From 6a3956f5323f84d191365f4f594da41ba885e1de Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Thu, 30 Nov 2023 17:26:25 +0530 Subject: [PATCH 1/2] Add GraphQL API to delete instance Amazon S3 configurations Changelog: added EE: true --- .../audit_event_types.md | 1 + doc/api/graphql/reference/index.md | 18 +++++ ee/app/graphql/ee/types/mutation_type.rb | 1 + .../amazon_s3_configurations/delete.rb | 24 +++++++ ...stance_amazon_s3_configuration_deleted.yml | 9 +++ .../amazon_s3_configurations/delete_spec.rb | 72 +++++++++++++++++++ 6 files changed, 125 insertions(+) create mode 100644 ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb create mode 100644 ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml create mode 100644 ee/spec/requests/api/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete_spec.rb diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index c5a97e469a940f..2b98a5073f7e28 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -56,6 +56,7 @@ Audit event types belong to the following product categories. | [`google_cloud_logging_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122025) | Triggered when Google Cloud Logging configuration is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) | | [`google_cloud_logging_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122025) | Triggered when Google Cloud Logging configuration is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) | | [`instance_amazon_s3_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137651) | Triggered when instance Amazon S3 configuration for audit events streaming is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | +| [`instance_amazon_s3_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138318) | Triggered when instance Amazon S3 configuration for audit events streaming is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | | [`instance_amazon_s3_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138310) | Triggered when instance-level Amazon S3 configuration for audit events streaming is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | | [`instance_google_cloud_logging_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130663) | Triggered when Instance level Google Cloud Logging configuration is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/423038) | | [`instance_google_cloud_logging_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131752) | Triggered when instance level Google Cloud Logging configuration is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423040) | diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index ce59c6c5905358..9d77de62695a33 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1529,6 +1529,24 @@ Input type: `AuditEventsInstanceAmazonS3ConfigurationCreateInput` | `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | | `instanceAmazonS3Configuration` | [`InstanceAmazonS3ConfigurationType`](#instanceamazons3configurationtype) | Created instance Amazon S3 configuration. | +### `Mutation.auditEventsInstanceAmazonS3ConfigurationDelete` + +Input type: `AuditEventsInstanceAmazonS3ConfigurationDeleteInput` + +#### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `id` | [`AuditEventsInstanceAmazonS3ConfigurationID!`](#auditeventsinstanceamazons3configurationid) | ID of the instance Amazon S3 configuration to destroy. | + +#### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | + ### `Mutation.auditEventsInstanceAmazonS3ConfigurationUpdate` Input type: `AuditEventsInstanceAmazonS3ConfigurationUpdateInput` diff --git a/ee/app/graphql/ee/types/mutation_type.rb b/ee/app/graphql/ee/types/mutation_type.rb index d6a6d65534f4c1..ac3eb9ea72783b 100644 --- a/ee/app/graphql/ee/types/mutation_type.rb +++ b/ee/app/graphql/ee/types/mutation_type.rb @@ -131,6 +131,7 @@ module MutationType mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Delete mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Update mount_mutation ::Mutations::AuditEvents::Instance::AmazonS3Configurations::Create + mount_mutation ::Mutations::AuditEvents::Instance::AmazonS3Configurations::Delete mount_mutation ::Mutations::AuditEvents::Instance::AmazonS3Configurations::Update mount_mutation ::Mutations::AuditEvents::Instance::GoogleCloudLoggingConfigurations::Create mount_mutation ::Mutations::Forecasting::BuildForecast, alpha: { milestone: '16.0' } diff --git a/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb b/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb new file mode 100644 index 00000000000000..675c5d3858a7b2 --- /dev/null +++ b/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module Mutations + module AuditEvents + module Instance + module AmazonS3Configurations + class Delete < Base + graphql_name 'AuditEventsInstanceAmazonS3ConfigurationDelete' + + argument :id, ::Types::GlobalIDType[::AuditEvents::Instance::AmazonS3Configuration], + required: true, + description: 'ID of the instance Amazon S3 configuration to destroy.' + + def resolve(id:) + config = authorized_find!(id: id) + + audit(config, action: :deleted) if config.destroy + { errors: Array(config.errors) } + end + end + end + end + end +end diff --git a/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml b/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml new file mode 100644 index 00000000000000..da0dfe5f5744db --- /dev/null +++ b/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml @@ -0,0 +1,9 @@ +--- +name: instance_amazon_s3_configuration_deleted +description: Triggered when instance Amazon S3 configuration for audit events streaming is deleted +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/423235 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138318 +feature_category: audit_events +milestone: '16.7' +saved_to_database: true +streamed: true diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete_spec.rb new file mode 100644 index 00000000000000..25740ae9589eff --- /dev/null +++ b/ee/spec/requests/api/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete_spec.rb @@ -0,0 +1,72 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Delete instance Amazon S3 configuration', feature_category: :audit_events do + include GraphqlHelpers + + let_it_be(:config) { create(:instance_amazon_s3_configuration) } + let_it_be(:current_user) { create(:admin) } + + let(:mutation) { graphql_mutation(:audit_events_instance_amazon_s3_configuration_delete, id: global_id_of(config)) } + let(:mutation_response) { graphql_mutation_response(:audit_events_instance_amazon_s3_configuration_delete) } + + subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) } + + context 'when feature is licensed' do + before do + stub_licensed_features(external_audit_events: true) + end + + context 'when current user is admin' do + it 'destroys the configuration' do + expect { mutate }.to change { AuditEvents::Instance::AmazonS3Configuration.count }.by(-1) + end + + it 'audits the deletion' do + expected_hash = { + name: 'instance_amazon_s3_configuration_deleted', + author: current_user, + scope: an_instance_of(Gitlab::Audit::InstanceScope), + target: config, + message: "Deleted Instance Amazon S3 configuration with name: #{config.name} bucket: " \ + "#{config.bucket_name} and AWS region: #{config.aws_region}" + } + + expect(Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(expected_hash)) + + mutate + end + + context 'when there is an error during destroy' do + before do + expect_next_found_instance_of(AuditEvents::Instance::AmazonS3Configuration) do |config| + allow(config).to receive(:destroy).and_return(false) + errors = ActiveModel::Errors.new(config).tap { |e| e.add(:base, 'error message') } + allow(config).to receive(:errors).and_return(errors) + end + end + + it 'does not destroy the configuration and returns the error' do + expect { mutate }.not_to change { AuditEvents::Instance::AmazonS3Configuration.count } + + expect(mutation_response).to include('errors' => ['error message']) + end + end + end + + context 'when current user is not admin' do + let_it_be(:current_user) { create(:user) } + + it_behaves_like 'a mutation on an unauthorized resource' + end + end + + context 'when feature is unlicensed' do + before do + stub_licensed_features(external_audit_events: false) + end + + it_behaves_like 'a mutation on an unauthorized resource' + end +end -- GitLab From 0666d9b9cefb3dff96816a2a9292bae55ced106b Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Mon, 4 Dec 2023 08:11:23 +0530 Subject: [PATCH 2/2] Update docs --- doc/administration/audit_event_streaming/audit_event_types.md | 2 +- doc/api/graphql/reference/index.md | 2 +- .../audit_events/instance/amazon_s3_configurations/delete.rb | 2 +- .../types/instance_amazon_s3_configuration_deleted.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index 2b98a5073f7e28..b1ff9640d77b04 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -56,7 +56,7 @@ Audit event types belong to the following product categories. | [`google_cloud_logging_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122025) | Triggered when Google Cloud Logging configuration is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) | | [`google_cloud_logging_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122025) | Triggered when Google Cloud Logging configuration is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) | | [`instance_amazon_s3_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137651) | Triggered when instance Amazon S3 configuration for audit events streaming is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | -| [`instance_amazon_s3_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138318) | Triggered when instance Amazon S3 configuration for audit events streaming is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | +| [`instance_amazon_s3_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138318) | Triggered when instance-level Amazon S3 configuration for audit events streaming is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | | [`instance_amazon_s3_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138310) | Triggered when instance-level Amazon S3 configuration for audit events streaming is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) | | [`instance_google_cloud_logging_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130663) | Triggered when Instance level Google Cloud Logging configuration is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/423038) | | [`instance_google_cloud_logging_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131752) | Triggered when instance level Google Cloud Logging configuration is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423040) | diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 9d77de62695a33..44ceb7f57ef944 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1538,7 +1538,7 @@ Input type: `AuditEventsInstanceAmazonS3ConfigurationDeleteInput` | Name | Type | Description | | ---- | ---- | ----------- | | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `id` | [`AuditEventsInstanceAmazonS3ConfigurationID!`](#auditeventsinstanceamazons3configurationid) | ID of the instance Amazon S3 configuration to destroy. | +| `id` | [`AuditEventsInstanceAmazonS3ConfigurationID!`](#auditeventsinstanceamazons3configurationid) | ID of the instance-level Amazon S3 configuration to delete. | #### Fields diff --git a/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb b/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb index 675c5d3858a7b2..e9f5f93da54b5f 100644 --- a/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb +++ b/ee/app/graphql/mutations/audit_events/instance/amazon_s3_configurations/delete.rb @@ -9,7 +9,7 @@ class Delete < Base argument :id, ::Types::GlobalIDType[::AuditEvents::Instance::AmazonS3Configuration], required: true, - description: 'ID of the instance Amazon S3 configuration to destroy.' + description: 'ID of the instance-level Amazon S3 configuration to delete.' def resolve(id:) config = authorized_find!(id: id) diff --git a/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml b/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml index da0dfe5f5744db..8fc3e4ad455e54 100644 --- a/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml +++ b/ee/config/audit_events/types/instance_amazon_s3_configuration_deleted.yml @@ -1,6 +1,6 @@ --- name: instance_amazon_s3_configuration_deleted -description: Triggered when instance Amazon S3 configuration for audit events streaming is deleted +description: Triggered when instance-level Amazon S3 configuration for audit events streaming is deleted introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/423235 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138318 feature_category: audit_events -- GitLab