Event type information in streaming access token audit events
What does this MR do and why?
This MR adds event type information in streaming audit events whenever project/group access tokens are created/revoked.
Following table list down event type information with respective actions
| Action | Event type |
|---|---|
| Group access token created | group_access_token_created |
| Group access token revoked | group_access_token_deleted |
| Group access token creation fail | group_access_token_creation_failed |
| Group access token deletion fail | group_access_token_deletion_failed |
| Project access token created | project_access_token_created |
| Project access token revoked | project_access_token_deleted |
| Project access token creation fail | project_access_token_creation_failed |
| Project access token deletion fail | project_access_token_deletion_failed |
How to set up and validate locally
- Setup external destination using https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-gitlab-ui or https://docs.gitlab.com/ee/administration/audit_event_streaming.html#use-the-api .
- Create project access token, docs: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
- Check audit event is created and streamed with correct event type. Also check audit event is visible at http://localhost:3000/admin/audit_logs and log is present in audit_json.log
- Revoke project access token
- Repeat step 3
- Repeat steps 2 to 5 for Group Access token, docs: https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html
- To test failure event types try creating access token with insufficient permission this means you might need to override api params or you can simply https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/resource_access_tokens/create_service.rb#L13 make this return error.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #363087 (closed)
Merge request reports
Activity
changed milestone to %15.2
assigned to @harsimarsandhu
added 1 commit
- 85520278 - Event type information in streaming access token audit events
Suggested Reviewers (beta)
The individuals below may be good candidates to participate in the review based on various factors.
You can use slash commands in comments to quickly assign
/assign_reviewer @user1.Suggested Reviewers @rspeicher,@mwoolf,@reprazent,@nmilojevic1,@jameslopezIf you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/357923.Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".
- A deleted user
added backend label
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Michał Wielich ( @michold) (UTC+2, 3.5 hours behind@harsimarsandhu)Alex Kalderimis ( @alexkalderimis) (UTC-6, 11.5 hours behind@harsimarsandhu)~"group::authentication and authorization" Reviewer review is optional for ~"group::authentication and authorization" Serena Fang ( @serenafang) (UTC-5, 10.5 hours behind@harsimarsandhu)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
Edited by Ghost UserAllure report
allure-report-publishergenerated test report!review-qa-blocking:
expand test summary
+-----------------------------------------------------------------------------------------+ | suites summary | +------------------------------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Plan | 47 | 0 | 1 | 47 | 48 | ❗ | | Manage | 38 | 0 | 2 | 40 | 40 | ❗ | | Create | 23 | 0 | 2 | 23 | 25 | ❗ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | | Version sanity check | 0 | 0 | 1 | 0 | 1 | ➖ | | Protect | 2 | 0 | 0 | 2 | 2 | ❗ | | Configure | 0 | 0 | 1 | 0 | 1 | ➖ | | Verify | 12 | 0 | 1 | 12 | 13 | ❗ | | Secure | 2 | 0 | 0 | 2 | 2 | ❗ | | Feature flag handler sanity checks | 9 | 0 | 0 | 0 | 9 | ✅ | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Total | 133 | 0 | 9 | 126 | 142 | ❗ | +------------------------------------+--------+--------+---------+-------+-------+--------+Edited by Ghost Usermarked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed
added 208 commits
-
85520278...d57f772e - 207 commits from branch
master - 39e368d3 - Event type information in streaming access token audit events
-
85520278...d57f772e - 207 commits from branch
- Resolved by Etienne Baqué
- Last reply by Harsimar Sandhu
requested review from @mwoolf
