From ecf4025218d2cb8098ef0e0df716178bf12b746b Mon Sep 17 00:00:00 2001 From: TamsilAmani Date: Fri, 1 Sep 2023 00:47:00 +0530 Subject: [PATCH 1/2] Replacing AuditEventService with Gitlab::Audit::Auditor Added event type inactive_project_scheduled_for_deletion. Changelog: changed EE: true --- .../inactive_projects_deletion_cron_worker.rb | 15 +++++++++------ ...inactive_project_scheduled_for_deletion.yml | 9 +++++++++ ...ctive_projects_deletion_cron_worker_spec.rb | 18 ++++++++++++++++++ 3 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml diff --git a/ee/app/workers/ee/projects/inactive_projects_deletion_cron_worker.rb b/ee/app/workers/ee/projects/inactive_projects_deletion_cron_worker.rb index 2964ccfa818bd3..6bb1cefd2ff2e7 100644 --- a/ee/app/workers/ee/projects/inactive_projects_deletion_cron_worker.rb +++ b/ee/app/workers/ee/projects/inactive_projects_deletion_cron_worker.rb @@ -26,12 +26,15 @@ def send_deletion_warning_email?(deletion_warning_email_sent_on, project) def send_notification(project, user) super - ::AuditEventService.new( - user, - project, - action: :custom, - custom_message: "Project is scheduled to be deleted on #{deletion_date} due to inactivity." - ).for_project.security_event + audit_context = { + name: 'inactive_project_scheduled_for_deletion', + author: user, + scope: project, + target: project, + message: "Project is scheduled to be deleted on #{deletion_date} due to inactivity." + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end end end diff --git a/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml b/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml new file mode 100644 index 00000000000000..49f87c599e207e --- /dev/null +++ b/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml @@ -0,0 +1,9 @@ +--- +name: inactive_project_scheduled_for_deletion +description: Triggered when inactive project is scheduled for deletion +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/423263 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485 +feature_category: compliance_management +milestone: '16.4' +saved_to_database: true +streamed: true diff --git a/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb b/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb index 11a99f8fc3b2fb..4c853f92f2a549 100644 --- a/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb +++ b/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb @@ -78,6 +78,24 @@ .to eq("Project is scheduled to be deleted on #{deletion_date} due to inactivity.") end + it 'invokes Projects::InactiveProjectsDeletionNotificationWorker for inactive projects & logs with Gitlab Audit' do + Gitlab::Redis::SharedState.with do |redis| + expect(redis).to receive(:hset).with( + 'inactive_projects_deletion_warning_email_notified', + "project:#{inactive_large_project.id}", + Date.current + ) + end + expect(::Projects::InactiveProjectsDeletionNotificationWorker).to receive(:perform_async).with( + inactive_large_project.id, deletion_date).and_call_original + expect(::Projects::DestroyService).not_to receive(:new) + expect(Gitlab::Audit::Auditor).to receive(:audit) + .with(hash_including(message: "Project is scheduled to be deleted on #{deletion_date} due to inactivity.")) + .and_call_original + + worker.perform + end + context 'when adjourned_deletion_for_projects_and_groups feature is not available' do before do stub_licensed_features(adjourned_deletion_for_projects_and_groups: false) -- GitLab From ea6cc1a95585e10662df5ff339bab72eb82eb9e8 Mon Sep 17 00:00:00 2001 From: TamsilAmani Date: Fri, 1 Sep 2023 14:19:30 +0530 Subject: [PATCH 2/2] Modified existing rspec to comply with the changes Changelog: changed --- .../audit_event_types.md | 1 + ...nactive_project_scheduled_for_deletion.yml | 2 +- ...tive_projects_deletion_cron_worker_spec.rb | 26 ++++++------------- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index 3b61f8f36e120f..2a7c3367f6a466 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -145,6 +145,7 @@ Every audit event is associated with an event type. The association with the eve | [`group_shared_runners_minutes_limit_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | Event triggered when a groups shared runners minutes limit is updated. | **{check-circle}** Yes | **{check-circle}** Yes | `groups_and_projects` | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369324) | | [`group_two_factor_grace_period_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | Event triggered when a groups two factor grace period is updated. | **{check-circle}** Yes | **{check-circle}** Yes | `groups_and_projects` | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369326) | | [`group_visibility_level_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106079) | Event triggered when a groups visibility level is updated. | **{check-circle}** Yes | **{check-circle}** Yes | `groups_and_projects` | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/369322) | +| [`inactive_project_scheduled_for_deletion`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130699) | Triggered when inactive project is scheduled for deletion | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/423263) | | [`incident_closed_by_project_bot`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485) | Triggered when an incident is closed using a project access token | **{check-circle}** Yes | **{check-circle}** Yes | `incident_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323299) | | [`incident_created_by_project_bot`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485) | Triggered when an incident is created using a project access token | **{check-circle}** Yes | **{check-circle}** Yes | `incident_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323299) | | [`incident_reopened_by_project_bot`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485) | Triggered when an incident is reopened using a project access token | **{check-circle}** Yes | **{check-circle}** Yes | `incident_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323299) | diff --git a/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml b/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml index 49f87c599e207e..29bcd19d2b7af1 100644 --- a/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml +++ b/ee/config/audit_events/types/inactive_project_scheduled_for_deletion.yml @@ -2,7 +2,7 @@ name: inactive_project_scheduled_for_deletion description: Triggered when inactive project is scheduled for deletion introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/423263 -introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121485 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130699 feature_category: compliance_management milestone: '16.4' saved_to_database: true diff --git a/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb b/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb index 4c853f92f2a549..1ecfecf3e5c2f4 100644 --- a/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb +++ b/ee/spec/workers/ee/projects/inactive_projects_deletion_cron_worker_spec.rb @@ -60,6 +60,13 @@ end it 'invokes Projects::InactiveProjectsDeletionNotificationWorker for inactive projects and logs audit event' do + audit_context = { + name: "inactive_project_scheduled_for_deletion", + message: "Project is scheduled to be deleted on #{deletion_date} due to inactivity.", + target: inactive_large_project, + scope: inactive_large_project, + author: admin_bot + } Gitlab::Redis::SharedState.with do |redis| expect(redis).to receive(:hset).with( 'inactive_projects_deletion_warning_email_notified', @@ -70,6 +77,7 @@ expect(::Projects::InactiveProjectsDeletionNotificationWorker).to receive(:perform_async).with( inactive_large_project.id, deletion_date).and_call_original expect(::Projects::DestroyService).not_to receive(:new) + expect(Gitlab::Audit::Auditor).to receive(:audit).with(audit_context).and_call_original expect { worker.perform } .to change { AuditEvent.count }.by(1) @@ -78,24 +86,6 @@ .to eq("Project is scheduled to be deleted on #{deletion_date} due to inactivity.") end - it 'invokes Projects::InactiveProjectsDeletionNotificationWorker for inactive projects & logs with Gitlab Audit' do - Gitlab::Redis::SharedState.with do |redis| - expect(redis).to receive(:hset).with( - 'inactive_projects_deletion_warning_email_notified', - "project:#{inactive_large_project.id}", - Date.current - ) - end - expect(::Projects::InactiveProjectsDeletionNotificationWorker).to receive(:perform_async).with( - inactive_large_project.id, deletion_date).and_call_original - expect(::Projects::DestroyService).not_to receive(:new) - expect(Gitlab::Audit::Auditor).to receive(:audit) - .with(hash_including(message: "Project is scheduled to be deleted on #{deletion_date} due to inactivity.")) - .and_call_original - - worker.perform - end - context 'when adjourned_deletion_for_projects_and_groups feature is not available' do before do stub_licensed_features(adjourned_deletion_for_projects_and_groups: false) -- GitLab