From f5d5a66e559451a9ae193e30dc460b39b5502cc9 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Wed, 22 May 2024 16:12:20 -0500 Subject: [PATCH 01/13] Create container_repository_deletion_marked audit event Create audit event entries whenever a project's container repository is marked for deletion. This may be initiated by a user request or by automated tasks. Changelog: added EE: true --- .../registry/repositories_controller.rb | 2 + .../registry/repositories_controller.rb | 32 ++++++++++++++ .../container_repository_deletion_marked.yml | 10 +++++ .../registry/repositories_controller_spec.rb | 44 +++++++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 ee/app/controllers/ee/projects/registry/repositories_controller.rb create mode 100644 ee/config/audit_events/types/container_repository_deletion_marked.yml create mode 100644 ee/spec/controllers/projects/registry/repositories_controller_spec.rb diff --git a/app/controllers/projects/registry/repositories_controller.rb b/app/controllers/projects/registry/repositories_controller.rb index 8b020079235db3..9194690ce82569 100644 --- a/app/controllers/projects/registry/repositories_controller.rb +++ b/app/controllers/projects/registry/repositories_controller.rb @@ -57,3 +57,5 @@ def ensure_root_container_repository! end end end + +Projects::Registry::RepositoriesController.prepend_mod diff --git a/ee/app/controllers/ee/projects/registry/repositories_controller.rb b/ee/app/controllers/ee/projects/registry/repositories_controller.rb new file mode 100644 index 00000000000000..55463f51e38477 --- /dev/null +++ b/ee/app/controllers/ee/projects/registry/repositories_controller.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +module EE + module Projects + module Registry + module RepositoriesController + extend ::Gitlab::Utils::Override + + override :destroy + def destroy + super + + audit_destroy_marked_event + end + + private + + def audit_destroy_marked_event + message = "Marked registry repository #{image.id} for deletion via API" + audit_context = { + name: 'container_repository_deletion_marked', + author: current_user || ::Gitlab::Audit::UnauthenticatedAuthor.new, + scope: project, + target: image, + message: message + } + ::Gitlab::Audit::Auditor.audit(audit_context) + end + end + end + end +end diff --git a/ee/config/audit_events/types/container_repository_deletion_marked.yml b/ee/config/audit_events/types/container_repository_deletion_marked.yml new file mode 100644 index 00000000000000..49eec1c59aea77 --- /dev/null +++ b/ee/config/audit_events/types/container_repository_deletion_marked.yml @@ -0,0 +1,10 @@ +--- +name: container_repository_deletion_marked +description: Triggered when a project's container repository is marked for deletion +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/362290 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152967 +feature_category: container_registry +milestone: '17.1' +saved_to_database: true +streamed: true +scope: [Project] diff --git a/ee/spec/controllers/projects/registry/repositories_controller_spec.rb b/ee/spec/controllers/projects/registry/repositories_controller_spec.rb new file mode 100644 index 00000000000000..141137d8d8997a --- /dev/null +++ b/ee/spec/controllers/projects/registry/repositories_controller_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Projects::Registry::RepositoriesController, feature_category: :container_registry do + let_it_be(:group) { create(:group) } + let_it_be(:project) { create(:project, :repository, group: group) } + let_it_be(:user) { create(:user) } + let_it_be(:repository) { create(:container_repository, :root, project: project) } + + describe '#destroy' do + before_all do + project.add_maintainer(user) + end + + before do + sign_in(user) + + stub_container_registry_config(enabled: true) + stub_container_registry_info + + stub_licensed_features(external_audit_events: true) + group.external_audit_event_destinations.create!(destination_url: 'http://example.com') + end + + subject(:destroy_repo) do + delete :destroy, params: { + namespace_id: project.namespace, project_id: project, id: repository + }, format: :json + end + + it 'creates an audit event' do + expected_message = "Marked registry repository #{repository.id} for deletion via API" + + expect { destroy_repo }.to change { AuditEvent.count }.by(1) + + expect(AuditEvent.last.details[:custom_message]).to eq(expected_message) + end + + it_behaves_like 'sends correct event type in audit event stream' do + let_it_be(:event_type) { 'container_repository_deletion_marked' } + end + end +end -- GitLab From ffbc8900b2a41b83a8823b36a58a061fb6559143 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Mon, 27 May 2024 23:22:22 -0500 Subject: [PATCH 02/13] Audit container repository marked for deletion via GraphQL --- .../mutations/container_repositories/destroy.rb | 17 +++++++++++++++++ .../container_repositories/destroy_spec.rb | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/app/graphql/mutations/container_repositories/destroy.rb b/app/graphql/mutations/container_repositories/destroy.rb index af9285ef3ff7da..da6aaabb265ecf 100644 --- a/app/graphql/mutations/container_repositories/destroy.rb +++ b/app/graphql/mutations/container_repositories/destroy.rb @@ -22,6 +22,8 @@ def resolve(id:) container_repository.delete_scheduled! + audit_destroy(container_repository) + track_event(:delete_repository, :container) { @@ -29,6 +31,21 @@ def resolve(id:) errors: [] } end + + private + + def audit_destroy(repository) + message = "Marked registry repository #{repository.id} for deletion via GraphQL" + context = { + name: 'container_repository_deletion_marked', + author: current_user, + scope: repository.project, + target: repository, + message: message + } + + ::Gitlab::Audit::Auditor.audit(context) + end end end end diff --git a/spec/graphql/mutations/container_repositories/destroy_spec.rb b/spec/graphql/mutations/container_repositories/destroy_spec.rb index b49751985ecacb..ecc87f18d001db 100644 --- a/spec/graphql/mutations/container_repositories/destroy_spec.rb +++ b/spec/graphql/mutations/container_repositories/destroy_spec.rb @@ -24,6 +24,10 @@ expect(::Packages::CreateEventService) .to receive(:new).with(nil, user, event_name: :delete_repository, scope: :container).and_call_original + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including({ + name: 'container_repository_deletion_marked' + })).and_call_original + subject expect(container_repository.reload.delete_scheduled?).to be true end -- GitLab From 99550a0e8f70e0624699112c8eb4579c4c0ef829 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 28 May 2024 01:26:19 -0500 Subject: [PATCH 03/13] Audit container repository deletion marked via API --- .../mutations/container_repositories/destroy.rb | 2 +- .../ee/projects/registry/repositories_controller.rb | 2 +- lib/api/project_container_repositories.rb | 8 ++++++++ .../api/project_container_repositories_spec.rb | 11 +++++++++++ 4 files changed, 21 insertions(+), 2 deletions(-) diff --git a/app/graphql/mutations/container_repositories/destroy.rb b/app/graphql/mutations/container_repositories/destroy.rb index da6aaabb265ecf..87d5338d8bb183 100644 --- a/app/graphql/mutations/container_repositories/destroy.rb +++ b/app/graphql/mutations/container_repositories/destroy.rb @@ -35,7 +35,7 @@ def resolve(id:) private def audit_destroy(repository) - message = "Marked registry repository #{repository.id} for deletion via GraphQL" + message = "Marked container repository #{repository.id} for deletion via GraphQL" context = { name: 'container_repository_deletion_marked', author: current_user, diff --git a/ee/app/controllers/ee/projects/registry/repositories_controller.rb b/ee/app/controllers/ee/projects/registry/repositories_controller.rb index 55463f51e38477..68484f9998be54 100644 --- a/ee/app/controllers/ee/projects/registry/repositories_controller.rb +++ b/ee/app/controllers/ee/projects/registry/repositories_controller.rb @@ -16,7 +16,7 @@ def destroy private def audit_destroy_marked_event - message = "Marked registry repository #{image.id} for deletion via API" + message = "Marked container repository #{image.id} for deletion via API" audit_context = { name: 'container_repository_deletion_marked', author: current_user || ::Gitlab::Audit::UnauthenticatedAuthor.new, diff --git a/lib/api/project_container_repositories.rb b/lib/api/project_container_repositories.rb index db112c54673490..b40eed526abfba 100644 --- a/lib/api/project_container_repositories.rb +++ b/lib/api/project_container_repositories.rb @@ -63,6 +63,14 @@ class ProjectContainerRepositories < ::API::Base authorize_admin_container_image! repository.delete_scheduled! + ::Gitlab::Audit::Auditor.audit({ + name: 'container_repository_deletion_marked', + author: current_user, + scope: repository.project, + target: repository, + message: "Marked container repository #{repository.id} for deletion via API" + }) + track_package_event('delete_repository', :container, project: user_project, namespace: user_project.namespace) status :accepted diff --git a/spec/requests/api/project_container_repositories_spec.rb b/spec/requests/api/project_container_repositories_spec.rb index 3588196e9d875e..1ddf6c87ec0fc6 100644 --- a/spec/requests/api/project_container_repositories_spec.rb +++ b/spec/requests/api/project_container_repositories_spec.rb @@ -113,6 +113,17 @@ it_behaves_like 'rejected container repository access', :anonymous, :not_found it_behaves_like 'a package tracking event', described_class.name, 'delete_repository' + it 'creates audit event' do + # Stub .audit here so that only relevant audit events are received below + allow(::Gitlab::Audit::Auditor).to receive(:audit) + + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including({ + name: 'container_repository_deletion_marked' + })).and_call_original + + subject + end + context 'for maintainer' do let(:api_user) { maintainer } -- GitLab From bea43df6bacbd896008e89c42a1c8f0f466940bc Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 28 May 2024 14:04:53 -0500 Subject: [PATCH 04/13] Add container_repository_deleted audit event type --- .../delete_container_repository_worker.rb | 8 +++ .../delete_container_repository_worker.rb | 24 +++++++++ .../types/container_repository_deleted.yml | 10 ++++ ...delete_container_repository_worker_spec.rb | 50 +++++++++++++++++++ 4 files changed, 92 insertions(+) create mode 100644 ee/app/workers/ee/container_registry/delete_container_repository_worker.rb create mode 100644 ee/config/audit_events/types/container_repository_deleted.yml create mode 100644 ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb diff --git a/app/workers/container_registry/delete_container_repository_worker.rb b/app/workers/container_registry/delete_container_repository_worker.rb index d6ecd836ed2081..95808bd6bbc84e 100644 --- a/app/workers/container_registry/delete_container_repository_worker.rb +++ b/app/workers/container_registry/delete_container_repository_worker.rb @@ -32,6 +32,8 @@ def perform_work end next_container_repository.destroy! + + audit_event(next_container_repository) rescue StandardError => exception next_container_repository&.set_delete_scheduled_status @@ -78,5 +80,11 @@ def log_delete_tags_service_result(container_repository, delete_tags_service_res ) ) end + + def audit_event(repository) + # defined in EE + end end end + +ContainerRegistry::DeleteContainerRepositoryWorker.prepend_mod diff --git a/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb b/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb new file mode 100644 index 00000000000000..390f814facb85e --- /dev/null +++ b/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module EE + module ContainerRegistry + module DeleteContainerRepositoryWorker + extend ::Gitlab::Utils::Override + + private + + override :audit_event + def audit_event(repository) + audit_context = { + name: "container_repository_deleted", + author: ::Gitlab::Audit::UnauthenticatedAuthor.new, + scope: repository.project, + target: repository, + message: "Container repository #{repository.id} deleted by worker" + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end + end + end +end diff --git a/ee/config/audit_events/types/container_repository_deleted.yml b/ee/config/audit_events/types/container_repository_deleted.yml new file mode 100644 index 00000000000000..31208c3c4ef64d --- /dev/null +++ b/ee/config/audit_events/types/container_repository_deleted.yml @@ -0,0 +1,10 @@ +--- +name: container_repository_deleted +description: Triggered when a project's container registry is deleted +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/362290 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152967 +feature_category: container_registry +milestone: '17.1' +saved_to_database: true +streamed: true +scope: [Project] \ No newline at end of file diff --git a/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb b/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb new file mode 100644 index 00000000000000..c86c816215240b --- /dev/null +++ b/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ContainerRegistry::DeleteContainerRepositoryWorker, :aggregate_failures, feature_category: :container_registry do + let_it_be_with_reload(:container_repository) { create(:container_repository) } + + let(:worker) { described_class.new } + + before do + stub_container_registry_config(enabled: true) + + stub_container_registry_tags( + repository: container_repository.path, + tags: [] + ) + end + + describe '#perform_work' do + before do + container_repository.delete_scheduled! + end + + include_examples 'audit event logging' do + let(:operation) { worker.perform_work } + let(:event_type) { 'container_repository_deleted' } + let(:fail_condition!) do + allow(ContainerRepository).to receive(:next_pending_destruction).and_return(nil) + end + + let(:author) { ::Gitlab::Audit::UnauthenticatedAuthor.new } + + let(:attributes) do + { + author_id: author.id, + entity_id: container_repository.project.id, + entity_type: 'Project', + details: { + author_class: author.class.to_s, + author_name: author.name, + custom_message: "Container repository #{container_repository.id} deleted by worker", + target_details: container_repository.name, + target_id: container_repository.id, + target_type: container_repository.class.to_s + } + } + end + end + end +end -- GitLab From 4636563a0c67d286b96916b3eddbc713ad5ea75d Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 28 May 2024 14:15:48 -0500 Subject: [PATCH 05/13] Update audit event docs in new correct location --- doc/user/compliance/audit_event_types.md | 7 +++++++ .../projects/registry/repositories_controller_spec.rb | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index d42185b7c18bd0..29372182a2888a 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -184,6 +184,13 @@ Audit event types belong to the following product categories. | [`update_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | Triggered when a compliance framework is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group | | [`update_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | Event triggered when an external status check is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project | +### Container registry + +| Name | Description | Saved to database | Streamed | Introduced in | Scope | +|:------------|:------------|:------------------|:---------|:--------------|:--------------| +| [`container_repository_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152967) | Triggered when a project's container registry is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/362290) | Project | +| [`container_repository_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152967) | Triggered when a project's container repository is marked for deletion| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/362290) | Project | + ### Continuous delivery | Name | Description | Saved to database | Streamed | Introduced in | Scope | diff --git a/ee/spec/controllers/projects/registry/repositories_controller_spec.rb b/ee/spec/controllers/projects/registry/repositories_controller_spec.rb index 141137d8d8997a..6e8691206c3817 100644 --- a/ee/spec/controllers/projects/registry/repositories_controller_spec.rb +++ b/ee/spec/controllers/projects/registry/repositories_controller_spec.rb @@ -30,7 +30,7 @@ end it 'creates an audit event' do - expected_message = "Marked registry repository #{repository.id} for deletion via API" + expected_message = "Marked container repository #{repository.id} for deletion via API" expect { destroy_repo }.to change { AuditEvent.count }.by(1) -- GitLab From 948830caf245b278a125d3b4652f9610bd84af18 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Wed, 29 May 2024 15:38:09 -0500 Subject: [PATCH 06/13] Move Mutations::ContainerRepositories::Destroy audit spec into EE --- .../container_repositories/destroy.rb | 19 ++----- .../container_repositories/destroy.rb | 27 ++++++++++ .../container_repositories/destroy_spec.rb | 49 +++++++++++++++++++ 3 files changed, 81 insertions(+), 14 deletions(-) create mode 100644 ee/app/graphql/ee/mutations/container_repositories/destroy.rb create mode 100644 ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb diff --git a/app/graphql/mutations/container_repositories/destroy.rb b/app/graphql/mutations/container_repositories/destroy.rb index 87d5338d8bb183..a1ee8188fa6a61 100644 --- a/app/graphql/mutations/container_repositories/destroy.rb +++ b/app/graphql/mutations/container_repositories/destroy.rb @@ -20,9 +20,7 @@ class Destroy < ::Mutations::ContainerRepositories::DestroyBase def resolve(id:) container_repository = authorized_find!(id: id) - container_repository.delete_scheduled! - - audit_destroy(container_repository) + container_repository.delete_scheduled! && audit_event(container_repository) track_event(:delete_repository, :container) @@ -34,18 +32,11 @@ def resolve(id:) private - def audit_destroy(repository) - message = "Marked container repository #{repository.id} for deletion via GraphQL" - context = { - name: 'container_repository_deletion_marked', - author: current_user, - scope: repository.project, - target: repository, - message: message - } - - ::Gitlab::Audit::Auditor.audit(context) + def audit_event(repository) + # defined in EE end end end end + +Mutations::ContainerRepositories::Destroy.prepend_mod diff --git a/ee/app/graphql/ee/mutations/container_repositories/destroy.rb b/ee/app/graphql/ee/mutations/container_repositories/destroy.rb new file mode 100644 index 00000000000000..fd5e8692e6314a --- /dev/null +++ b/ee/app/graphql/ee/mutations/container_repositories/destroy.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +module EE + module Mutations + module ContainerRepositories # rubocop:disable Gitlab/BoundedContexts -- fix in FOSS class + module Destroy + extend ::Gitlab::Utils::Override + + private + + override :audit_event + def audit_event(repository) + message = "Marked container repository #{repository.id} for deletion via GraphQL" + context = { + name: 'container_repository_deletion_marked', + author: current_user, + scope: repository.project, + target: repository, + message: message + } + + ::Gitlab::Audit::Auditor.audit(context) + end + end + end + end +end diff --git a/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb b/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb new file mode 100644 index 00000000000000..e330d5847083e9 --- /dev/null +++ b/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Mutations::ContainerRepositories::Destroy, feature_category: :container_registry do + using RSpec::Parameterized::TableSyntax + + let_it_be_with_reload(:container_repository) { create(:container_repository) } + let_it_be(:user) { create(:user) } + + describe '#resolve' do + subject do + described_class.new(object: nil, context: { current_user: user }, field: nil) + .resolve(id: container_repository.to_global_id) + end + + before do + container_repository.project.send(:add_maintainer, user) + end + + include_examples 'audit event logging' do + let(:operation) { subject } + let(:event_type) { 'container_repository_deletion_marked' } + let(:fail_condition!) do + # rubocop:disable RSpec/AnyInstanceOf -- not next instance + allow_any_instance_of(ContainerRepository).to receive(:delete_scheduled!).and_return(false) + # rubocop:enable RSpec/AnyInstanceOf + end + + let(:author) { user } + + let(:attributes) do + { + author_id: author.id, + entity_id: container_repository.project.id, + entity_type: 'Project', + details: { + author_class: author.class.to_s, + author_name: author.name, + custom_message: "Marked container repository #{container_repository.id} for deletion via GraphQL", + target_details: container_repository.name, + target_id: container_repository.id, + target_type: container_repository.class.to_s + } + } + end + end + end +end -- GitLab From 7c03a8adb9df04d9adbf62abbccf2bc2d4e993f1 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Fri, 31 May 2024 00:18:52 -0500 Subject: [PATCH 07/13] Add event name to audit specs --- .../graphql/ee/mutations/container_repositories/destroy_spec.rb | 1 + .../delete_container_repository_worker_spec.rb | 1 + 2 files changed, 2 insertions(+) diff --git a/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb b/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb index e330d5847083e9..1d78af8406be59 100644 --- a/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb +++ b/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb @@ -35,6 +35,7 @@ entity_id: container_repository.project.id, entity_type: 'Project', details: { + event_name: "container_repository_deletion_marked", author_class: author.class.to_s, author_name: author.name, custom_message: "Marked container repository #{container_repository.id} for deletion via GraphQL", diff --git a/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb b/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb index c86c816215240b..286bb7d05c082f 100644 --- a/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb +++ b/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb @@ -36,6 +36,7 @@ entity_id: container_repository.project.id, entity_type: 'Project', details: { + event_name: "container_repository_deleted", author_class: author.class.to_s, author_name: author.name, custom_message: "Container repository #{container_repository.id} deleted by worker", -- GitLab From 0dd53060b7bf1bbbb5151b583b6159d714c302d0 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Fri, 31 May 2024 16:29:58 +0000 Subject: [PATCH 08/13] Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Hitesh Raghuvanshi --- .../ee/container_registry/delete_container_repository_worker.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb b/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb index 390f814facb85e..989cc4efb83849 100644 --- a/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb +++ b/ee/app/workers/ee/container_registry/delete_container_repository_worker.rb @@ -11,7 +11,7 @@ module DeleteContainerRepositoryWorker def audit_event(repository) audit_context = { name: "container_repository_deleted", - author: ::Gitlab::Audit::UnauthenticatedAuthor.new, + author: ::Gitlab::Audit::UnauthenticatedAuthor.new(name: '(System)'), scope: repository.project, target: repository, message: "Container repository #{repository.id} deleted by worker" -- GitLab From b908a1b4cd85f892b2e2a5cf4f21388110f1f4d0 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Fri, 31 May 2024 15:46:20 -0500 Subject: [PATCH 09/13] Update audit author name in spec --- .../delete_container_repository_worker_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb b/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb index 286bb7d05c082f..8a74bcef27e927 100644 --- a/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb +++ b/ee/spec/workers/ee/container_registry/delete_container_repository_worker_spec.rb @@ -28,7 +28,7 @@ allow(ContainerRepository).to receive(:next_pending_destruction).and_return(nil) end - let(:author) { ::Gitlab::Audit::UnauthenticatedAuthor.new } + let(:author) { ::Gitlab::Audit::UnauthenticatedAuthor.new(name: '(System)') } let(:attributes) do { -- GitLab From 60f8824199b2f46a14a338e9f86fd5cbff806776 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 4 Jun 2024 03:37:16 -0500 Subject: [PATCH 10/13] Roll back auditing API repository delete --- lib/api/project_container_repositories.rb | 8 -------- .../api/project_container_repositories_spec.rb | 11 ----------- 2 files changed, 19 deletions(-) diff --git a/lib/api/project_container_repositories.rb b/lib/api/project_container_repositories.rb index b40eed526abfba..db112c54673490 100644 --- a/lib/api/project_container_repositories.rb +++ b/lib/api/project_container_repositories.rb @@ -63,14 +63,6 @@ class ProjectContainerRepositories < ::API::Base authorize_admin_container_image! repository.delete_scheduled! - ::Gitlab::Audit::Auditor.audit({ - name: 'container_repository_deletion_marked', - author: current_user, - scope: repository.project, - target: repository, - message: "Marked container repository #{repository.id} for deletion via API" - }) - track_package_event('delete_repository', :container, project: user_project, namespace: user_project.namespace) status :accepted diff --git a/spec/requests/api/project_container_repositories_spec.rb b/spec/requests/api/project_container_repositories_spec.rb index 1ddf6c87ec0fc6..3588196e9d875e 100644 --- a/spec/requests/api/project_container_repositories_spec.rb +++ b/spec/requests/api/project_container_repositories_spec.rb @@ -113,17 +113,6 @@ it_behaves_like 'rejected container repository access', :anonymous, :not_found it_behaves_like 'a package tracking event', described_class.name, 'delete_repository' - it 'creates audit event' do - # Stub .audit here so that only relevant audit events are received below - allow(::Gitlab::Audit::Auditor).to receive(:audit) - - expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including({ - name: 'container_repository_deletion_marked' - })).and_call_original - - subject - end - context 'for maintainer' do let(:api_user) { maintainer } -- GitLab From cfecac14e1d70b25e6101a5181e9d96e31a7c538 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 4 Jun 2024 07:28:58 -0500 Subject: [PATCH 11/13] Remove audit check from CE spec --- spec/graphql/mutations/container_repositories/destroy_spec.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/graphql/mutations/container_repositories/destroy_spec.rb b/spec/graphql/mutations/container_repositories/destroy_spec.rb index ecc87f18d001db..b49751985ecacb 100644 --- a/spec/graphql/mutations/container_repositories/destroy_spec.rb +++ b/spec/graphql/mutations/container_repositories/destroy_spec.rb @@ -24,10 +24,6 @@ expect(::Packages::CreateEventService) .to receive(:new).with(nil, user, event_name: :delete_repository, scope: :container).and_call_original - expect(::Gitlab::Audit::Auditor).to receive(:audit).with(hash_including({ - name: 'container_repository_deletion_marked' - })).and_call_original - subject expect(container_repository.reload.delete_scheduled?).to be true end -- GitLab From c39a299b5f86cc718e0d22af669ab99d9bb1d4cb Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Tue, 11 Jun 2024 08:33:55 -0500 Subject: [PATCH 12/13] Formatting fixes --- .../controllers/ee/projects/registry/repositories_controller.rb | 2 +- ee/app/graphql/ee/mutations/container_repositories/destroy.rb | 2 +- ee/config/audit_events/types/container_repository_deleted.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ee/app/controllers/ee/projects/registry/repositories_controller.rb b/ee/app/controllers/ee/projects/registry/repositories_controller.rb index 68484f9998be54..dcd83d0bb77298 100644 --- a/ee/app/controllers/ee/projects/registry/repositories_controller.rb +++ b/ee/app/controllers/ee/projects/registry/repositories_controller.rb @@ -16,7 +16,7 @@ def destroy private def audit_destroy_marked_event - message = "Marked container repository #{image.id} for deletion via API" + message = "Marked container repository #{image.id} for deletion" audit_context = { name: 'container_repository_deletion_marked', author: current_user || ::Gitlab::Audit::UnauthenticatedAuthor.new, diff --git a/ee/app/graphql/ee/mutations/container_repositories/destroy.rb b/ee/app/graphql/ee/mutations/container_repositories/destroy.rb index fd5e8692e6314a..7f46a94d283730 100644 --- a/ee/app/graphql/ee/mutations/container_repositories/destroy.rb +++ b/ee/app/graphql/ee/mutations/container_repositories/destroy.rb @@ -10,7 +10,7 @@ module Destroy override :audit_event def audit_event(repository) - message = "Marked container repository #{repository.id} for deletion via GraphQL" + message = "Marked container repository #{repository.id} for deletion" context = { name: 'container_repository_deletion_marked', author: current_user, diff --git a/ee/config/audit_events/types/container_repository_deleted.yml b/ee/config/audit_events/types/container_repository_deleted.yml index 31208c3c4ef64d..3a709a13945b3b 100644 --- a/ee/config/audit_events/types/container_repository_deleted.yml +++ b/ee/config/audit_events/types/container_repository_deleted.yml @@ -7,4 +7,4 @@ feature_category: container_registry milestone: '17.1' saved_to_database: true streamed: true -scope: [Project] \ No newline at end of file +scope: [Project] -- GitLab From b461bd5e65aa2d61aa2064b771baa05f00bb0ab9 Mon Sep 17 00:00:00 2001 From: Aaron Huntsman Date: Wed, 12 Jun 2024 21:41:24 +0000 Subject: [PATCH 13/13] Apply 2 suggestion(s) to 2 file(s) Co-authored-by: Huzaifa Iftikhar --- .../projects/registry/repositories_controller_spec.rb | 2 +- .../graphql/ee/mutations/container_repositories/destroy_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/spec/controllers/projects/registry/repositories_controller_spec.rb b/ee/spec/controllers/projects/registry/repositories_controller_spec.rb index 6e8691206c3817..9259a4204df443 100644 --- a/ee/spec/controllers/projects/registry/repositories_controller_spec.rb +++ b/ee/spec/controllers/projects/registry/repositories_controller_spec.rb @@ -30,7 +30,7 @@ end it 'creates an audit event' do - expected_message = "Marked container repository #{repository.id} for deletion via API" + expected_message = "Marked container repository #{repository.id} for deletion" expect { destroy_repo }.to change { AuditEvent.count }.by(1) diff --git a/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb b/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb index 1d78af8406be59..cc5a0586a8a1cd 100644 --- a/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb +++ b/ee/spec/graphql/ee/mutations/container_repositories/destroy_spec.rb @@ -38,7 +38,7 @@ event_name: "container_repository_deletion_marked", author_class: author.class.to_s, author_name: author.name, - custom_message: "Marked container repository #{container_repository.id} for deletion via GraphQL", + custom_message: "Marked container repository #{container_repository.id} for deletion", target_details: container_repository.name, target_id: container_repository.id, target_type: container_repository.class.to_s -- GitLab