<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Work on this issue](https://contributors.gitlab.com/manage-issue?action=work&projectId=278964&issueIid=524752) - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=524752) </details> <!--IssueSummary end--> ### About Similarly to https://gitlab.com/gitlab-org/gitlab/-/issues/441977+: In https://gitlab.com/gitlab-org/gitlab/-/issues/294168 we are adding some new audit events for project and group exports, but the audit events are incomplete https://gitlab.com/gitlab-org/gitlab/-/issues/294168#note_1773591288. This issue is to add the missing audit events. ### Proposal #### Observe Silent Admin Exports setting **IMPORTANT:** Every audit event added in this issue must not be created if the **Silent Admin Export** setting has been enabled for the instance (`Gitlab::CurrentSettings.silent_admin_exports_enabled?`) and the user [is an admin](https://gitlab.com/gitlab-org/gitlab/-/blob/851760e45586679ddbef47d7622f9beac1dfb014/app/models/user.rb#L2034-2036). See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152143 for an example implementation of skipping audit creation due to Silent Admin Export checks, when the audit is created in the request. When the audit event is created on Sidekiq, due to [admin mode](https://docs.gitlab.com/ee/administration/settings/sign_in_restrictions.html#admin-mode), the `User#can_admin_all_resources?` can return `false` when in the context of a Sidekiq worker when the user was operating as an admin in the request. For audit events created within workers we will need to implement a similar mechanism of passing a new param to the worker (or persisting this value somewhere) examples of both are in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151278. Note this information is being verified in this [Slack thread](https://gitlab.slack.com/archives/CLM1D8QR0/p1715211478689899) (internal, good for 90 days). #### New audit events * Add new audit events for ~"Importer:Project Export/Import": * [ ] Project export is downloaded through API (note, there is an [existing audit event](https://gitlab.com/gitlab-org/gitlab/-/blob/3fb60c17be5d184e8fa97925edb0fc2f08d42de8/ee/app/controllers/ee/projects_controller.rb#L212-214) for when the project export is downloaded through the UI, the API download can use that same one). * [ ] Group export is downloaded through both UI or API (note, unlike project export there is currently no audit event for group export, so we need to make a new one and generate the audit for both UI and API download)