From ba5ed89d1bc39b789493e5230b5bd8db9d83d24a Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Wed, 17 May 2023 16:13:41 +0530
Subject: [PATCH 1/7] Refactored audit event for group creation

EE: true
Changelog: added
---
 ee/app/services/ee/groups/create_service.rb    | 18 +++++++++++++-----
 ee/config/audit_events/types/group_created.yml |  9 +++++++++
 ee/spec/services/groups/create_service_spec.rb |  6 ++++--
 3 files changed, 26 insertions(+), 7 deletions(-)
 create mode 100644 ee/config/audit_events/types/group_created.yml

diff --git a/ee/app/services/ee/groups/create_service.rb b/ee/app/services/ee/groups/create_service.rb
index d8afc782cfb4f7..0ad176bbc2faad 100644
--- a/ee/app/services/ee/groups/create_service.rb
+++ b/ee/app/services/ee/groups/create_service.rb
@@ -5,6 +5,9 @@ module Groups
     module CreateService
       extend ::Gitlab::Utils::Override
 
+      AUDIT_EVENT_TYPE = 'group_created'
+      AUDIT_EVENT_MESSAGE = 'Added group'
+
       override :execute
       def execute
         super.tap do |group|
@@ -44,11 +47,16 @@ def remove_unallowed_params
       end
 
       def log_audit_event
-        ::AuditEventService.new(
-          current_user,
-          group,
-          action: :create
-        ).for_group.security_event
+        audit_context = {
+          name: AUDIT_EVENT_TYPE,
+          author: current_user,
+          scope: group,
+          target: group,
+          message: AUDIT_EVENT_MESSAGE,
+          target_details: group.full_path
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/config/audit_events/types/group_created.yml b/ee/config/audit_events/types/group_created.yml
new file mode 100644
index 00000000000000..1aefd428c4b244
--- /dev/null
+++ b/ee/config/audit_events/types/group_created.yml
@@ -0,0 +1,9 @@
+---
+name: group_created
+description: Event triggered when a group is created.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/411595
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986
+feature_category: compliance_management
+milestone: '16.1'
+saved_to_database: true
+streamed: true
diff --git a/ee/spec/services/groups/create_service_spec.rb b/ee/spec/services/groups/create_service_spec.rb
index f628f22242478b..4181f1496bcb17 100644
--- a/ee/spec/services/groups/create_service_spec.rb
+++ b/ee/spec/services/groups/create_service_spec.rb
@@ -14,6 +14,7 @@
 
   context 'audit events' do
     include_examples 'audit event logging' do
+      let_it_be(:event_type) { Groups::CreateService::AUDIT_EVENT_TYPE }
       let(:operation) { create_group(user, group_params) }
       let(:fail_condition!) do
         allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false)
@@ -25,11 +26,12 @@
            entity_id: @resource.id,
            entity_type: 'Group',
            details: {
-             add: 'group',
              author_name: user.name,
              target_id: @resource.id,
              target_type: 'Group',
-             target_details: @resource.full_path
+             target_details: @resource.full_path,
+             custom_message: Groups::CreateService::AUDIT_EVENT_MESSAGE,
+             author_class: user.class.name
            }
          }
       end
-- 
GitLab


From f28b86e4d19e807b8cca20149562a75295998073 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Wed, 17 May 2023 16:15:38 +0530
Subject: [PATCH 2/7] Updated audit event MR

---
 ee/config/audit_events/types/group_created.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/config/audit_events/types/group_created.yml b/ee/config/audit_events/types/group_created.yml
index 1aefd428c4b244..cd486aa9ecb422 100644
--- a/ee/config/audit_events/types/group_created.yml
+++ b/ee/config/audit_events/types/group_created.yml
@@ -2,7 +2,7 @@
 name: group_created
 description: Event triggered when a group is created.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/411595
-introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005
 feature_category: compliance_management
 milestone: '16.1'
 saved_to_database: true
-- 
GitLab


From 3c4055a002c07689e468e68bde55f56db9677a50 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Wed, 17 May 2023 20:23:39 +0530
Subject: [PATCH 3/7] Increased query threshold

---
 ee/spec/features/registrations/combined_registration_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb
index 5a7aac736e6a70..09c416f30691c7 100644
--- a/ee/spec/features/registrations/combined_registration_spec.rb
+++ b/ee/spec/features/registrations/combined_registration_spec.rb
@@ -9,7 +9,7 @@
 
   before do
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(151)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(158)
     stub_experiments(experiments)
     stub_application_setting(import_sources: %w[github gitlab_project])
     sign_in(user)
-- 
GitLab


From 840528459768f73a1c5e9e4026696b94805a601d Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Wed, 26 Jul 2023 18:38:05 +0530
Subject: [PATCH 4/7] Updating audit event doc

---
 doc/administration/audit_event_streaming/audit_event_types.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md
index 61aa5e9e70cc9f..74543e709ab062 100644
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ b/doc/administration/audit_event_streaming/audit_event_types.md
@@ -88,6 +88,7 @@ Audit event types are used to [filter streamed audit events](index.md#update-eve
 | [`group_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failing to create a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on deleting a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failure to delete a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
+| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | Event triggered when a group is created. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) |
 | [`group_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | Event triggered when a group is marked for deletion. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) |
 | [`group_deploy_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token is created | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_deploy_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token fails to create | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
-- 
GitLab


From 6a17d062b0347304a46cc2aa7c7d6e68897b7506 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 27 Jul 2023 07:42:17 +0000
Subject: [PATCH 5/7] Update group_created.yml

---
 ee/config/audit_events/types/group_created.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/config/audit_events/types/group_created.yml b/ee/config/audit_events/types/group_created.yml
index cd486aa9ecb422..cd3b85c379af50 100644
--- a/ee/config/audit_events/types/group_created.yml
+++ b/ee/config/audit_events/types/group_created.yml
@@ -4,6 +4,6 @@ description: Event triggered when a group is created.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/411595
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005
 feature_category: compliance_management
-milestone: '16.1'
+milestone: '16.3'
 saved_to_database: true
 streamed: true
-- 
GitLab


From 0846188d2b49a8bed2bc2a6a03aefc2f75e38e61 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Thu, 27 Jul 2023 14:03:25 +0530
Subject: [PATCH 6/7] Updated audit event doc

---
 doc/administration/audit_event_streaming/audit_event_types.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md
index 5700eb3f20491a..94914af5df1170 100644
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ b/doc/administration/audit_event_streaming/audit_event_types.md
@@ -90,7 +90,7 @@ Audit event types are used to [filter streamed audit events](index.md#update-eve
 | [`group_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failing to create a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on deleting a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failure to delete a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
-| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | Event triggered when a group is created. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) |
+| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | Event triggered when a group is created. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) |
 | [`group_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | Event triggered when a group is marked for deletion. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) |
 | [`group_deploy_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token is created | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_deploy_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token fails to create | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
-- 
GitLab


From 9ca31eabb901101e534e658e4b0f46bb5286ba89 Mon Sep 17 00:00:00 2001
From: Hitesh Raghuvanshi <hraghuvanshi@gitlab.com>
Date: Tue, 1 Aug 2023 15:40:46 +0530
Subject: [PATCH 7/7] Updated feature category

---
 doc/administration/audit_event_streaming/audit_event_types.md | 2 +-
 ee/config/audit_events/types/group_created.yml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md
index 94914af5df1170..14441f1a6d5518 100644
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ b/doc/administration/audit_event_streaming/audit_event_types.md
@@ -90,7 +90,7 @@ Audit event types are used to [filter streamed audit events](index.md#update-eve
 | [`group_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failing to create a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on deleting a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failure to delete a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
-| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | Event triggered when a group is created. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) |
+| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | Event triggered when a group is created. | **{check-circle}** Yes | **{check-circle}** Yes | `groups_and_projects` | [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) |
 | [`group_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | Event triggered when a group is marked for deletion. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) |
 | [`group_deploy_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token is created | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_deploy_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token fails to create | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
diff --git a/ee/config/audit_events/types/group_created.yml b/ee/config/audit_events/types/group_created.yml
index cd3b85c379af50..4e0e82590afd08 100644
--- a/ee/config/audit_events/types/group_created.yml
+++ b/ee/config/audit_events/types/group_created.yml
@@ -3,7 +3,7 @@ name: group_created
 description: Event triggered when a group is created.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/411595
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005
-feature_category: compliance_management
+feature_category: groups_and_projects
 milestone: '16.3'
 saved_to_database: true
 streamed: true
-- 
GitLab