From 2272da6f486242328f46822a792e747d2cd68195 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Mon, 30 Jan 2023 08:19:29 -0600 Subject: [PATCH 1/4] Refactor GroupSaml::SamlGroupLinks::CreateService audit events --- .../group_saml/saml_group_links/create_service.rb | 2 +- ee/config/audit_events/types/saml_group_link_created.yml | 9 +++++++++ .../groups/saml_group_links_controller_spec.rb | 2 +- .../group_saml/saml_group_links/create_service_spec.rb | 9 ++++++++- 4 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 ee/config/audit_events/types/saml_group_link_created.yml diff --git a/ee/app/services/group_saml/saml_group_links/create_service.rb b/ee/app/services/group_saml/saml_group_links/create_service.rb index dc72df65f0428e..34c2defecb5c95 100644 --- a/ee/app/services/group_saml/saml_group_links/create_service.rb +++ b/ee/app/services/group_saml/saml_group_links/create_service.rb @@ -47,7 +47,7 @@ def error def create_audit_event ::Gitlab::Audit::Auditor.audit( - name: 'saml_group_links_created', + name: 'saml_group_link_created', author: current_user, scope: group, target: group, diff --git a/ee/config/audit_events/types/saml_group_link_created.yml b/ee/config/audit_events/types/saml_group_link_created.yml new file mode 100644 index 00000000000000..33e3f71704e1a9 --- /dev/null +++ b/ee/config/audit_events/types/saml_group_link_created.yml @@ -0,0 +1,9 @@ +--- +name: saml_group_link_created +description: Event triggered when a SAML Group Link is created +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/373954 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110525 +feature_category: compliance_management +milestone: '15.9' +saved_to_database: true +streamed: true diff --git a/ee/spec/controllers/groups/saml_group_links_controller_spec.rb b/ee/spec/controllers/groups/saml_group_links_controller_spec.rb index 32f7ec7f0b2c2f..e9369954702fc6 100644 --- a/ee/spec/controllers/groups/saml_group_links_controller_spec.rb +++ b/ee/spec/controllers/groups/saml_group_links_controller_spec.rb @@ -67,7 +67,7 @@ expect(::Gitlab::Audit::Auditor) .to receive(:audit).with( hash_including( - { name: "saml_group_links_created", + { name: "saml_group_link_created", author: user, scope: group, target: group, diff --git a/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb b/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb index 63306ebcb246a2..f297dcb4e47885 100644 --- a/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb +++ b/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb @@ -32,7 +32,14 @@ let_it_be(:saml_provider) { create(:saml_provider, group: group, enabled: true) } it "create a new saml_group_link entry against the group" do - expect(::Gitlab::Audit::Auditor).to receive(:audit).once.and_call_original + audit_context = { + name: 'saml_group_link_created', + author: current_user, + scope: group, + target: group, + message: audit_event_message + } + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context).once.and_call_original response = service.execute -- GitLab From 533b303b3e159e9c956851edde04ee9ae03a9ecc Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Mon, 30 Jan 2023 08:25:59 -0600 Subject: [PATCH 2/4] Refactor GroupSaml::SamlGroupLinks::DestroyService audit events --- .../group_saml/saml_group_links/destroy_service.rb | 2 +- .../audit_events/types/saml_group_link_destroyed.yml | 9 +++++++++ .../groups/saml_group_links_controller_spec.rb | 2 +- .../saml_group_links/destroy_service_spec.rb | 10 +++++++++- 4 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 ee/config/audit_events/types/saml_group_link_destroyed.yml diff --git a/ee/app/services/group_saml/saml_group_links/destroy_service.rb b/ee/app/services/group_saml/saml_group_links/destroy_service.rb index faf5bd91af14f2..fa8ccbdaab3893 100644 --- a/ee/app/services/group_saml/saml_group_links/destroy_service.rb +++ b/ee/app/services/group_saml/saml_group_links/destroy_service.rb @@ -31,7 +31,7 @@ def authorized? def create_audit_event ::Gitlab::Audit::Auditor.audit( - name: 'saml_group_links_removed', + name: 'saml_group_link_destroyed', author: current_user, scope: group, target: group, diff --git a/ee/config/audit_events/types/saml_group_link_destroyed.yml b/ee/config/audit_events/types/saml_group_link_destroyed.yml new file mode 100644 index 00000000000000..4df15fdb6ebac7 --- /dev/null +++ b/ee/config/audit_events/types/saml_group_link_destroyed.yml @@ -0,0 +1,9 @@ +--- +name: saml_group_link_destroyed +description: Event triggered when a SAML Group Link is destroyed +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/373954 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110525 +feature_category: compliance_management +milestone: '15.9' +saved_to_database: true +streamed: true diff --git a/ee/spec/controllers/groups/saml_group_links_controller_spec.rb b/ee/spec/controllers/groups/saml_group_links_controller_spec.rb index e9369954702fc6..f1170a82518305 100644 --- a/ee/spec/controllers/groups/saml_group_links_controller_spec.rb +++ b/ee/spec/controllers/groups/saml_group_links_controller_spec.rb @@ -117,7 +117,7 @@ expect(::Gitlab::Audit::Auditor) .to receive(:audit).with( hash_including( - { name: "saml_group_links_removed", + { name: "saml_group_link_destroyed", author: user, scope: group, target: group, diff --git a/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb b/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb index 9acb4c4d3be3d2..5376e98ea77077 100644 --- a/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb +++ b/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb @@ -26,8 +26,16 @@ before do stub_licensed_features(group_saml: true, saml_group_sync: true) end + it "create a new saml_group_link entry against the group" do - expect(::Gitlab::Audit::Auditor).to receive(:audit).once.and_call_original + audit_context = { + name: 'saml_group_link_destroyed', + author: current_user, + scope: group, + target: group, + message: audit_event_message + } + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context).once.and_call_original response = service.execute -- GitLab From 94bc0fd6949f840cb6c074fd33d36b2f76223785 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 7 Feb 2023 07:42:07 -0600 Subject: [PATCH 3/4] Preserve existing audit event names --- ee/app/services/group_saml/saml_group_links/create_service.rb | 2 +- ee/app/services/group_saml/saml_group_links/destroy_service.rb | 2 +- ...saml_group_link_created.yml => saml_group_links_created.yml} | 2 +- ...ml_group_link_destroyed.yml => saml_group_links_removed.yml} | 2 +- .../services/group_saml/saml_group_links/create_service_spec.rb | 2 +- .../group_saml/saml_group_links/destroy_service_spec.rb | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) rename ee/config/audit_events/types/{saml_group_link_created.yml => saml_group_links_created.yml} (91%) rename ee/config/audit_events/types/{saml_group_link_destroyed.yml => saml_group_links_removed.yml} (90%) diff --git a/ee/app/services/group_saml/saml_group_links/create_service.rb b/ee/app/services/group_saml/saml_group_links/create_service.rb index 34c2defecb5c95..dc72df65f0428e 100644 --- a/ee/app/services/group_saml/saml_group_links/create_service.rb +++ b/ee/app/services/group_saml/saml_group_links/create_service.rb @@ -47,7 +47,7 @@ def error def create_audit_event ::Gitlab::Audit::Auditor.audit( - name: 'saml_group_link_created', + name: 'saml_group_links_created', author: current_user, scope: group, target: group, diff --git a/ee/app/services/group_saml/saml_group_links/destroy_service.rb b/ee/app/services/group_saml/saml_group_links/destroy_service.rb index fa8ccbdaab3893..faf5bd91af14f2 100644 --- a/ee/app/services/group_saml/saml_group_links/destroy_service.rb +++ b/ee/app/services/group_saml/saml_group_links/destroy_service.rb @@ -31,7 +31,7 @@ def authorized? def create_audit_event ::Gitlab::Audit::Auditor.audit( - name: 'saml_group_link_destroyed', + name: 'saml_group_links_removed', author: current_user, scope: group, target: group, diff --git a/ee/config/audit_events/types/saml_group_link_created.yml b/ee/config/audit_events/types/saml_group_links_created.yml similarity index 91% rename from ee/config/audit_events/types/saml_group_link_created.yml rename to ee/config/audit_events/types/saml_group_links_created.yml index 33e3f71704e1a9..9a7aa6511239f1 100644 --- a/ee/config/audit_events/types/saml_group_link_created.yml +++ b/ee/config/audit_events/types/saml_group_links_created.yml @@ -1,5 +1,5 @@ --- -name: saml_group_link_created +name: saml_group_links_created description: Event triggered when a SAML Group Link is created introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/373954 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110525 diff --git a/ee/config/audit_events/types/saml_group_link_destroyed.yml b/ee/config/audit_events/types/saml_group_links_removed.yml similarity index 90% rename from ee/config/audit_events/types/saml_group_link_destroyed.yml rename to ee/config/audit_events/types/saml_group_links_removed.yml index 4df15fdb6ebac7..8ca2971496b4bc 100644 --- a/ee/config/audit_events/types/saml_group_link_destroyed.yml +++ b/ee/config/audit_events/types/saml_group_links_removed.yml @@ -1,5 +1,5 @@ --- -name: saml_group_link_destroyed +name: saml_group_links_removed description: Event triggered when a SAML Group Link is destroyed introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/373954 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110525 diff --git a/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb b/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb index f297dcb4e47885..c0dd59a52f64e4 100644 --- a/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb +++ b/ee/spec/services/group_saml/saml_group_links/create_service_spec.rb @@ -33,7 +33,7 @@ it "create a new saml_group_link entry against the group" do audit_context = { - name: 'saml_group_link_created', + name: 'saml_group_links_created', author: current_user, scope: group, target: group, diff --git a/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb b/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb index 5376e98ea77077..6ea88150c8c443 100644 --- a/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb +++ b/ee/spec/services/group_saml/saml_group_links/destroy_service_spec.rb @@ -29,7 +29,7 @@ it "create a new saml_group_link entry against the group" do audit_context = { - name: 'saml_group_link_destroyed', + name: 'saml_group_links_removed', author: current_user, scope: group, target: group, -- GitLab From fb9493f431ca04f025f62894c4ec3d8fc1dd82db Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Thu, 9 Feb 2023 10:45:35 -0600 Subject: [PATCH 4/4] Fix tests --- .../controllers/groups/saml_group_links_controller_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/spec/controllers/groups/saml_group_links_controller_spec.rb b/ee/spec/controllers/groups/saml_group_links_controller_spec.rb index f1170a82518305..32f7ec7f0b2c2f 100644 --- a/ee/spec/controllers/groups/saml_group_links_controller_spec.rb +++ b/ee/spec/controllers/groups/saml_group_links_controller_spec.rb @@ -67,7 +67,7 @@ expect(::Gitlab::Audit::Auditor) .to receive(:audit).with( hash_including( - { name: "saml_group_link_created", + { name: "saml_group_links_created", author: user, scope: group, target: group, @@ -117,7 +117,7 @@ expect(::Gitlab::Audit::Auditor) .to receive(:audit).with( hash_including( - { name: "saml_group_link_destroyed", + { name: "saml_group_links_removed", author: user, scope: group, target: group, -- GitLab