From 7e9d99660d01aa0c79442105147092c3335c7716 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Wed, 5 Jun 2024 16:36:10 +0530 Subject: [PATCH 1/8] Added create and delete apis for instance level namespace filters Changelog: added EE: true --- .rubocop_todo/graphql/graphql_name.yml | 1 + doc/api/graphql/reference/index.md | 65 +++++++ doc/user/compliance/audit_event_types.md | 2 + ee/app/graphql/ee/types/mutation_type.rb | 4 + .../instance/namespace_filters/base.rb | 31 ++++ .../instance/namespace_filters/create.rb | 56 ++++++ .../instance/namespace_filters/delete.rb | 24 +++ .../instance/namespace_filter_type.rb | 26 +++ .../instance/streaming_destination_type.rb | 4 + .../instance/namespace_filter_policy.rb | 9 + .../created_instance_namespace_filter.yml | 9 + .../deleted_instance_namespace_filter.yml | 9 + .../instance/namespace_filter_type_spec.rb | 12 ++ .../streaming_destination_type_spec.rb | 2 +- .../instance/namespace_filters/create_spec.rb | 164 ++++++++++++++++++ .../instance/namespace_filters/delete_spec.rb | 81 +++++++++ 16 files changed, 498 insertions(+), 1 deletion(-) create mode 100644 ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb create mode 100644 ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb create mode 100644 ee/app/graphql/mutations/audit_events/instance/namespace_filters/delete.rb create mode 100644 ee/app/graphql/types/audit_events/instance/namespace_filter_type.rb create mode 100644 ee/app/policies/audit_events/instance/namespace_filter_policy.rb create mode 100644 ee/config/audit_events/types/created_instance_namespace_filter.yml create mode 100644 ee/config/audit_events/types/deleted_instance_namespace_filter.yml create mode 100644 ee/spec/graphql/types/audit_events/instance/namespace_filter_type_spec.rb create mode 100644 ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb create mode 100644 ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb diff --git a/.rubocop_todo/graphql/graphql_name.yml b/.rubocop_todo/graphql/graphql_name.yml index 09aef268ff6990..9a176db206077d 100644 --- a/.rubocop_todo/graphql/graphql_name.yml +++ b/.rubocop_todo/graphql/graphql_name.yml @@ -134,3 +134,4 @@ GraphQL/GraphqlName: - 'ee/app/graphql/types/vulnerability_identifier_input_type.rb' - 'ee/app/graphql/types/vulnerability_scanner_input_type.rb' - 'ee/app/graphql/types/vulnerability_scanner_vendor_input_type.rb' + - 'ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb' diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 5b7e8ec066f733..a02e9bd4225cd3 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -2018,6 +2018,52 @@ Input type: `AuditEventsInstanceDestinationEventsDeleteInput` | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +### `Mutation.auditEventsInstanceDestinationNamespaceFilterCreate` + +DETAILS: +**Introduced** in GitLab 17.1. +**Status**: Experiment. + +Input type: `AuditEventsInstanceDestinationNamespaceFilterCreateInput` + +#### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `destinationId` | [`AuditEventsInstanceExternalStreamingDestinationID!`](#auditeventsinstanceexternalstreamingdestinationid) | Destination ID. | +| `namespacePath` | [`String`](#string) | Full path of the namespace(only project or group). | + +#### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | +| `namespaceFilter` | [`InstanceAuditEventNamespaceFilter`](#instanceauditeventnamespacefilter) | Namespace filter created. | + +### `Mutation.auditEventsInstanceDestinationNamespaceFilterDelete` + +DETAILS: +**Introduced** in GitLab 17.1. +**Status**: Experiment. + +Input type: `AuditEventsInstanceDestinationNamespaceFilterDeleteInput` + +#### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `namespaceFilterId` | [`AuditEventsInstanceNamespaceFilterID!`](#auditeventsinstancenamespacefilterid) | Namespace filter ID. | + +#### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | +| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | + ### `Mutation.auditEventsStreamingDestinationEventsAdd` Input type: `AuditEventsStreamingDestinationEventsAddInput` @@ -23382,6 +23428,18 @@ Stores instance level Amazon S3 configurations for audit event streaming. | `id` | [`ID!`](#id) | ID of the configuration. | | `name` | [`String!`](#string) | Name of the external destination to send audit events to. | +### `InstanceAuditEventNamespaceFilter` + +Represents a subgroup or project filter that belongs to an instance level external audit event streaming destination. + +#### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `externalStreamingDestination` | [`InstanceAuditEventStreamingDestination!`](#instanceauditeventstreamingdestination) | Destination to which the filter belongs. | +| `id` | [`ID!`](#id) | ID of the filter. | +| `namespace` | [`Namespace!`](#namespace) | Group or project namespace the filter belongs to. | + ### `InstanceAuditEventStreamingDestination` Represents an external destination to stream instance level audit events. @@ -23395,6 +23453,7 @@ Represents an external destination to stream instance level audit events. | `eventTypeFilters` | [`[String!]!`](#string) | List of event type filters added for streaming. | | `id` | [`ID!`](#id) | ID of the destination. | | `name` | [`String!`](#string) | Name of the external destination to send audit events to. | +| `namespaceFilters` | [`[InstanceAuditEventNamespaceFilter!]`](#instanceauditeventnamespacefilter) | List of subgroup or project filters for the destination. | ### `InstanceExternalAuditEventDestination` @@ -36254,6 +36313,12 @@ A `AuditEventsInstanceGoogleCloudLoggingConfigurationID` is a global ID. It is e An example `AuditEventsInstanceGoogleCloudLoggingConfigurationID` is: `"gid://gitlab/AuditEvents::Instance::GoogleCloudLoggingConfiguration/1"`. +### `AuditEventsInstanceNamespaceFilterID` + +A `AuditEventsInstanceNamespaceFilterID` is a global ID. It is encoded as a string. + +An example `AuditEventsInstanceNamespaceFilterID` is: `"gid://gitlab/AuditEvents::Instance::NamespaceFilter/1"`. + ### `AuditEventsStreamingHTTPNamespaceFilterID` A `AuditEventsStreamingHTTPNamespaceFilterID` is a global ID. It is encoded as a string. diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 4891f0a5f96fac..50259b19b92339 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -68,10 +68,12 @@ Audit event types belong to the following product categories. | [`created_group_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147888) | Event triggered when an external audit event destination for a top-level group is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436610) | Group | | [`created_group_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150712) | Event triggered when a namespace filter for an external audit event destination for a top-level group is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/436612) | Group | | [`created_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148383) | Event triggered when an external audit event destination for a GitLab instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance | +| [`created_instance_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156) | Event triggered when a namespace filter for an external audit event destination for an instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/436613) | Instance | | [`delete_http_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/136302) | Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/424177) | Group | | [`deleted_group_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148738) | Event triggered when an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436610) | Group | | [`deleted_group_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150712) | Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/436612) | Group | | [`deleted_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14910) | Event triggered when an external audit event destination for a GitLab instance is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance | +| [`deleted_instance_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156) | Event triggered when a namespace filter for an external audit event destination for an instance is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/436613) | Instance | | [`destroy_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74632) | Event triggered when an external audit event destination is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) | Group | | [`destroy_instance_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125846) | Event triggered when an instance level external audit event destination is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.2](https://gitlab.com/gitlab-org/gitlab/-/issues/404730) | Instance | | [`event_type_filters_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/113081) | Event triggered when a new audit events streaming event type filter is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.10](https://gitlab.com/gitlab-org/gitlab/-/issues/344848) | Group | diff --git a/ee/app/graphql/ee/types/mutation_type.rb b/ee/app/graphql/ee/types/mutation_type.rb index a81050499da7ca..e3f5fa10787981 100644 --- a/ee/app/graphql/ee/types/mutation_type.rb +++ b/ee/app/graphql/ee/types/mutation_type.rb @@ -202,6 +202,10 @@ def self.authorization_scopes alpha: { milestone: '17.0' } mount_mutation ::Mutations::AuditEvents::Group::NamespaceFilters::Delete, alpha: { milestone: '17.0' } + mount_mutation ::Mutations::AuditEvents::Instance::NamespaceFilters::Create, + alpha: { milestone: '17.1' } + mount_mutation ::Mutations::AuditEvents::Instance::NamespaceFilters::Delete, + alpha: { milestone: '17.1' } prepend(Types::DeprecatedMutations) end diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb new file mode 100644 index 00000000000000..9dae38dcf89606 --- /dev/null +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Mutations + module AuditEvents + module Instance + module NamespaceFilters + class Base < BaseMutation + authorize :admin_instance_external_audit_events + + private + + def audit(filter, action:) + audit_context = { + name: "#{action}_instance_namespace_filter", + author: current_user, + scope: Gitlab::Audit::InstanceScope.new, + target: filter.external_streaming_destination, + message: "#{action.capitalize} namespace filter for instance audit event streaming destination.", + additional_details: { + destination_name: filter.external_streaming_destination.name, + namespace: filter.namespace.full_path + } + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end + end + end + end + end +end diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb new file mode 100644 index 00000000000000..6646b79ef1b005 --- /dev/null +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: true + +module Mutations + module AuditEvents + module Instance + module NamespaceFilters + class Create < Base + graphql_name 'AuditEventsInstanceDestinationNamespaceFilterCreate' + + argument :destination_id, ::Types::GlobalIDType[::AuditEvents::Instance::ExternalStreamingDestination], + required: true, + description: 'Destination ID.' + + argument :namespace_path, GraphQL::Types::String, + required: false, + description: 'Full path of the namespace(only project or group).' + + field :namespace_filter, ::Types::AuditEvents::Instance::NamespaceFilterType, + null: true, + description: 'Namespace filter created.' + + def resolve(args) + destination = authorized_find!(args[:destination_id]) + + namespace = namespace(args[:namespace_path]) + filter = ::AuditEvents::Instance::NamespaceFilter.new(external_streaming_destination: destination, + namespace: namespace) + + audit(filter, action: :created) if filter.save + { namespace_filter: (filter if filter.persisted?), errors: Array(filter.errors) } + end + + private + + def find_object(destination_id) + ::GitlabSchema.object_from_id(destination_id, + expected_type: ::AuditEvents::Instance::ExternalStreamingDestination) + end + + def namespace(namespace_path) + namespace = Routable.find_by_full_path(namespace_path) + + case namespace + when ::Group + namespace + when ::Project + namespace.project_namespace + else + raise Gitlab::Graphql::Errors::ArgumentError, "namespace_path should be of group or project only." + end + end + end + end + end + end +end diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/delete.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/delete.rb new file mode 100644 index 00000000000000..3e191ff58da7d5 --- /dev/null +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/delete.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module Mutations + module AuditEvents + module Instance + module NamespaceFilters + class Delete < Base + graphql_name 'AuditEventsInstanceDestinationNamespaceFilterDelete' + + argument :namespace_filter_id, ::Types::GlobalIDType[::AuditEvents::Instance::NamespaceFilter], + required: true, + description: 'Namespace filter ID.' + def resolve(namespace_filter_id:) + filter = authorized_find!(id: namespace_filter_id) + + audit(filter, action: :deleted) if filter.destroy + + { namespace_filter: nil, errors: filter.errors } + end + end + end + end + end +end diff --git a/ee/app/graphql/types/audit_events/instance/namespace_filter_type.rb b/ee/app/graphql/types/audit_events/instance/namespace_filter_type.rb new file mode 100644 index 00000000000000..c5f59b6211bce2 --- /dev/null +++ b/ee/app/graphql/types/audit_events/instance/namespace_filter_type.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module Types + module AuditEvents + module Instance + class NamespaceFilterType < ::Types::BaseObject + graphql_name 'InstanceAuditEventNamespaceFilter' + description 'Represents a subgroup or project filter that belongs to ' \ + 'an instance level external audit event streaming destination.' + authorize :admin_instance_external_audit_events + + field :id, GraphQL::Types::ID, + null: false, + description: 'ID of the filter.' + + field :namespace, ::Types::NamespaceType, + null: false, + description: 'Group or project namespace the filter belongs to.' + + field :external_streaming_destination, ::Types::AuditEvents::Instance::StreamingDestinationType, + null: false, + description: 'Destination to which the filter belongs.' + end + end + end +end diff --git a/ee/app/graphql/types/audit_events/instance/streaming_destination_type.rb b/ee/app/graphql/types/audit_events/instance/streaming_destination_type.rb index 6c7e24638cf041..5ec228a3c7658e 100644 --- a/ee/app/graphql/types/audit_events/instance/streaming_destination_type.rb +++ b/ee/app/graphql/types/audit_events/instance/streaming_destination_type.rb @@ -9,6 +9,10 @@ class StreamingDestinationType < ::Types::BaseObject authorize :admin_instance_external_audit_events implements AuditEventStreamingDestinationInterface + + field :namespace_filters, [::Types::AuditEvents::Instance::NamespaceFilterType], + null: true, + description: 'List of subgroup or project filters for the destination.' end end end diff --git a/ee/app/policies/audit_events/instance/namespace_filter_policy.rb b/ee/app/policies/audit_events/instance/namespace_filter_policy.rb new file mode 100644 index 00000000000000..cf829401664ca7 --- /dev/null +++ b/ee/app/policies/audit_events/instance/namespace_filter_policy.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +module AuditEvents + module Instance + class NamespaceFilterPolicy < ::BasePolicy + delegate { :global } + end + end +end diff --git a/ee/config/audit_events/types/created_instance_namespace_filter.yml b/ee/config/audit_events/types/created_instance_namespace_filter.yml new file mode 100644 index 00000000000000..934cb8ea883d7e --- /dev/null +++ b/ee/config/audit_events/types/created_instance_namespace_filter.yml @@ -0,0 +1,9 @@ +name: created_instance_namespace_filter +description: Event triggered when a namespace filter for an external audit event destination for an instance is created. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/436613 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156 +feature_category: audit_events +milestone: "17.1" +saved_to_database: true +streamed: true +scope: [Instance] diff --git a/ee/config/audit_events/types/deleted_instance_namespace_filter.yml b/ee/config/audit_events/types/deleted_instance_namespace_filter.yml new file mode 100644 index 00000000000000..cdba04b6f84a15 --- /dev/null +++ b/ee/config/audit_events/types/deleted_instance_namespace_filter.yml @@ -0,0 +1,9 @@ +name: deleted_instance_namespace_filter +description: Event triggered when a namespace filter for an external audit event destination for an instance is deleted. +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/436613 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156 +feature_category: audit_events +milestone: "17.1" +saved_to_database: true +streamed: true +scope: [Instance] diff --git a/ee/spec/graphql/types/audit_events/instance/namespace_filter_type_spec.rb b/ee/spec/graphql/types/audit_events/instance/namespace_filter_type_spec.rb new file mode 100644 index 00000000000000..d11a0c747ef437 --- /dev/null +++ b/ee/spec/graphql/types/audit_events/instance/namespace_filter_type_spec.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe GitlabSchema.types['InstanceAuditEventNamespaceFilter'], feature_category: :audit_events do + let(:fields) do + %i[id namespace external_streaming_destination] + end + + specify { expect(described_class.graphql_name).to eq('InstanceAuditEventNamespaceFilter') } + specify { expect(described_class).to have_graphql_fields(fields) } +end diff --git a/ee/spec/graphql/types/audit_events/instance/streaming_destination_type_spec.rb b/ee/spec/graphql/types/audit_events/instance/streaming_destination_type_spec.rb index 217ce4eea742b2..2b111b203d4efe 100644 --- a/ee/spec/graphql/types/audit_events/instance/streaming_destination_type_spec.rb +++ b/ee/spec/graphql/types/audit_events/instance/streaming_destination_type_spec.rb @@ -4,7 +4,7 @@ RSpec.describe GitlabSchema.types['InstanceAuditEventStreamingDestination'], feature_category: :audit_events do let(:fields) do - %i[id name category config event_type_filters] + %i[id name category config event_type_filters namespace_filters] end specify { expect(described_class.graphql_name).to eq('InstanceAuditEventStreamingDestination') } diff --git a/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb new file mode 100644 index 00000000000000..3423ddc2b1e268 --- /dev/null +++ b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb @@ -0,0 +1,164 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Create a namespace filter for instance level external audit event destinations', feature_category: :audit_events do + include GraphqlHelpers + + let(:destination) { create(:audit_events_instance_external_streaming_destination) } + let_it_be(:current_user) { create(:user) } + let(:mutation) { graphql_mutation(:audit_events_instance_destination_namespace_filter_create, input) } + let(:mutation_response) { graphql_mutation_response(:audit_events_instance_destination_namespace_filter_create) } + + subject { post_graphql_mutation(mutation, current_user: current_user) } + + shared_examples 'does not create any namespace filter' do + it do + expect { subject }.not_to change { AuditEvents::Instance::NamespaceFilter.count } + + expect(graphql_errors).to include(a_hash_including('message' => error_message)) + expect(mutation_response).to eq(nil) + end + end + + context 'when feature is licensed' do + before do + stub_licensed_features(external_audit_events: true) + end + + context 'when current user is instance admin' do + let(:current_user) { create(:admin) } + + shared_examples 'creation of namespace filters' do + context 'when namespace_path is valid' do + let(:input) do + { + destinationId: destination.to_gid, + namespacePath: namespace.full_path + } + end + + it 'creates a namespace filter', :aggregate_failures do + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(a_hash_including( + name: 'created_instance_namespace_filter', + author: current_user, + scope: an_instance_of(Gitlab::Audit::InstanceScope), + target: destination, + message: "Created namespace filter for instance audit event streaming destination.", + additional_details: { + destination_name: destination.name, + namespace: namespace.full_path + } + )).once.and_call_original + + expect { subject } + .to change { AuditEvent.count }.by(1) + + namespace_filters = destination.namespace_filters + expect(namespace_filters.first.namespace).to eq(namespace) + expect(namespace_filters.first.external_streaming_destination).to eq(destination) + + expect_graphql_errors_to_be_empty + + expect(mutation_response['errors']).to be_empty + expect(mutation_response).to have_key('namespaceFilter') + expect(mutation_response['namespaceFilter']['namespace']['fullPath']).to eq(namespace.full_path) + expect(mutation_response['namespaceFilter']['externalStreamingDestination']['name']) + .to eq(destination.name) + end + + context 'when namespace filter for the given namespace already exists' do + before do + create(:audit_events_streaming_instance_namespace_filters, + external_streaming_destination: destination, + namespace: namespace + ) + end + + it 'returns error' do + expect { subject }.not_to change { AuditEvents::Instance::NamespaceFilter.count } + + expect(mutation_response['errors']).to match_array(['Namespace has already been taken']) + expect(mutation_response['namespaceFilter']).to be nil + end + end + end + + context 'when given namespace path is invalid' do + let(:input) do + { + destinationId: destination.to_gid, + namespace_path: 'invalid_path' + } + end + + it 'returns error' do + expect { subject }.not_to change { AuditEvents::Instance::NamespaceFilter.count } + + expect(graphql_errors) + .to include(a_hash_including('message' => "namespace_path should be of group or project only.")) + expect(mutation_response).to eq(nil) + end + end + end + + context 'when group_path is passed in params' do + it_behaves_like 'creation of namespace filters' do + let_it_be(:namespace) { create(:group) } + end + end + + context 'when project_path is passed in params' do + it_behaves_like 'creation of namespace filters' do + let_it_be(:project) { create(:project, group: create(:group)) } + let_it_be(:namespace) { project.project_namespace } + end + end + + context 'when namespace_path is invalid' do + let(:input) do + { + destinationId: destination.to_gid, + namespace_path: 'invalid_path' + } + end + + let(:error_message) { 'namespace_path should be of group or project only.' } + + it_behaves_like 'does not create any namespace filter' + end + end + + context 'when current user is not instance admin' do + let_it_be(:namespace_group) { create(:group) } + let(:input) do + { + destinationId: destination.to_gid, + namespacePath: namespace_group.full_path + } + end + + let(:error_message) { ::Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR } + + it_behaves_like 'does not create any namespace filter' + end + end + + context 'when feature is unlicensed' do + before do + stub_licensed_features(external_audit_events: false) + end + + let_it_be(:namespace_group) { create(:group) } + let(:input) do + { + destinationId: destination.to_gid, + namespacePath: namespace_group.full_path + } + end + + let(:error_message) { ::Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR } + + it_behaves_like 'does not create any namespace filter' + end +end diff --git a/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb new file mode 100644 index 00000000000000..91b5463efaf655 --- /dev/null +++ b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb @@ -0,0 +1,81 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Delete a namespace filter for group level external audit event destinations', feature_category: :audit_events do + include GraphqlHelpers + + let(:current_user) { create(:user) } + let(:group) { create(:group) } + let(:subgroup) { create(:group, parent: group) } + let(:destination) { create(:audit_events_group_external_streaming_destination, group: group) } + let!(:filter) do + create(:audit_events_streaming_group_namespace_filters, external_streaming_destination: destination, + namespace: subgroup) + end + + let(:mutation) { graphql_mutation(:audit_events_group_destination_namespace_filter_delete, input) } + let(:mutation_response) { graphql_mutation_response(:audit_events_group_destination_namespace_filter_delete) } + + let(:input) do + { namespaceFilterId: filter.to_gid } + end + + subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) } + + shared_examples 'does not delete the namespace filter' do + it do + expect(::Gitlab::Audit::Auditor).not_to receive(:audit) + .with(a_hash_including(name: 'deleted_group_namespace_filter')) + + expect { subject }.not_to change { destination.reload.namespace_filters.count } + end + end + + context 'when feature is licensed' do + before do + stub_licensed_features(external_audit_events: true) + end + + context 'when current user is group owner' do + before do + group.add_owner(current_user) + end + + it 'deletes the filter', :aggregate_failures do + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(a_hash_including( + name: 'deleted_group_namespace_filter', + author: current_user, + scope: group, + target: destination, + message: "Deleted namespace filter for group audit event streaming destination.")) + .once.and_call_original + + expect { mutate }.to change { AuditEvents::Group::NamespaceFilter.count }.by(-1) + + expect(destination.reload.namespace_filters).to be_empty + expect_graphql_errors_to_be_empty + expect(mutation_response['errors']).to be_empty + expect(mutation_response['namespaceFilter']).to be nil + end + end + + context 'when current user is a group maintainer' do + before do + group.add_maintainer(current_user) + end + + it_behaves_like 'does not delete the namespace filter' + end + end + + context 'when feature is not licensed' do + before do + stub_licensed_features(external_audit_events: false) + end + + it_behaves_like 'a mutation on an unauthorized resource' + + it_behaves_like 'does not delete the namespace filter' + end +end -- GitLab From 682997f5851eed9e85b242ba987f9d64ac8b4354 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Thu, 13 Jun 2024 20:11:05 +0530 Subject: [PATCH 2/8] Refactored test cases --- .rubocop_todo/graphql/graphql_name.yml | 1 - .../instance/namespace_filters/base.rb | 2 + .../instance/namespace_filters/create.rb | 4 +- .../instance/namespace_filters/create_spec.rb | 24 ++---- .../instance/namespace_filters/delete_spec.rb | 82 +++++++++---------- 5 files changed, 46 insertions(+), 67 deletions(-) diff --git a/.rubocop_todo/graphql/graphql_name.yml b/.rubocop_todo/graphql/graphql_name.yml index 9a176db206077d..09aef268ff6990 100644 --- a/.rubocop_todo/graphql/graphql_name.yml +++ b/.rubocop_todo/graphql/graphql_name.yml @@ -134,4 +134,3 @@ GraphQL/GraphqlName: - 'ee/app/graphql/types/vulnerability_identifier_input_type.rb' - 'ee/app/graphql/types/vulnerability_scanner_input_type.rb' - 'ee/app/graphql/types/vulnerability_scanner_vendor_input_type.rb' - - 'ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb' diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb index 9dae38dcf89606..baca0b0dde17e7 100644 --- a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb @@ -4,6 +4,7 @@ module Mutations module AuditEvents module Instance module NamespaceFilters + # rubocop:disable Graphql/GraphqlName -- This is a base mutation so name is not needed here class Base < BaseMutation authorize :admin_instance_external_audit_events @@ -29,3 +30,4 @@ def audit(filter, action:) end end end +# rubocop:enable Graphql/GraphqlName diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb index 6646b79ef1b005..6520d0fcacdf91 100644 --- a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb @@ -13,11 +13,11 @@ class Create < Base argument :namespace_path, GraphQL::Types::String, required: false, - description: 'Full path of the namespace(only project or group).' + description: 'Full path of the namespace (only project or group).' field :namespace_filter, ::Types::AuditEvents::Instance::NamespaceFilterType, null: true, - description: 'Namespace filter created.' + description: 'Namespace filter to be created.' def resolve(args) destination = authorized_find!(args[:destination_id]) diff --git a/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb index 3423ddc2b1e268..3b4561fad3414b 100644 --- a/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb +++ b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/create_spec.rb @@ -5,22 +5,13 @@ RSpec.describe 'Create a namespace filter for instance level external audit event destinations', feature_category: :audit_events do include GraphqlHelpers - let(:destination) { create(:audit_events_instance_external_streaming_destination) } + let_it_be(:destination) { create(:audit_events_instance_external_streaming_destination) } let_it_be(:current_user) { create(:user) } let(:mutation) { graphql_mutation(:audit_events_instance_destination_namespace_filter_create, input) } let(:mutation_response) { graphql_mutation_response(:audit_events_instance_destination_namespace_filter_create) } subject { post_graphql_mutation(mutation, current_user: current_user) } - shared_examples 'does not create any namespace filter' do - it do - expect { subject }.not_to change { AuditEvents::Instance::NamespaceFilter.count } - - expect(graphql_errors).to include(a_hash_including('message' => error_message)) - expect(mutation_response).to eq(nil) - end - end - context 'when feature is licensed' do before do stub_licensed_features(external_audit_events: true) @@ -123,9 +114,8 @@ } end - let(:error_message) { 'namespace_path should be of group or project only.' } - - it_behaves_like 'does not create any namespace filter' + it_behaves_like 'a mutation that returns top-level errors', + errors: ['namespace_path should be of group or project only.'] end end @@ -138,9 +128,7 @@ } end - let(:error_message) { ::Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR } - - it_behaves_like 'does not create any namespace filter' + it_behaves_like 'a mutation on an unauthorized resource' end end @@ -157,8 +145,6 @@ } end - let(:error_message) { ::Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR } - - it_behaves_like 'does not create any namespace filter' + it_behaves_like 'a mutation on an unauthorized resource' end end diff --git a/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb index 91b5463efaf655..0bc13f978af494 100644 --- a/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb +++ b/ee/spec/requests/api/graphql/audit_events/instance/namespace_filters/delete_spec.rb @@ -2,20 +2,19 @@ require 'spec_helper' -RSpec.describe 'Delete a namespace filter for group level external audit event destinations', feature_category: :audit_events do +RSpec.describe 'Delete a namespace filter for instance level external audit event destinations', feature_category: :audit_events do include GraphqlHelpers - let(:current_user) { create(:user) } - let(:group) { create(:group) } - let(:subgroup) { create(:group, parent: group) } - let(:destination) { create(:audit_events_group_external_streaming_destination, group: group) } - let!(:filter) do - create(:audit_events_streaming_group_namespace_filters, external_streaming_destination: destination, - namespace: subgroup) + let_it_be(:current_user) { create(:user) } + let_it_be(:group) { create(:group) } + let_it_be(:destination) { create(:audit_events_instance_external_streaming_destination) } + let_it_be(:filter) do + create(:audit_events_streaming_instance_namespace_filters, external_streaming_destination: destination, + namespace: group) end - let(:mutation) { graphql_mutation(:audit_events_group_destination_namespace_filter_delete, input) } - let(:mutation_response) { graphql_mutation_response(:audit_events_group_destination_namespace_filter_delete) } + let(:mutation) { graphql_mutation(:audit_events_instance_destination_namespace_filter_delete, input) } + let(:mutation_response) { graphql_mutation_response(:audit_events_instance_destination_namespace_filter_delete) } let(:input) do { namespaceFilterId: filter.to_gid } @@ -23,49 +22,44 @@ subject(:mutate) { post_graphql_mutation(mutation, current_user: current_user) } - shared_examples 'does not delete the namespace filter' do - it do - expect(::Gitlab::Audit::Auditor).not_to receive(:audit) - .with(a_hash_including(name: 'deleted_group_namespace_filter')) - - expect { subject }.not_to change { destination.reload.namespace_filters.count } - end - end - context 'when feature is licensed' do before do stub_licensed_features(external_audit_events: true) end - context 'when current user is group owner' do - before do - group.add_owner(current_user) + context 'when current user is instance admin' do + let_it_be(:current_user) { create(:admin) } + + context 'when namespace filter id is valid' do + it 'deletes the filter', :aggregate_failures do + expect(::Gitlab::Audit::Auditor).to receive(:audit).with(a_hash_including( + name: 'deleted_instance_namespace_filter', + author: current_user, + scope: an_instance_of(Gitlab::Audit::InstanceScope), + target: destination, + message: "Deleted namespace filter for instance audit event streaming destination.")) + .once.and_call_original + + expect { mutate }.to change { AuditEvents::Instance::NamespaceFilter.count }.by(-1) + + expect(destination.reload.namespace_filters).to be_empty + expect_graphql_errors_to_be_empty + expect(mutation_response['errors']).to be_empty + expect(mutation_response['namespaceFilter']).to be nil + end end - it 'deletes the filter', :aggregate_failures do - expect(::Gitlab::Audit::Auditor).to receive(:audit).with(a_hash_including( - name: 'deleted_group_namespace_filter', - author: current_user, - scope: group, - target: destination, - message: "Deleted namespace filter for group audit event streaming destination.")) - .once.and_call_original - - expect { mutate }.to change { AuditEvents::Group::NamespaceFilter.count }.by(-1) - - expect(destination.reload.namespace_filters).to be_empty - expect_graphql_errors_to_be_empty - expect(mutation_response['errors']).to be_empty - expect(mutation_response['namespaceFilter']).to be nil - end - end + context 'when namespace filter id is invalid' do + let(:input) do + { namespaceFilterId: 'gid://gitlab/AuditEvents::Instance::NamespaceFilter/invalid_id' } + end - context 'when current user is a group maintainer' do - before do - group.add_maintainer(current_user) + it_behaves_like 'a mutation that returns a top-level access error' end + end - it_behaves_like 'does not delete the namespace filter' + context 'when current user is not instance admin' do + it_behaves_like 'a mutation that returns a top-level access error' end end @@ -75,7 +69,5 @@ end it_behaves_like 'a mutation on an unauthorized resource' - - it_behaves_like 'does not delete the namespace filter' end end -- GitLab From 18847647de6fe8a15ea199ea4e62f64b4eb73a5c Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Thu, 13 Jun 2024 20:13:33 +0530 Subject: [PATCH 3/8] Updated graphql docs --- doc/api/graphql/reference/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index a02e9bd4225cd3..a2396c3a8f3777 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -2032,7 +2032,7 @@ Input type: `AuditEventsInstanceDestinationNamespaceFilterCreateInput` | ---- | ---- | ----------- | | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `destinationId` | [`AuditEventsInstanceExternalStreamingDestinationID!`](#auditeventsinstanceexternalstreamingdestinationid) | Destination ID. | -| `namespacePath` | [`String`](#string) | Full path of the namespace(only project or group). | +| `namespacePath` | [`String`](#string) | Full path of the namespace (only project or group). | #### Fields @@ -2040,7 +2040,7 @@ Input type: `AuditEventsInstanceDestinationNamespaceFilterCreateInput` | ---- | ---- | ----------- | | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. | -| `namespaceFilter` | [`InstanceAuditEventNamespaceFilter`](#instanceauditeventnamespacefilter) | Namespace filter created. | +| `namespaceFilter` | [`InstanceAuditEventNamespaceFilter`](#instanceauditeventnamespacefilter) | Namespace filter to be created. | ### `Mutation.auditEventsInstanceDestinationNamespaceFilterDelete` -- GitLab From 1460acf398b00fb6fd19991ff366fade3df0762d Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Fri, 14 Jun 2024 00:16:14 +0530 Subject: [PATCH 4/8] Fixed rubocop offence --- .../mutations/audit_events/instance/namespace_filters/base.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb index baca0b0dde17e7..d1e6df672dd1ce 100644 --- a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/base.rb @@ -4,7 +4,7 @@ module Mutations module AuditEvents module Instance module NamespaceFilters - # rubocop:disable Graphql/GraphqlName -- This is a base mutation so name is not needed here + # rubocop:disable GraphQL/GraphqlName -- This is a base mutation so name is not needed here class Base < BaseMutation authorize :admin_instance_external_audit_events @@ -30,4 +30,4 @@ def audit(filter, action:) end end end -# rubocop:enable Graphql/GraphqlName +# rubocop:enable GraphQL/GraphqlName -- GitLab From 4b11fc5e404e8a136d1552fdb719d4c64f0bb4ae Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Mon, 17 Jun 2024 09:47:11 +0000 Subject: [PATCH 5/8] Adding suggestion from reviewer --- .../mutations/audit_events/instance/namespace_filters/create.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb index 6520d0fcacdf91..b5502aba1005d0 100644 --- a/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb +++ b/ee/app/graphql/mutations/audit_events/instance/namespace_filters/create.rb @@ -13,7 +13,7 @@ class Create < Base argument :namespace_path, GraphQL::Types::String, required: false, - description: 'Full path of the namespace (only project or group).' + description: 'Full path of the namespace. Project or group namespaces only.' field :namespace_filter, ::Types::AuditEvents::Instance::NamespaceFilterType, null: true, -- GitLab From 523bef660c031d72b97a25080fae25679f95d1e5 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Mon, 17 Jun 2024 18:53:59 +0530 Subject: [PATCH 6/8] Adding auto generated graphql docs --- doc/api/graphql/reference/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index a2396c3a8f3777..7947880e38f3f4 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -2032,7 +2032,7 @@ Input type: `AuditEventsInstanceDestinationNamespaceFilterCreateInput` | ---- | ---- | ----------- | | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `destinationId` | [`AuditEventsInstanceExternalStreamingDestinationID!`](#auditeventsinstanceexternalstreamingdestinationid) | Destination ID. | -| `namespacePath` | [`String`](#string) | Full path of the namespace (only project or group). | +| `namespacePath` | [`String`](#string) | Full path of the namespace. Project or group namespaces only. | #### Fields -- GitLab From 821cd66e9f99245c478b380f64acf38613d2a7dd Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Mon, 17 Jun 2024 22:10:19 +0530 Subject: [PATCH 7/8] Upgraded milestone version --- doc/user/compliance/audit_event_types.md | 4 ++-- .../audit_events/types/created_instance_namespace_filter.yml | 2 +- .../audit_events/types/deleted_instance_namespace_filter.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 50259b19b92339..9e06913f6fdf2e 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -68,12 +68,12 @@ Audit event types belong to the following product categories. | [`created_group_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147888) | Event triggered when an external audit event destination for a top-level group is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436610) | Group | | [`created_group_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150712) | Event triggered when a namespace filter for an external audit event destination for a top-level group is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/436612) | Group | | [`created_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148383) | Event triggered when an external audit event destination for a GitLab instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance | -| [`created_instance_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156) | Event triggered when a namespace filter for an external audit event destination for an instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/436613) | Instance | +| [`created_instance_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156) | Event triggered when a namespace filter for an external audit event destination for an instance is created.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.2](https://gitlab.com/gitlab-org/gitlab/-/issues/436613) | Instance | | [`delete_http_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/136302) | Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/424177) | Group | | [`deleted_group_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148738) | Event triggered when an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436610) | Group | | [`deleted_group_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150712) | Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/436612) | Group | | [`deleted_instance_audit_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14910) | Event triggered when an external audit event destination for a GitLab instance is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/436615) | Instance | -| [`deleted_instance_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156) | Event triggered when a namespace filter for an external audit event destination for an instance is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.1](https://gitlab.com/gitlab-org/gitlab/-/issues/436613) | Instance | +| [`deleted_instance_namespace_filter`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156) | Event triggered when a namespace filter for an external audit event destination for an instance is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.2](https://gitlab.com/gitlab-org/gitlab/-/issues/436613) | Instance | | [`destroy_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74632) | Event triggered when an external audit event destination is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) | Group | | [`destroy_instance_event_streaming_destination`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125846) | Event triggered when an instance level external audit event destination is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.2](https://gitlab.com/gitlab-org/gitlab/-/issues/404730) | Instance | | [`event_type_filters_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/113081) | Event triggered when a new audit events streaming event type filter is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.10](https://gitlab.com/gitlab-org/gitlab/-/issues/344848) | Group | diff --git a/ee/config/audit_events/types/created_instance_namespace_filter.yml b/ee/config/audit_events/types/created_instance_namespace_filter.yml index 934cb8ea883d7e..6bdd1249fd7f22 100644 --- a/ee/config/audit_events/types/created_instance_namespace_filter.yml +++ b/ee/config/audit_events/types/created_instance_namespace_filter.yml @@ -3,7 +3,7 @@ description: Event triggered when a namespace filter for an external audit event introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/436613 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156 feature_category: audit_events -milestone: "17.1" +milestone: "17.2" saved_to_database: true streamed: true scope: [Instance] diff --git a/ee/config/audit_events/types/deleted_instance_namespace_filter.yml b/ee/config/audit_events/types/deleted_instance_namespace_filter.yml index cdba04b6f84a15..b437a4295a6f06 100644 --- a/ee/config/audit_events/types/deleted_instance_namespace_filter.yml +++ b/ee/config/audit_events/types/deleted_instance_namespace_filter.yml @@ -3,7 +3,7 @@ description: Event triggered when a namespace filter for an external audit event introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/436613 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153156 feature_category: audit_events -milestone: "17.1" +milestone: "17.2" saved_to_database: true streamed: true scope: [Instance] -- GitLab From 69d8c7ca8b8b91c2d944ff455199c70d777e9362 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Tue, 18 Jun 2024 11:33:06 +0530 Subject: [PATCH 8/8] Upgraded milestone version --- doc/api/graphql/reference/index.md | 4 ++-- ee/app/graphql/ee/types/mutation_type.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 7947880e38f3f4..189f7a4afec7f5 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -2021,7 +2021,7 @@ Input type: `AuditEventsInstanceDestinationEventsDeleteInput` ### `Mutation.auditEventsInstanceDestinationNamespaceFilterCreate` DETAILS: -**Introduced** in GitLab 17.1. +**Introduced** in GitLab 17.2. **Status**: Experiment. Input type: `AuditEventsInstanceDestinationNamespaceFilterCreateInput` @@ -2045,7 +2045,7 @@ Input type: `AuditEventsInstanceDestinationNamespaceFilterCreateInput` ### `Mutation.auditEventsInstanceDestinationNamespaceFilterDelete` DETAILS: -**Introduced** in GitLab 17.1. +**Introduced** in GitLab 17.2. **Status**: Experiment. Input type: `AuditEventsInstanceDestinationNamespaceFilterDeleteInput` diff --git a/ee/app/graphql/ee/types/mutation_type.rb b/ee/app/graphql/ee/types/mutation_type.rb index e3f5fa10787981..9808f7825c37bc 100644 --- a/ee/app/graphql/ee/types/mutation_type.rb +++ b/ee/app/graphql/ee/types/mutation_type.rb @@ -203,9 +203,9 @@ def self.authorization_scopes mount_mutation ::Mutations::AuditEvents::Group::NamespaceFilters::Delete, alpha: { milestone: '17.0' } mount_mutation ::Mutations::AuditEvents::Instance::NamespaceFilters::Create, - alpha: { milestone: '17.1' } + alpha: { milestone: '17.2' } mount_mutation ::Mutations::AuditEvents::Instance::NamespaceFilters::Delete, - alpha: { milestone: '17.1' } + alpha: { milestone: '17.2' } prepend(Types::DeprecatedMutations) end -- GitLab