No audit event for adding a user to a group or project through API
Summary
If a user was added to a group via API, no record about that will be added to Group Audit Events
.
Steps to reproduce
-
add user to a group via API using similar request:
curl --request POST --header "PRIVATE-TOKEN: *********" --data "user_id=16&access_level=30" https://gitlabhost.tld/api/v4/groups/20/members
-
check
/audit_events
page of this group
What is the current bug behavior?
A record is not shown in Group Audit Events
. If user is added via UI, a record is shown in Group Audit Events
.
What is the expected correct behavior?
New record should be shown in Group Audit Events
.
We should also show a similar audit event when a user is added to a project via the API.
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Debian 8.10 Proxy: no Current User: git Using RVM: no Ruby Version: 2.4.4p296 Gem Version: 2.7.6 Bundler Version:1.16.2 Rake Version: 12.3.1 Redis Version: 3.2.11 Git Version: 2.17.1 Sidekiq Version:5.1.3 Go Version: unknown
GitLab information Version: 11.1.4-ee Revision: d17962f Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql DB Version: 9.6.8 URL: https://gitlabhost.tld HTTP Clone URL: https://gitlabhost.tld/some-group/some-project.git SSH Clone URL: git@gitlabhost.tld:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: yes Using Omniauth: yes Omniauth Providers: google_oauth2, azure_oauth2
GitLab Shell Version: 7.1.4 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab Shell ...
GitLab Shell version >= 7.1.4 ? ... OK (7.1.4) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:root, or git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 20/13 ... ok 1/15 ... ok 1/17 ... ok 1/19 ... ok 8/28 ... ok 1/33 ... ok 1/38 ... ok 1/42 ... ok 1/44 ... repository is empty 1/45 ... repository is empty Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 20/13 ... yes 1/15 ... yes 1/17 ... yes 1/19 ... yes 8/28 ... yes 1/33 ... yes 1/38 ... yes 1/42 ... yes 1/44 ... yes 1/45 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.5 ? ... yes (2.4.4) Git version >= 2.9.5 ? ... yes (2.17.1) Git user has default SSH configuration? ... yes Active users: ... 5 Elasticsearch version 5.1 - 5.5? ... skipped (elasticsearch is disabled)
Checking GitLab ... Finished
Possible fixes
n/a