357923
.Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".
- A deleted user
added backend label
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Michał Wielich ( @michold
) (UTC+2, 3.5 hours behind@harsimarsandhu
)Alex Kalderimis ( @alexkalderimis
) (UTC-6, 11.5 hours behind@harsimarsandhu
)~"group::authentication and authorization" Reviewer review is optional for ~"group::authentication and authorization" Serena Fang ( @serenafang
) (UTC-5, 10.5 hours behind@harsimarsandhu
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
DangerAllure report
allure-report-publisher
generated test report!review-qa-blocking:
test report for 39e368d3expand test summary
+-----------------------------------------------------------------------------------------+ | suites summary | +------------------------------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Plan | 47 | 0 | 1 | 47 | 48 | ❗ | | Manage | 38 | 0 | 2 | 40 | 40 | ❗ | | Create | 23 | 0 | 2 | 23 | 25 | ❗ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | | Version sanity check | 0 | 0 | 1 | 0 | 1 | ➖ | | Protect | 2 | 0 | 0 | 2 | 2 | ❗ | | Configure | 0 | 0 | 1 | 0 | 1 | ➖ | | Verify | 12 | 0 | 1 | 12 | 13 | ❗ | | Secure | 2 | 0 | 0 | 2 | 2 | ❗ | | Feature flag handler sanity checks | 9 | 0 | 0 | 0 | 9 | ✅ | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Total | 133 | 0 | 9 | 126 | 142 | ❗ | +------------------------------------+--------+--------+---------+-------+-------+--------+
marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed
added 208 commits
-
85520278...d57f772e - 207 commits from branch
master
- 39e368d3 - Event type information in streaming access token audit events
-
85520278...d57f772e - 207 commits from branch
- Resolved by Etienne Baqué
- Resolved by Etienne Baqué
- Resolved by Etienne Baqué
requested review from @mwoolf
@mwoolf
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline has been started.
For more info, please refer to the following links:
requested review from @serenafang and removed review request for @mwoolf
- Resolved by Etienne Baqué
removed review request for @serenafang
requested review from @ebaque
enabled an automatic merge when the pipeline for b8862894 succeeds
mentioned in commit 384477f3
added workflowstaging-canary label and removed workflowin dev label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
Also relates to #363088 (closed)
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
mentioned in merge request kubitus-project/kubitus-installer!1252 (merged)
mentioned in issue #373963 (closed)
mentioned in issue #220982 (closed)