diff --git a/ee/lib/audit/project_feature_changes_auditor.rb b/ee/lib/audit/project_feature_changes_auditor.rb index cbe45439e810bd97d6dc03d7572c9c1c67a4d0b7..310abd42d80e7505b24053870843687f9ac4864a 100644 --- a/ee/lib/audit/project_feature_changes_auditor.rb +++ b/ee/lib/audit/project_feature_changes_auditor.rb @@ -4,26 +4,28 @@ module Audit class ProjectFeatureChangesAuditor < BaseChangesAuditor attr_accessor :project - COLUMNS = [:merge_requests_access_level, - :forking_access_level, - :issues_access_level, - :wiki_access_level, - :snippets_access_level, - :builds_access_level, - :repository_access_level, - :package_registry_access_level, - :pages_access_level, - :metrics_dashboard_access_level, - :analytics_access_level, - :operations_access_level, - :requirements_access_level, - :security_and_compliance_access_level, - :container_registry_access_level, - :monitor_access_level, - :infrastructure_access_level, - :feature_flags_access_level, - :environments_access_level, - :releases_access_level].freeze + COLUMNS_EVENT_TYPE_HASH = { + merge_requests_access_level: 'project_feature_merge_requests_access_level_updated', + forking_access_level: 'project_feature_forking_access_level_updated', + issues_access_level: 'project_feature_issues_access_level_updated', + wiki_access_level: 'project_feature_wiki_access_level_updated', + snippets_access_level: 'project_feature_snippets_access_level_updated', + builds_access_level: 'project_feature_builds_access_level_updated', + repository_access_level: 'project_feature_repository_access_level_updated', + package_registry_access_level: 'project_feature_package_registry_access_level_updated', + pages_access_level: 'project_feature_pages_access_level_updated', + metrics_dashboard_access_level: 'project_feature_metrics_dashboard_access_level_updated', + analytics_access_level: 'project_feature_analytics_access_level_updated', + operations_access_level: 'project_feature_operations_access_level_updated', + requirements_access_level: 'project_feature_requirements_access_level_updated', + security_and_compliance_access_level: 'project_feature_security_and_compliance_access_level_updated', + container_registry_access_level: 'project_feature_container_registry_access_level_updated', + monitor_access_level: 'project_feature_monitor_access_level_updated', + infrastructure_access_level: 'project_feature_infrastructure_access_level_updated', + feature_flags_access_level: 'project_feature_feature_flags_access_level_updated', + environments_access_level: 'project_feature_environments_access_level_updated', + releases_access_level: 'project_feature_releases_access_level_updated' + }.freeze def initialize(current_user, model, project) @project = project @@ -32,15 +34,15 @@ def initialize(current_user, model, project) end def execute - COLUMNS.each do |column| - audit_changes(column, as: column.to_s, entity: @project, model: model) + COLUMNS_EVENT_TYPE_HASH.each do |column, event_name| + audit_changes(column, as: column.to_s, entity: @project, model: model, event_type: event_name) end end def attributes_from_auditable_model(column) base_data = { target_details: @project.full_path } - return base_data unless COLUMNS.include?(column) + return base_data unless COLUMNS_EVENT_TYPE_HASH.key?(column) { from: ::Gitlab::VisibilityLevel.level_name(model.previous_changes[column].first), diff --git a/ee/spec/lib/audit/project_feature_changes_auditor_spec.rb b/ee/spec/lib/audit/project_feature_changes_auditor_spec.rb index 3a005e73f63720f04a664171b51c25f331e8e532..3b40ae2598b9fc7522b2db7bbcdfb7be338da734 100644 --- a/ee/spec/lib/audit/project_feature_changes_auditor_spec.rb +++ b/ee/spec/lib/audit/project_feature_changes_auditor_spec.rb @@ -2,21 +2,25 @@ require 'spec_helper' -RSpec.describe Audit::ProjectFeatureChangesAuditor do +RSpec.describe Audit::ProjectFeatureChangesAuditor, feature_category: :audit_events do describe '#execute' do let!(:user) { create(:user) } - let!(:project) { create(:project, :pages_enabled, visibility_level: 0) } + let_it_be(:group) { create(:group) } + let_it_be(:project) { create(:project, :pages_enabled, group: group, visibility_level: 0) } let(:features) { project.project_feature } - let(:foo_instance) { described_class.new(user, features, project) } + let(:project_feature_changes_auditor) { described_class.new(user, features, project) } before do - stub_licensed_features(extended_audit_events: true) + stub_licensed_features(extended_audit_events: true, audit_events: true, external_audit_events: true) + group.add_owner(user) + group.external_audit_event_destinations.create!(destination_url: 'http://example.com') end - it 'creates an event when any project feature level changes' do + it 'creates an event when any project feature level changes', :aggregate_failures do columns = project.project_feature.attributes.keys.select { |attr| attr.end_with?('level') } columns.each do |column| + event_name = "project_feature_#{column}_updated" previous_value = features.method(column).call new_value = if previous_value == ProjectFeature::DISABLED ProjectFeature::ENABLED @@ -25,7 +29,11 @@ end features.update_attribute(column, new_value) - expect { foo_instance.execute }.to change(AuditEvent, :count).by(1) + + expect(AuditEvents::AuditEventStreamingWorker).to receive(:perform_async) + .with(event_name, anything, anything) + + expect { project_feature_changes_auditor.execute }.to change(AuditEvent, :count).by(1) event = AuditEvent.last expect(event.details[:from]).to eq ::Gitlab::VisibilityLevel.level_name(previous_value)