From 51f3401adec9f62e5255b0626e65ce8fc036256d Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 17:11:56 +0530
Subject: [PATCH 1/2] Refactoring audit events for projects

---
 ee/app/controllers/ee/projects_controller.rb  | 24 +++++++++-------
 ee/app/services/ee/projects/import_service.rb | 16 +++++++----
 ee/app/services/projects/restore_service.rb   | 15 ++++++----
 .../controllers/projects_controller_spec.rb   | 28 +++++++++++++------
 .../services/projects/import_service_spec.rb  |  4 +++
 .../services/projects/restore_service_spec.rb | 12 ++++++++
 6 files changed, 69 insertions(+), 30 deletions(-)

diff --git a/ee/app/controllers/ee/projects_controller.rb b/ee/app/controllers/ee/projects_controller.rb
index 3a2625045be720..333df44094e09c 100644
--- a/ee/app/controllers/ee/projects_controller.rb
+++ b/ee/app/controllers/ee/projects_controller.rb
@@ -184,25 +184,29 @@ def compliance_framework_params
       [compliance_framework_setting_attributes: [:framework]]
     end
 
-    def log_audit_event(message:)
-      ::AuditEvents::CustomAuditEventService.new(
-        current_user,
-        project,
-        request.remote_ip,
-        message
-      ).for_project.security_event
+    def log_audit_event(message:, event_type:)
+      audit_context = {
+        name: event_type,
+        author: current_user,
+        target: project,
+        scope: project,
+        message: message,
+        ip_address: request.remote_ip
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
     end
 
     def log_download_export_audit_event
-      log_audit_event(message: 'Export file download started')
+      log_audit_event(message: 'Export file download started', event_type: 'project_export_file_download_started')
     end
 
     def log_archive_audit_event
-      log_audit_event(message: 'Project archived')
+      log_audit_event(message: 'Project archived', event_type: 'project_archived')
     end
 
     def log_unarchive_audit_event
-      log_audit_event(message: 'Project unarchived')
+      log_audit_event(message: 'Project unarchived', event_type: 'project_unarchived')
     end
   end
 end
diff --git a/ee/app/services/ee/projects/import_service.rb b/ee/app/services/ee/projects/import_service.rb
index 68c313ef120074..2fcbf70e4c9416 100644
--- a/ee/app/services/ee/projects/import_service.rb
+++ b/ee/app/services/ee/projects/import_service.rb
@@ -15,12 +15,16 @@ def after_execute_hook
       private
 
       def log_audit_event
-        ::AuditEventService.new(
-          current_user,
-          project.group,
-          action: :custom,
-          custom_message: 'Project imported'
-        ).for_repository_import(project.full_path).security_event
+        audit_context = {
+          name: 'project_imported',
+          author: current_user,
+          scope: project.group,
+          target: project,
+          message: 'Project imported',
+          target_details: project.full_path
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/app/services/projects/restore_service.rb b/ee/app/services/projects/restore_service.rb
index ea4710beb938e3..040f852e306560 100644
--- a/ee/app/services/projects/restore_service.rb
+++ b/ee/app/services/projects/restore_service.rb
@@ -30,12 +30,15 @@ def log_event
     end
 
     def log_audit_event
-      ::AuditEventService.new(
-        current_user,
-        project,
-        action: :custom,
-        custom_message: "Project restored"
-      ).for_project.security_event
+      audit_context = {
+        name: 'project_restored',
+        author: current_user,
+        scope: project,
+        target: project,
+        message: 'Project restored'
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
     end
 
     private
diff --git a/ee/spec/controllers/projects_controller_spec.rb b/ee/spec/controllers/projects_controller_spec.rb
index 3c0612a8a80e7b..b680707d323ac2 100644
--- a/ee/spec/controllers/projects_controller_spec.rb
+++ b/ee/spec/controllers/projects_controller_spec.rb
@@ -15,6 +15,17 @@
     sign_in(user)
   end
 
+  shared_examples 'audit events with event type' do
+    it 'logs the audit event' do
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+        hash_including(name: audit_name)
+      ).and_call_original
+
+      expect { request }.to change { AuditEvent.count }.by(1)
+      expect(AuditEvent.last.details[:custom_message]).to eq(custom_message)
+    end
+  end
+
   describe 'GET show', feature_category: :projects do
     render_views
 
@@ -652,8 +663,9 @@
     let(:request) { get :download_export, params: { namespace_id: project.namespace, id: project } }
 
     context 'when project export is enabled' do
-      it 'logs the audit event' do
-        expect { request }.to change { AuditEvent.count }.by(1)
+      it_behaves_like 'audit events with event type' do
+        let_it_be(:audit_name) { 'project_export_file_download_started' }
+        let_it_be(:custom_message) { 'Export file download started' }
       end
     end
 
@@ -680,9 +692,9 @@
           group.add_owner(user)
         end
 
-        it 'logs the audit event' do
-          expect { request }.to change { AuditEvent.count }.by(1)
-          expect(AuditEvent.last.details[:custom_message]).to eq('Project archived')
+        it_behaves_like 'audit events with event type' do
+          let_it_be(:audit_name) { 'project_archived' }
+          let_it_be(:custom_message) { 'Project archived' }
         end
       end
 
@@ -705,9 +717,9 @@
           group.add_owner(user)
         end
 
-        it 'logs the audit event' do
-          expect { request }.to change { AuditEvent.count }.by(1)
-          expect(AuditEvent.last.details[:custom_message]).to eq('Project unarchived')
+        it_behaves_like 'audit events with event type' do
+          let_it_be(:audit_name) { 'project_unarchived' }
+          let_it_be(:custom_message) { 'Project unarchived' }
         end
       end
 
diff --git a/ee/spec/services/projects/import_service_spec.rb b/ee/spec/services/projects/import_service_spec.rb
index 62401d69d60eb2..0c74d89d98edfd 100644
--- a/ee/spec/services/projects/import_service_spec.rb
+++ b/ee/spec/services/projects/import_service_spec.rb
@@ -23,6 +23,10 @@
       end
 
       it 'does audit' do
+        expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+          hash_including(name: 'project_imported')
+        ).and_call_original
+
         expect { subject.execute }.to change { AuditEvent.count }.by(1)
       end
     end
diff --git a/ee/spec/services/projects/restore_service_spec.rb b/ee/spec/services/projects/restore_service_spec.rb
index a87602ead4a780..62e477216c6ed8 100644
--- a/ee/spec/services/projects/restore_service_spec.rb
+++ b/ee/spec/services/projects/restore_service_spec.rb
@@ -99,6 +99,18 @@
 
   context 'audit events' do
     it 'saves audit event' do
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+        hash_including(name: 'project_path_updated')
+      ).and_call_original
+
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+        hash_including(name: 'project_name_updated')
+      ).and_call_original
+
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+        hash_including(name: 'project_restored')
+      ).and_call_original
+
       expect { described_class.new(project, user).execute }
         .to change { AuditEvent.count }.by(3)
     end
-- 
GitLab


From ce94c302261504e5a46c6a1e2b69c1ed2abe345e Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 13 Apr 2023 17:19:02 +0530
Subject: [PATCH 2/2] Adding audit event ymls

---
 ee/config/audit_events/types/project_archived.yml        | 9 +++++++++
 .../types/project_export_file_download_started.yml       | 9 +++++++++
 ee/config/audit_events/types/project_imported.yml        | 9 +++++++++
 ee/config/audit_events/types/project_restored.yml        | 9 +++++++++
 ee/config/audit_events/types/project_unarchived.yml      | 9 +++++++++
 5 files changed, 45 insertions(+)
 create mode 100644 ee/config/audit_events/types/project_archived.yml
 create mode 100644 ee/config/audit_events/types/project_export_file_download_started.yml
 create mode 100644 ee/config/audit_events/types/project_imported.yml
 create mode 100644 ee/config/audit_events/types/project_restored.yml
 create mode 100644 ee/config/audit_events/types/project_unarchived.yml

diff --git a/ee/config/audit_events/types/project_archived.yml b/ee/config/audit_events/types/project_archived.yml
new file mode 100644
index 00000000000000..8a33fd2ee83dcb
--- /dev/null
+++ b/ee/config/audit_events/types/project_archived.yml
@@ -0,0 +1,9 @@
+---
+name: project_archived
+description: Event triggered when a project is archived.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117528
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/project_export_file_download_started.yml b/ee/config/audit_events/types/project_export_file_download_started.yml
new file mode 100644
index 00000000000000..1b5532e8c936e4
--- /dev/null
+++ b/ee/config/audit_events/types/project_export_file_download_started.yml
@@ -0,0 +1,9 @@
+---
+name: project_export_file_download_started
+description: Event triggered when download of project export file gets started.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117528
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/project_imported.yml b/ee/config/audit_events/types/project_imported.yml
new file mode 100644
index 00000000000000..a75004c943dc74
--- /dev/null
+++ b/ee/config/audit_events/types/project_imported.yml
@@ -0,0 +1,9 @@
+---
+name: project_imported
+description: Event triggered when a project is imported.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117528
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/project_restored.yml b/ee/config/audit_events/types/project_restored.yml
new file mode 100644
index 00000000000000..4ae1041d0e29f0
--- /dev/null
+++ b/ee/config/audit_events/types/project_restored.yml
@@ -0,0 +1,9 @@
+---
+name: project_restored
+description: Event triggered when a project is restored.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117528
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/project_unarchived.yml b/ee/config/audit_events/types/project_unarchived.yml
new file mode 100644
index 00000000000000..9217d45fc14c2a
--- /dev/null
+++ b/ee/config/audit_events/types/project_unarchived.yml
@@ -0,0 +1,9 @@
+---
+name: project_unarchived
+description: Event triggered when a project is unarchived.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117528
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
-- 
GitLab