From 3aca1db1b45cbd0a032262305b1ae13d7f2dae30 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Sun, 5 Feb 2023 07:21:45 -0600 Subject: [PATCH 1/2] Refactor audit events for Releases API Adds the following audit event types: - release_created - release_updated - release_deleted - release_milestones_updated --- .../audit_events/types/release_created.yml | 9 +++ .../audit_events/types/release_deleted.yml | 9 +++ .../types/release_milestones_updated.yml | 9 +++ .../audit_events/types/release_updated.yml | 9 +++ ee/lib/ee/api/releases.rb | 62 +++++++++++++------ ee/spec/requests/api/releases_spec.rb | 29 ++++++--- 6 files changed, 99 insertions(+), 28 deletions(-) create mode 100644 ee/config/audit_events/types/release_created.yml create mode 100644 ee/config/audit_events/types/release_deleted.yml create mode 100644 ee/config/audit_events/types/release_milestones_updated.yml create mode 100644 ee/config/audit_events/types/release_updated.yml diff --git a/ee/config/audit_events/types/release_created.yml b/ee/config/audit_events/types/release_created.yml new file mode 100644 index 00000000000000..61e7b28eee70d0 --- /dev/null +++ b/ee/config/audit_events/types/release_created.yml @@ -0,0 +1,9 @@ +--- +name: release_created +description: Event triggered when a release is created +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374111 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111080 +feature_category: compliance_management +milestone: '15.9' +saved_to_database: true +streamed: true diff --git a/ee/config/audit_events/types/release_deleted.yml b/ee/config/audit_events/types/release_deleted.yml new file mode 100644 index 00000000000000..4cae4c8cda8446 --- /dev/null +++ b/ee/config/audit_events/types/release_deleted.yml @@ -0,0 +1,9 @@ +--- +name: release_deleted +description: Event triggered when a release is deleted +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374111 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111080 +feature_category: compliance_management +milestone: '15.9' +saved_to_database: true +streamed: true diff --git a/ee/config/audit_events/types/release_milestones_updated.yml b/ee/config/audit_events/types/release_milestones_updated.yml new file mode 100644 index 00000000000000..37067f10bc4fa9 --- /dev/null +++ b/ee/config/audit_events/types/release_milestones_updated.yml @@ -0,0 +1,9 @@ +--- +name: release_milestones_updated +description: Event triggered when a release's associated milestones are updated +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374111 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111080 +feature_category: compliance_management +milestone: '15.9' +saved_to_database: true +streamed: true diff --git a/ee/config/audit_events/types/release_updated.yml b/ee/config/audit_events/types/release_updated.yml new file mode 100644 index 00000000000000..79968dd3ee711a --- /dev/null +++ b/ee/config/audit_events/types/release_updated.yml @@ -0,0 +1,9 @@ +--- +name: release_updated +description: Event triggered when a release is updated +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374111 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111080 +feature_category: compliance_management +milestone: '15.9' +saved_to_database: true +streamed: true diff --git a/ee/lib/ee/api/releases.rb b/ee/lib/ee/api/releases.rb index 8485d6795ea9dc..0033981d63dc5e 100644 --- a/ee/lib/ee/api/releases.rb +++ b/ee/lib/ee/api/releases.rb @@ -40,28 +40,45 @@ module Releases override :log_release_created_audit_event def log_release_created_audit_event(release) - ::AuditEvents::ReleaseCreatedAuditEventService.new( - current_user, - user_project, - request.ip, - release - ).security_event + message = "Created Release #{release.tag}" + if release.milestones.count > 0 + message += " with #{'Milestone'.pluralize(release.milestones.count)} " + + release.milestone_titles + end + + audit_context = { + name: 'release_created', + ip_address: request.ip, + author: current_user, + target: release, + scope: user_project, + message: message, + target_details: release.name + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end override :log_release_updated_audit_event def log_release_updated_audit_event - ::AuditEvents::ReleaseUpdatedAuditEventService.new( - current_user, - user_project, - request.ip, - release - ).security_event + audit_context = { + name: 'release_updated', + ip_address: request.ip, + author: current_user, + target: release, + scope: user_project, + message: "Updated Release #{release.tag}", + target_details: release.name + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end override :log_release_deleted_audit_event def log_release_deleted_audit_event audit_context = { - name: 'release_deleted_audit_event', + name: 'release_deleted', + ip_address: request.ip, author: current_user, target: release, scope: user_project, @@ -74,12 +91,19 @@ def log_release_deleted_audit_event override :log_release_milestones_updated_audit_event def log_release_milestones_updated_audit_event - ::AuditEvents::ReleaseAssociateMilestoneAuditEventService.new( - current_user, - user_project, - request.ip, - release - ).security_event + milestones = release.milestone_titles.presence || '[none]' + + audit_context = { + name: 'release_milestones_updated', + ip_address: request.ip, + author: current_user, + target: release, + scope: user_project, + message: "Milestones associated with release changed to #{milestones}", + target_details: release.name + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end override :authorize_create_evidence! diff --git a/ee/spec/requests/api/releases_spec.rb b/ee/spec/requests/api/releases_spec.rb index dec7428922c69d..75033e99c959d9 100644 --- a/ee/spec/requests/api/releases_spec.rb +++ b/ee/spec/requests/api/releases_spec.rb @@ -40,10 +40,12 @@ release = project.releases.last - expect(subject[:custom_message]).to eq("Created Release #{release.tag}") - expect(subject[:target_type]).to eq('Release') - expect(subject[:target_id]).to eq(release.id) - expect(subject[:target_details]).to eq(release.name) + expect(subject).to include({ + custom_message: "Created Release #{release.tag}", + target_type: "Release", + target_id: release.id, + target_details: release.name + }) end context 'with milestone' do @@ -56,10 +58,12 @@ release = project.releases.last - expect(subject[:custom_message]).to eq("Created Release v0.1 with Milestone v1.0") - expect(subject[:target_type]).to eq('Release') - expect(subject[:target_id]).to eq(release.id) - expect(subject[:target_details]).to eq(release.name) + expect(subject).to include({ + custom_message: "Created Release #{release.tag} with Milestone #{milestone.title}", + target_type: "Release", + target_id: release.id, + target_details: release.name + }) end end end @@ -343,7 +347,14 @@ delete api("/projects/#{project.id}/releases/v0.1", maintainer) end.to change { AuditEvent.count }.by(1) - expect(AuditEvent.last.details[:custom_message]).to eq("Deleted release #{release.tag}") + expect(AuditEvent.last.details).to include({ + author_name: maintainer.name, + author_class: "User", + target_id: release.id, + target_type: "Release", + target_details: release.name, + custom_message: "Deleted release #{release.tag}" + }) end end end -- GitLab From 8f2fd61d35a1e73363d5e9565b194f384571b6ca Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Sat, 11 Feb 2023 13:45:50 -0600 Subject: [PATCH 2/2] Preserve existing release_deleted_audit_event name --- .../{release_deleted.yml => release_deleted_audit_event.yml} | 2 +- ee/lib/ee/api/releases.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename ee/config/audit_events/types/{release_deleted.yml => release_deleted_audit_event.yml} (90%) diff --git a/ee/config/audit_events/types/release_deleted.yml b/ee/config/audit_events/types/release_deleted_audit_event.yml similarity index 90% rename from ee/config/audit_events/types/release_deleted.yml rename to ee/config/audit_events/types/release_deleted_audit_event.yml index 4cae4c8cda8446..63c31918da44ce 100644 --- a/ee/config/audit_events/types/release_deleted.yml +++ b/ee/config/audit_events/types/release_deleted_audit_event.yml @@ -1,5 +1,5 @@ --- -name: release_deleted +name: release_deleted_audit_event description: Event triggered when a release is deleted introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374111 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111080 diff --git a/ee/lib/ee/api/releases.rb b/ee/lib/ee/api/releases.rb index 0033981d63dc5e..25f4421c3196d8 100644 --- a/ee/lib/ee/api/releases.rb +++ b/ee/lib/ee/api/releases.rb @@ -77,7 +77,7 @@ def log_release_updated_audit_event override :log_release_deleted_audit_event def log_release_deleted_audit_event audit_context = { - name: 'release_deleted', + name: 'release_deleted_audit_event', ip_address: request.ip, author: current_user, target: release, -- GitLab