From 42d9c71bbeefc11be58a0b0fcc0b89771f9b8337 Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Tue, 10 Oct 2023 16:49:45 +0530 Subject: [PATCH 1/5] GraphQL API for deleting audit event streaming amazon_s3_configurations Changelog: added EE: true --- .../audit_event_types.md | 1 + doc/api/graphql/reference/index.md | 18 ++++ ee/app/graphql/ee/types/mutation_type.rb | 1 + .../amazon_s3_configurations/destroy.rb | 35 ++++++++ .../types/amazon_s3_configuration_deleted.yml | 9 ++ .../amazon_s3_configurations/destroy_spec.rb | 83 +++++++++++++++++++ 6 files changed, 147 insertions(+) create mode 100644 ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb create mode 100644 ee/config/audit_events/types/amazon_s3_configuration_deleted.yml create mode 100644 ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index 3b2ae098469300..2d1249e2b6c5e7 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -37,6 +37,7 @@ Audit event types belong to the following product categories. | Name | Description | Saved to database | Streamed | Introduced in | |:-----|:------------|:------------------|:---------|:--------------| | [`amazon_s3_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132443) | Triggered when Amazon S3 configuration for audit events streaming is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423229) | +| [`amazon_s3_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133695) | Triggered when Amazon S3 configuration for audit events streaming is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423229) | | [`amazon_s3_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133691) | Triggered when Amazon S3 configuration for audit events streaming is updated.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423229) | | [`audit_events_streaming_headers_create`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92068) | Triggered when a streaming header for audit events is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) | | [`audit_events_streaming_headers_destroy`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92068) | Triggered when a streaming header for audit events is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) | diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 89957613b6337a..7308c51bbebcc0 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1298,6 +1298,24 @@ Input type: `AmazonS3ConfigurationCreateInput` | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +### `Mutation.amazonS3ConfigurationDestroy` + +Input type: `AmazonS3ConfigurationDestroyInput` + +#### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to destroy. | + +#### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | + ### `Mutation.amazonS3ConfigurationUpdate` Input type: `AmazonS3ConfigurationUpdateInput` diff --git a/ee/app/graphql/ee/types/mutation_type.rb b/ee/app/graphql/ee/types/mutation_type.rb index f086bc24430ef1..6b3e30b4d23bd2 100644 --- a/ee/app/graphql/ee/types/mutation_type.rb +++ b/ee/app/graphql/ee/types/mutation_type.rb @@ -124,6 +124,7 @@ module MutationType mount_mutation ::Mutations::AuditEvents::GoogleCloudLoggingConfigurations::Destroy mount_mutation ::Mutations::AuditEvents::GoogleCloudLoggingConfigurations::Update mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Create + mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Destroy mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Update mount_mutation ::Mutations::AuditEvents::Instance::GoogleCloudLoggingConfigurations::Create mount_mutation ::Mutations::Forecasting::BuildForecast, alpha: { milestone: '16.0' } diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb new file mode 100644 index 00000000000000..314330befd93fb --- /dev/null +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true + +module Mutations + module AuditEvents + module AmazonS3Configurations + class Destroy < Base + graphql_name 'AmazonS3ConfigurationDestroy' + + authorize :admin_external_audit_events + + argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration], + required: true, + description: 'ID of the Amazon S3 configuration to destroy.' + + def resolve(id:) + config = authorized_find!(id) + + if config.destroy + audit(config, action: :deleted) + + { errors: [] } + else + { errors: Array(config.errors) } + end + end + + private + + def find_object(config_gid) + GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration).sync + end + end + end + end +end diff --git a/ee/config/audit_events/types/amazon_s3_configuration_deleted.yml b/ee/config/audit_events/types/amazon_s3_configuration_deleted.yml new file mode 100644 index 00000000000000..400633bdac71a3 --- /dev/null +++ b/ee/config/audit_events/types/amazon_s3_configuration_deleted.yml @@ -0,0 +1,9 @@ +--- +name: amazon_s3_configuration_deleted +description: Triggered when Amazon S3 configuration for audit events streaming is deleted. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/423229 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133695 +feature_category: audit_events +milestone: '16.5' +saved_to_database: true +streamed: true diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb new file mode 100644 index 00000000000000..3855bf776386ec --- /dev/null +++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb @@ -0,0 +1,83 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Destroy Amazon S3 configuration', feature_category: :audit_events do + include GraphqlHelpers + + let_it_be(:config) { create(:amazon_s3_configuration) } + let_it_be(:group) { config.group } + let_it_be(:current_user) { create(:user) } + + let(:mutation) { graphql_mutation(:amazon_s3_configuration_destroy, id: global_id_of(config)) } + let(:mutation_response) { graphql_mutation_response(:amazon_s3_configuration_destroy) } + + subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) } + + context 'when feature is licensed' do + before do + stub_licensed_features(external_audit_events: true) + end + + context 'when current user is a group owner' do + before_all do + group.add_owner(current_user) + end + + it 'destroys the configuration' do + expect { mutate }.to change { AuditEvents::AmazonS3Configuration.count }.by(-1) + end + + context 'when there is an error during destroy' do + before do + allow_next_instance_of(Mutations::AuditEvents::AmazonS3Configurations::Destroy) do |mutation| + allow(mutation).to receive(:authorized_find!).and_return(config) + end + + allow(config).to receive(:destroy).and_return(false) + + errors = ActiveModel::Errors.new(config).tap { |e| e.add(:base, 'error message') } + allow(config).to receive(:errors).and_return(errors) + end + + it 'does not destroy the configuration and returns the error' do + expect { mutate }.not_to change { AuditEvents::AmazonS3Configuration.count } + + expect(mutation_response).to include('errors' => ['error message']) + end + end + end + + context 'when current user is a group maintainer' do + before_all do + group.add_maintainer(current_user) + end + + it_behaves_like 'a mutation on an unauthorized resource' + end + + context 'when current user is a group developer' do + before_all do + group.add_developer(current_user) + end + + it_behaves_like 'a mutation on an unauthorized resource' + end + + context 'when current user is a group guest' do + before_all do + group.add_guest(current_user) + end + + it_behaves_like 'a mutation on an unauthorized resource' + end + end + + context 'when feature is unlicensed' do + before do + stub_licensed_features(external_audit_events: false) + end + + it_behaves_like 'a mutation on an unauthorized resource' + end +end -- GitLab From 00333fddea493cf35a37bcf234fa9b2e14eb6dba Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Wed, 11 Oct 2023 16:32:14 +0530 Subject: [PATCH 2/5] Move common methods to AmazonS3Configurations::Base class --- .../amazon_s3_configurations/base.rb | 6 ++++++ .../amazon_s3_configurations/create.rb | 2 -- .../amazon_s3_configurations/destroy.rb | 17 ++--------------- .../amazon_s3_configurations/update.rb | 6 ------ 4 files changed, 8 insertions(+), 23 deletions(-) diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb index f6c70d16704a31..ed4eca1f0e6f4a 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb @@ -4,6 +4,8 @@ module Mutations module AuditEvents module AmazonS3Configurations class Base < BaseMutation + authorize :admin_external_audit_events + private def audit(config, action:) @@ -18,6 +20,10 @@ def audit(config, action:) ::Gitlab::Audit::Auditor.audit(audit_context) end + + def find_object(config_gid) + GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration).sync + end end end end diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb index 51fd0baa827aa4..bb07e474bebb35 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb @@ -6,8 +6,6 @@ module AmazonS3Configurations class Create < Base graphql_name 'AmazonS3ConfigurationCreate' - authorize :admin_external_audit_events - argument :name, GraphQL::Types::String, required: false, description: 'Destination name.' diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb index 314330befd93fb..eb3d183718e6af 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb @@ -6,8 +6,6 @@ module AmazonS3Configurations class Destroy < Base graphql_name 'AmazonS3ConfigurationDestroy' - authorize :admin_external_audit_events - argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration], required: true, description: 'ID of the Amazon S3 configuration to destroy.' @@ -15,19 +13,8 @@ class Destroy < Base def resolve(id:) config = authorized_find!(id) - if config.destroy - audit(config, action: :deleted) - - { errors: [] } - else - { errors: Array(config.errors) } - end - end - - private - - def find_object(config_gid) - GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration).sync + audit(config, action: :deleted) if config.destroy + { errors: Array(config.errors) } end end end diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb index 8a19466e71a0d3..24846b041f139e 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb @@ -11,8 +11,6 @@ class Update < Base UPDATE_EVENT_NAME = 'amazon_s3_configuration_updated' AUDIT_EVENT_COLUMNS = [:access_key_xid, :secret_access_key, :bucket_name, :aws_region, :name].freeze - authorize :admin_external_audit_events - argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration], required: true, description: 'ID of the Amazon S3 configuration to update.' @@ -72,10 +70,6 @@ def audit_update(config) ) end end - - def find_object(config_gid) - GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration).sync - end end end end -- GitLab From 7a5aa2383f141d3c96620dc7aac7a9ef9f1d30f9 Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Mon, 16 Oct 2023 16:04:32 +0530 Subject: [PATCH 3/5] Update GraphQL name for audit events Amazon S3 configurations --- doc/api/graphql/reference/index.md | 94 +++++++++---------- .../amazon_s3_configurations/base.rb | 2 +- .../amazon_s3_configurations/create.rb | 2 +- .../amazon_s3_configurations/destroy.rb | 2 +- .../amazon_s3_configurations/update.rb | 2 +- .../amazon_s3_configurations/create_spec.rb | 4 +- .../amazon_s3_configurations/destroy_spec.rb | 4 +- .../amazon_s3_configurations/update_spec.rb | 4 +- 8 files changed, 57 insertions(+), 57 deletions(-) diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 7308c51bbebcc0..66a86df322df3e 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1274,112 +1274,112 @@ Input type: `AlertTodoCreateInput` | `issue` | [`Issue`](#issue) | Issue created after mutation. | | `todo` | [`Todo`](#todo) | To-do item after mutation. | -### `Mutation.amazonS3ConfigurationCreate` +### `Mutation.approveDeployment` -Input type: `AmazonS3ConfigurationCreateInput` +Input type: `ApproveDeploymentInput` #### Arguments | Name | Type | Description | | ---- | ---- | ----------- | -| `accessKeyXid` | [`String!`](#string) | Access key ID of the Amazon S3 account. | -| `awsRegion` | [`String!`](#string) | AWS region where the bucket is created. | -| `bucketName` | [`String!`](#string) | Name of the bucket where the audit events would be logged. | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `groupPath` | [`ID!`](#id) | Group path. | -| `name` | [`String`](#string) | Destination name. | -| `secretAccessKey` | [`String!`](#string) | Secret access key of the Amazon S3 account. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `comment` | [`String`](#string) | Comment to go with the approval. | +| `id` | [`DeploymentID!`](#deploymentid) | ID of the deployment. | +| `representedAs` | [`String`](#string) | Name of the User/Group/Role to use for the approval, when the user belongs to multiple approval rules. | +| `status` | [`DeploymentsApprovalStatus!`](#deploymentsapprovalstatus) | Status of the approval (either `APPROVED` or `REJECTED`). | #### Fields | Name | Type | Description | | ---- | ---- | ----------- | -| `amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | configuration created. | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `deploymentApproval` | [`DeploymentApproval!`](#deploymentapproval) | DeploymentApproval after mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | -### `Mutation.amazonS3ConfigurationDestroy` +### `Mutation.artifactDestroy` -Input type: `AmazonS3ConfigurationDestroyInput` +Input type: `ArtifactDestroyInput` #### Arguments | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to destroy. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `id` | [`CiJobArtifactID!`](#cijobartifactid) | ID of the artifact to delete. | #### Fields | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `artifact` | [`CiJobArtifact`](#cijobartifact) | Deleted artifact. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | -### `Mutation.amazonS3ConfigurationUpdate` +### `Mutation.auditEventsAmazonS3ConfigurationCreate` -Input type: `AmazonS3ConfigurationUpdateInput` +Input type: `AuditEventsAmazonS3ConfigurationCreateInput` #### Arguments | Name | Type | Description | | ---- | ---- | ----------- | -| `accessKeyXid` | [`String`](#string) | Access key ID of the Amazon S3 account. | -| `awsRegion` | [`String`](#string) | AWS region where the bucket is created. | -| `bucketName` | [`String`](#string) | Name of the bucket where the audit events would be logged. | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to update. | -| `name` | [`String`](#string) | Destination name. | -| `secretAccessKey` | [`String`](#string) | Secret access key of the Amazon S3 account. | +| `accessKeyXid` | [`String!`](#string) | Access key ID of the Amazon S3 account. | +| `awsRegion` | [`String!`](#string) | AWS region where the bucket is created. | +| `bucketName` | [`String!`](#string) | Name of the bucket where the audit events would be logged. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `groupPath` | [`ID!`](#id) | Group path. | +| `name` | [`String`](#string) | Destination name. | +| `secretAccessKey` | [`String!`](#string) | Secret access key of the Amazon S3 account. | #### Fields | Name | Type | Description | | ---- | ---- | ----------- | -| `amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | Updated Amazon S3 configuration. | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | configuration created. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | -### `Mutation.approveDeployment` +### `Mutation.auditEventsAmazonS3ConfigurationDestroy` -Input type: `ApproveDeploymentInput` +Input type: `AuditEventsAmazonS3ConfigurationDestroyInput` #### Arguments | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `comment` | [`String`](#string) | Comment to go with the approval. | -| `id` | [`DeploymentID!`](#deploymentid) | ID of the deployment. | -| `representedAs` | [`String`](#string) | Name of the User/Group/Role to use for the approval, when the user belongs to multiple approval rules. | -| `status` | [`DeploymentsApprovalStatus!`](#deploymentsapprovalstatus) | Status of the approval (either `APPROVED` or `REJECTED`). | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to destroy. | #### Fields | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `deploymentApproval` | [`DeploymentApproval!`](#deploymentapproval) | DeploymentApproval after mutation. | -| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | -### `Mutation.artifactDestroy` +### `Mutation.auditEventsAmazonS3ConfigurationUpdate` -Input type: `ArtifactDestroyInput` +Input type: `AuditEventsAmazonS3ConfigurationUpdateInput` #### Arguments | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `id` | [`CiJobArtifactID!`](#cijobartifactid) | ID of the artifact to delete. | +| `accessKeyXid` | [`String`](#string) | Access key ID of the Amazon S3 account. | +| `awsRegion` | [`String`](#string) | AWS region where the bucket is created. | +| `bucketName` | [`String`](#string) | Name of the bucket where the audit events would be logged. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to update. | +| `name` | [`String`](#string) | Destination name. | +| `secretAccessKey` | [`String`](#string) | Secret access key of the Amazon S3 account. | #### Fields | Name | Type | Description | | ---- | ---- | ----------- | -| `artifact` | [`CiJobArtifact`](#cijobartifact) | Deleted artifact. | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `amazonS3Configuration` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | Updated Amazon S3 configuration. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | ### `Mutation.auditEventsStreamingDestinationEventsAdd` diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb index ed4eca1f0e6f4a..df6595428ecd0f 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/base.rb @@ -22,7 +22,7 @@ def audit(config, action:) end def find_object(config_gid) - GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration).sync + GitlabSchema.object_from_id(config_gid, expected_type: ::AuditEvents::AmazonS3Configuration) end end end diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb index bb07e474bebb35..37617bc3fb5732 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/create.rb @@ -4,7 +4,7 @@ module Mutations module AuditEvents module AmazonS3Configurations class Create < Base - graphql_name 'AmazonS3ConfigurationCreate' + graphql_name 'AuditEventsAmazonS3ConfigurationCreate' argument :name, GraphQL::Types::String, required: false, diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb index eb3d183718e6af..5413809c97cf69 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb @@ -4,7 +4,7 @@ module Mutations module AuditEvents module AmazonS3Configurations class Destroy < Base - graphql_name 'AmazonS3ConfigurationDestroy' + graphql_name 'AuditEventsAmazonS3ConfigurationDestroy' argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration], required: true, diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb index 24846b041f139e..2002d5d5b4bfa4 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/update.rb @@ -4,7 +4,7 @@ module Mutations module AuditEvents module AmazonS3Configurations class Update < Base - graphql_name 'AmazonS3ConfigurationUpdate' + graphql_name 'AuditEventsAmazonS3ConfigurationUpdate' include ::Audit::Changes diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/create_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/create_spec.rb index dc4508451787e0..a5c1278b34f445 100644 --- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/create_spec.rb +++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/create_spec.rb @@ -13,8 +13,8 @@ let_it_be(:bucket_name) { 'test-bucket' } let_it_be(:aws_region) { 'us-east-1' } - let(:mutation) { graphql_mutation(:amazon_s3_configuration_create, input) } - let(:mutation_response) { graphql_mutation_response(:amazon_s3_configuration_create) } + let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_create, input) } + let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_create) } let(:input) do { diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb index 3855bf776386ec..f10a71467d1de1 100644 --- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb +++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb @@ -9,8 +9,8 @@ let_it_be(:group) { config.group } let_it_be(:current_user) { create(:user) } - let(:mutation) { graphql_mutation(:amazon_s3_configuration_destroy, id: global_id_of(config)) } - let(:mutation_response) { graphql_mutation_response(:amazon_s3_configuration_destroy) } + let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_destroy, id: global_id_of(config)) } + let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_destroy) } subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) } diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/update_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/update_spec.rb index 7e29514846c0d5..d6785b29cc0486 100644 --- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/update_spec.rb +++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/update_spec.rb @@ -16,8 +16,8 @@ let_it_be(:updated_destination_name) { 'updated_destination_name' } let_it_be(:config_gid) { global_id_of(config) } - let(:mutation) { graphql_mutation(:amazon_s3_configuration_update, input) } - let(:mutation_response) { graphql_mutation_response(:amazon_s3_configuration_update) } + let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_update, input) } + let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_update) } let(:input) do { -- GitLab From cae5df9015caef600bd1d2f12ff21d57ac1839ee Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Mon, 16 Oct 2023 17:16:58 +0530 Subject: [PATCH 4/5] Add RSpecs to test that audit event is created on deletion of S3 config --- .../amazon_s3_configurations/destroy_spec.rb | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb index f10a71467d1de1..9171070b3cb9aa 100644 --- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb +++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb @@ -28,16 +28,28 @@ expect { mutate }.to change { AuditEvents::AmazonS3Configuration.count }.by(-1) end + it 'audits the deletion' do + expected_hash = { + name: 'amazon_s3_configuration_deleted', + author: current_user, + scope: group, + target: group, + message: "Deleted Amazon S3 configuration with name: #{config.name} bucket: " \ + "#{config.bucket_name} and AWS region: #{config.aws_region}" + } + + expect(Gitlab::Audit::Auditor).to receive(:audit).with(hash_including(expected_hash)) + + mutate + end + context 'when there is an error during destroy' do before do - allow_next_instance_of(Mutations::AuditEvents::AmazonS3Configurations::Destroy) do |mutation| - allow(mutation).to receive(:authorized_find!).and_return(config) + expect_next_found_instance_of(AuditEvents::AmazonS3Configuration) do |config| + allow(config).to receive(:destroy).and_return(false) + errors = ActiveModel::Errors.new(config).tap { |e| e.add(:base, 'error message') } + allow(config).to receive(:errors).and_return(errors) end - - allow(config).to receive(:destroy).and_return(false) - - errors = ActiveModel::Errors.new(config).tap { |e| e.add(:base, 'error message') } - allow(config).to receive(:errors).and_return(errors) end it 'does not destroy the configuration and returns the error' do -- GitLab From 5192e96e4044f42eb03aee433e74999539c5919f Mon Sep 17 00:00:00 2001 From: huzaifaiftikhar1 Date: Wed, 18 Oct 2023 19:35:13 +0530 Subject: [PATCH 5/5] Rename audit event AWS S3 configuration destroy mutation --- doc/api/graphql/reference/index.md | 12 +++++----- ee/app/graphql/ee/types/mutation_type.rb | 2 +- .../{destroy.rb => delete.rb} | 4 ++-- .../{destroy_spec.rb => delete_spec.rb} | 22 +++---------------- 4 files changed, 12 insertions(+), 28 deletions(-) rename ee/app/graphql/mutations/audit_events/amazon_s3_configurations/{destroy.rb => delete.rb} (84%) rename ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/{destroy_spec.rb => delete_spec.rb} (80%) diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 66a86df322df3e..5e6d47f70718e8 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1339,23 +1339,23 @@ Input type: `AuditEventsAmazonS3ConfigurationCreateInput` | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | -### `Mutation.auditEventsAmazonS3ConfigurationDestroy` +### `Mutation.auditEventsAmazonS3ConfigurationDelete` -Input type: `AuditEventsAmazonS3ConfigurationDestroyInput` +Input type: `AuditEventsAmazonS3ConfigurationDeleteInput` #### Arguments | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to destroy. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `id` | [`AuditEventsAmazonS3ConfigurationID!`](#auditeventsamazons3configurationid) | ID of the Amazon S3 configuration to destroy. | #### Fields | Name | Type | Description | | ---- | ---- | ----------- | -| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | -| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | ### `Mutation.auditEventsAmazonS3ConfigurationUpdate` diff --git a/ee/app/graphql/ee/types/mutation_type.rb b/ee/app/graphql/ee/types/mutation_type.rb index 6b3e30b4d23bd2..6ccbc695caff7c 100644 --- a/ee/app/graphql/ee/types/mutation_type.rb +++ b/ee/app/graphql/ee/types/mutation_type.rb @@ -124,7 +124,7 @@ module MutationType mount_mutation ::Mutations::AuditEvents::GoogleCloudLoggingConfigurations::Destroy mount_mutation ::Mutations::AuditEvents::GoogleCloudLoggingConfigurations::Update mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Create - mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Destroy + mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Delete mount_mutation ::Mutations::AuditEvents::AmazonS3Configurations::Update mount_mutation ::Mutations::AuditEvents::Instance::GoogleCloudLoggingConfigurations::Create mount_mutation ::Mutations::Forecasting::BuildForecast, alpha: { milestone: '16.0' } diff --git a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/delete.rb similarity index 84% rename from ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb rename to ee/app/graphql/mutations/audit_events/amazon_s3_configurations/delete.rb index 5413809c97cf69..395bb0abc0fdaa 100644 --- a/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/destroy.rb +++ b/ee/app/graphql/mutations/audit_events/amazon_s3_configurations/delete.rb @@ -3,8 +3,8 @@ module Mutations module AuditEvents module AmazonS3Configurations - class Destroy < Base - graphql_name 'AuditEventsAmazonS3ConfigurationDestroy' + class Delete < Base + graphql_name 'AuditEventsAmazonS3ConfigurationDelete' argument :id, ::Types::GlobalIDType[::AuditEvents::AmazonS3Configuration], required: true, diff --git a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/delete_spec.rb similarity index 80% rename from ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb rename to ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/delete_spec.rb index 9171070b3cb9aa..a893924f76d891 100644 --- a/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/destroy_spec.rb +++ b/ee/spec/requests/api/graphql/mutations/audit_events/amazon_s3_configurations/delete_spec.rb @@ -2,15 +2,15 @@ require 'spec_helper' -RSpec.describe 'Destroy Amazon S3 configuration', feature_category: :audit_events do +RSpec.describe 'Delete Amazon S3 configuration', feature_category: :audit_events do include GraphqlHelpers let_it_be(:config) { create(:amazon_s3_configuration) } let_it_be(:group) { config.group } let_it_be(:current_user) { create(:user) } - let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_destroy, id: global_id_of(config)) } - let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_destroy) } + let(:mutation) { graphql_mutation(:audit_events_amazon_s3_configuration_delete, id: global_id_of(config)) } + let(:mutation_response) { graphql_mutation_response(:audit_events_amazon_s3_configuration_delete) } subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) } @@ -67,22 +67,6 @@ it_behaves_like 'a mutation on an unauthorized resource' end - - context 'when current user is a group developer' do - before_all do - group.add_developer(current_user) - end - - it_behaves_like 'a mutation on an unauthorized resource' - end - - context 'when current user is a group guest' do - before_all do - group.add_guest(current_user) - end - - it_behaves_like 'a mutation on an unauthorized resource' - end end context 'when feature is unlicensed' do -- GitLab