Skip to content

Resolve "No Audit Event When Access is Removed Due To Expiration"

What does this MR do?

Fix for #12702 (closed)

This MR adds audit event when an expired member is removed from a Project or Group via the cron job 'RemoveExpiredMembersWorker'.

Currently, while trying to create an audit event for this event, it was erroring out and no audit event was being created as mentioned in #12702 (comment 248441796)

With this change, a concept of "System event" has been introduced so that auditors know how the change happened and for what reason the change happened, as discussed at #12702 (comment 248665405)

Screenshots

Project/Group Audit Events page: Screenshot_2019-11-22_at_11.09.11_AM

Admin Audit events page: Screenshot_2019-11-22_at_11.10.47_AM

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Thong Kuah

Merge request reports