From 14565fdaaf09e3fd033c26930804ca3b6b40047e Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Thu, 13 Apr 2023 19:34:58 +0530 Subject: [PATCH 1/3] Refactoring audit events for projects Refactored audit events for project destroy and mark as deleted with correct audit event name Changelog: other EE: true --- .../services/ee/projects/destroy_service.rb | 18 +++-- .../projects/mark_for_deletion_service.rb | 15 ++-- .../services/projects/destroy_service_spec.rb | 76 +++++++++++++++---- .../mark_for_deletion_service_spec.rb | 12 +++ 4 files changed, 94 insertions(+), 27 deletions(-) diff --git a/ee/app/services/ee/projects/destroy_service.rb b/ee/app/services/ee/projects/destroy_service.rb index 80b9e786f7c169..678326fdc59543 100644 --- a/ee/app/services/ee/projects/destroy_service.rb +++ b/ee/app/services/ee/projects/destroy_service.rb @@ -79,11 +79,19 @@ def log_geo_event(project) end def log_audit_event(project) - ::AuditEventService.new( - current_user, - project, - action: :destroy - ).for_project.security_event + audit_context = { + name: 'project_destroyed', + author: current_user, + scope: project.parent, + target: project, + message: 'Project destroyed', + target_details: project.full_path, + additional_details: { + remove: 'project' + } + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end end end diff --git a/ee/app/services/projects/mark_for_deletion_service.rb b/ee/app/services/projects/mark_for_deletion_service.rb index 2b4c164daa4a73..da6f11fec8a6e7 100644 --- a/ee/app/services/projects/mark_for_deletion_service.rb +++ b/ee/app/services/projects/mark_for_deletion_service.rb @@ -25,12 +25,15 @@ def log_event end def log_audit_event - ::AuditEventService.new( - current_user, - project, - action: :custom, - custom_message: "Project marked for deletion" - ).for_project.security_event + audit_context = { + name: 'project_deletion_marked', + author: current_user, + scope: project, + target: project, + message: 'Project marked for deletion' + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end def project_update_service_params diff --git a/ee/spec/services/projects/destroy_service_spec.rb b/ee/spec/services/projects/destroy_service_spec.rb index 04a792a7957838..66cb2ed5135ee4 100644 --- a/ee/spec/services/projects/destroy_service_spec.rb +++ b/ee/spec/services/projects/destroy_service_spec.rb @@ -112,26 +112,70 @@ end context 'audit events' do - include_examples 'audit event logging' do - let(:operation) { subject.execute } + context 'when the project belongs to a user namespace' do + include_examples 'audit event logging' do + let(:operation) { subject.execute } - let(:fail_condition!) do - expect(project).to receive(:destroy!).and_raise(StandardError.new('Other error message')) + let(:fail_condition!) do + expect(project).to receive(:destroy!).and_raise(StandardError.new('Other error message')) + end + + let(:event_type) { 'project_destroyed' } + + let(:attributes) do + { + author_id: user.id, + entity_id: project.parent.id, + entity_type: 'Namespaces::UserNamespace', + details: { + remove: 'project', + author_name: user.name, + target_id: project.id, + target_type: 'Project', + target_details: project.full_path, + author_class: user.class.name, + custom_message: 'Project destroyed' + } + } + end end + end + + context 'when the project belongs to a group' do + let(:group) { create :group } + let(:project) { create :project, namespace: group } + + subject { described_class.new(project, user, {}).execute } - let(:attributes) do - { - author_id: user.id, - entity_id: project.id, - entity_type: 'Project', - details: { - remove: 'project', - author_name: user.name, - target_id: project.id, - target_type: 'Project', - target_details: project.full_path + before do + group.add_owner(user) + end + + include_examples 'audit event logging' do + let(:operation) { subject } + + let(:fail_condition!) do + expect(project).to receive(:destroy!).and_raise(StandardError.new('Other error message')) + end + + let(:event_type) { 'project_destroyed' } + + let(:attributes) do + { + author_id: user.id, + entity_id: group.id, + entity_type: 'Group', + details: { + remove: 'project', + author_name: user.name, + target_id: project.id, + target_type: 'Project', + target_details: project.full_path, + author_class: user.class.name, + custom_message: 'Project destroyed' + } } - } + end end end end diff --git a/ee/spec/services/projects/mark_for_deletion_service_spec.rb b/ee/spec/services/projects/mark_for_deletion_service_spec.rb index 77ce34feb9413d..7ff60827fd21c4 100644 --- a/ee/spec/services/projects/mark_for_deletion_service_spec.rb +++ b/ee/spec/services/projects/mark_for_deletion_service_spec.rb @@ -51,6 +51,18 @@ context 'audit events' do it 'saves audit event' do + expect(::Gitlab::Audit::Auditor).to receive(:audit).with( + hash_including(name: 'project_path_updated') + ).and_call_original + + expect(::Gitlab::Audit::Auditor).to receive(:audit).with( + hash_including(name: 'project_name_updated') + ).and_call_original + + expect(::Gitlab::Audit::Auditor).to receive(:audit).with( + hash_including(name: 'project_deletion_marked') + ).and_call_original + expect { described_class.new(project, user).execute } .to change { AuditEvent.count }.by(3) end -- GitLab From eb5affef958ed98a8832f824036aa90ba3b9002f Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Thu, 13 Apr 2023 19:36:58 +0530 Subject: [PATCH 2/3] Added audit event yml files --- ee/config/audit_events/types/project_deletion_marked.yml | 9 +++++++++ ee/config/audit_events/types/project_destroyed.yml | 9 +++++++++ 2 files changed, 18 insertions(+) create mode 100644 ee/config/audit_events/types/project_deletion_marked.yml create mode 100644 ee/config/audit_events/types/project_destroyed.yml diff --git a/ee/config/audit_events/types/project_deletion_marked.yml b/ee/config/audit_events/types/project_deletion_marked.yml new file mode 100644 index 00000000000000..a8cbf6efb32305 --- /dev/null +++ b/ee/config/audit_events/types/project_deletion_marked.yml @@ -0,0 +1,9 @@ +--- +name: project_deletion_marked +description: Event triggered when a project is marked for deletion. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117546 +feature_category: compliance_management +milestone: '15.11' +saved_to_database: true +streamed: true diff --git a/ee/config/audit_events/types/project_destroyed.yml b/ee/config/audit_events/types/project_destroyed.yml new file mode 100644 index 00000000000000..e306ac21a17901 --- /dev/null +++ b/ee/config/audit_events/types/project_destroyed.yml @@ -0,0 +1,9 @@ +--- +name: project_destroyed +description: Event triggered when a project is destroyed. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117546 +feature_category: compliance_management +milestone: '15.11' +saved_to_database: true +streamed: true -- GitLab From 08887c344933d04b8a58dabfa114f0bca9b99957 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Thu, 13 Apr 2023 20:48:26 +0530 Subject: [PATCH 3/3] Fixed failing rspecs --- ee/spec/services/projects/destroy_service_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/services/projects/destroy_service_spec.rb b/ee/spec/services/projects/destroy_service_spec.rb index 66cb2ed5135ee4..2334dbfa2011d8 100644 --- a/ee/spec/services/projects/destroy_service_spec.rb +++ b/ee/spec/services/projects/destroy_service_spec.rb @@ -194,7 +194,7 @@ it 'sends the audit streaming event with json format' do expect(AuditEvents::AuditEventStreamingWorker).to receive(:perform_async).with( - 'audit_operation', + 'project_destroyed', nil, a_string_including("root_group_entity_id\":#{group.id}")) -- GitLab