From 71afb2eab9d45cb511efaad611a6f96de75e8538 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Fri, 30 Aug 2024 21:53:44 +0530 Subject: [PATCH 01/13] Audit when job token is used for authentication This commit adds audit event when a job token is used for authentication EE: true Changelog: added --- .../user_authenticated_using_job_token.yml | 10 ++++ ee/lib/ee/gitlab/auth/auth_finders.rb | 27 ++++++++++ .../lib/ee/gitlab/auth/auth_finders_spec.rb | 50 ++++++++++++++++++- 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 config/audit_events/types/user_authenticated_using_job_token.yml diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/config/audit_events/types/user_authenticated_using_job_token.yml new file mode 100644 index 00000000000000..6ffcfac98bafd4 --- /dev/null +++ b/config/audit_events/types/user_authenticated_using_job_token.yml @@ -0,0 +1,10 @@ +--- +name: user_authenticated_using_job_token +description: Audit event triggered when a user is authenticated using job token +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/481325 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060 +feature_category: compliance_management +milestone: '17.3' +saved_to_database: true +streamed: true +scope: [Instance] diff --git a/ee/lib/ee/gitlab/auth/auth_finders.rb b/ee/lib/ee/gitlab/auth/auth_finders.rb index 17ddfad5d7cb5c..12ae2ee2c658ff 100644 --- a/ee/lib/ee/gitlab/auth/auth_finders.rb +++ b/ee/lib/ee/gitlab/auth/auth_finders.rb @@ -55,6 +55,33 @@ def scim_request? def geo_api_request? current_request.path.starts_with?("/api/#{::API::API.version}/geo/") end + + override :find_user_from_job_token + def find_user_from_job_token + user = super + return unless user + + audit_job_token_authentication(user) + + user + end + + private + + def audit_job_token_authentication(user) + # rubocop:disable Gitlab/ModuleWithInstanceVariables -- Already used in super + audit_context = { + name: "user_authenticated_using_job_token", + stream_only: true, + author: user, + scope: @current_authenticated_job.project, + target: user, + message: "#{user.name} authenticated using job token of job id: #{@current_authenticated_job.id}" + } + # rubocop:enable Gitlab/ModuleWithInstanceVariables + + ::Gitlab::Audit::Auditor.audit(audit_context) + end end end end diff --git a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb index 9d5fb18ed315d1..a1c257587c90b0 100644 --- a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb +++ b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb @@ -7,13 +7,16 @@ include ::EE::GeoHelpers let(:request) { ActionDispatch::Request.new(env) } + let_it_be(:user) { create(:user) } let(:env) do { 'rack.input' => '' } end - let_it_be(:user) { create(:user) } + def set_header(key, value) + env[key] = value + end describe '#find_user_from_geo_token' do subject { find_user_from_geo_token } @@ -214,4 +217,49 @@ end end end + + describe '#find_user_from_job_token', :request_store do + let(:project) { create(:project, :private, developers: user) } + let(:pipeline) { create(:ci_pipeline, project: project) } + let(:job) { create(:ci_build, :running, pipeline: pipeline, user: user) } + let(:route_authentication_setting) { { job_token_allowed: true } } + + subject { find_user_from_job_token } + + context 'when token is valid' do + let(:token) { job.token } + + before do + set_header(described_class::JOB_TOKEN_HEADER, token) + allow(::Gitlab::Audit::Auditor).to receive(:audit) + end + + it 'returns user and streams audit event' do + expect(subject).to eq(user) + + expect(::Gitlab::Audit::Auditor).to have_received(:audit).with( + name: "user_authenticated_using_job_token", + stream_only: true, + author: user, + scope: job.project, + target: user, + message: "#{user.name} authenticated using job token of job id: #{job.id}" + ) + end + end + + context 'when token is invalid' do + let(:token) { "invalid token" } + + before do + set_header(described_class::JOB_TOKEN_HEADER, token) + allow(::Gitlab::Audit::Auditor).to receive(:audit) + end + + it 'returns user' do + expect { subject }.to raise_error(Gitlab::Auth::UnauthorizedError) + expect(::Gitlab::Audit::Auditor).not_to have_received(:audit) + end + end + end end -- GitLab From a2792ce7bd1359e736f6b348b868d29aea61eab7 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Fri, 30 Aug 2024 21:57:36 +0530 Subject: [PATCH 02/13] Update audit event docs --- doc/user/compliance/audit_event_types.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index f38d27ef7a4091..64d111bcb59dd4 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -188,6 +188,7 @@ Audit event types belong to the following product categories. | [`update_approval_rules`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89939) | Event triggered on updating a merge approval rule | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363092) | Project | | [`update_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | Triggered when a compliance framework is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group | | [`update_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | Event triggered when an external status check is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project | +| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060) | Audit event triggered when a user is authenticated using job token | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.3](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Instance | ### Container registry -- GitLab From 502ac19944ff13c8a83b4e8ac586dbd13643bb22 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Fri, 30 Aug 2024 22:17:29 +0530 Subject: [PATCH 03/13] Use let it be --- ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb index a1c257587c90b0..5de3a3c23cf493 100644 --- a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb +++ b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb @@ -219,10 +219,10 @@ def set_header(key, value) end describe '#find_user_from_job_token', :request_store do - let(:project) { create(:project, :private, developers: user) } - let(:pipeline) { create(:ci_pipeline, project: project) } - let(:job) { create(:ci_build, :running, pipeline: pipeline, user: user) } - let(:route_authentication_setting) { { job_token_allowed: true } } + let_it_be(:project) { create(:project, :private, developers: user) } + let_it_be(:pipeline) { create(:ci_pipeline, project: project) } + let_it_be(:job) { create(:ci_build, :running, pipeline: pipeline, user: user) } + let_it_be(:route_authentication_setting) { { job_token_allowed: true } } subject { find_user_from_job_token } -- GitLab From f5962b7c0f32248f48b8e26ee1c2dbc94d41996c Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Mon, 2 Sep 2024 09:01:00 +0530 Subject: [PATCH 04/13] dont save to database --- .../audit_events/types/user_authenticated_using_job_token.yml | 4 ++-- doc/user/compliance/audit_event_types.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/config/audit_events/types/user_authenticated_using_job_token.yml index 6ffcfac98bafd4..26c0c1fda2acd5 100644 --- a/config/audit_events/types/user_authenticated_using_job_token.yml +++ b/config/audit_events/types/user_authenticated_using_job_token.yml @@ -4,7 +4,7 @@ description: Audit event triggered when a user is authenticated using job token introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/481325 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060 feature_category: compliance_management -milestone: '17.3' -saved_to_database: true +milestone: '17.4' +saved_to_database: false streamed: true scope: [Instance] diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 64d111bcb59dd4..ed1be49b28510c 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -188,7 +188,7 @@ Audit event types belong to the following product categories. | [`update_approval_rules`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89939) | Event triggered on updating a merge approval rule | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363092) | Project | | [`update_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | Triggered when a compliance framework is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group | | [`update_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | Event triggered when an external status check is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project | -| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060) | Audit event triggered when a user is authenticated using job token | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.3](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Instance | +| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060) | Audit event triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Instance | ### Container registry -- GitLab From 648fb3768f05393839b556420448ae10b3f9f223 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Wed, 4 Sep 2024 10:28:09 +0530 Subject: [PATCH 05/13] Update scope --- .../audit_events/types/user_authenticated_using_job_token.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/config/audit_events/types/user_authenticated_using_job_token.yml index 26c0c1fda2acd5..352aa67e55cd4a 100644 --- a/config/audit_events/types/user_authenticated_using_job_token.yml +++ b/config/audit_events/types/user_authenticated_using_job_token.yml @@ -7,4 +7,5 @@ feature_category: compliance_management milestone: '17.4' saved_to_database: false streamed: true -scope: [Instance] +scope: [Project] +g -- GitLab From 41450763011a83f950bcd3624cbe2f947ea600c0 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Wed, 4 Sep 2024 10:28:27 +0530 Subject: [PATCH 06/13] Update scope --- config/audit_events/types/user_authenticated_using_job_token.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/config/audit_events/types/user_authenticated_using_job_token.yml index 352aa67e55cd4a..bcc172d3374854 100644 --- a/config/audit_events/types/user_authenticated_using_job_token.yml +++ b/config/audit_events/types/user_authenticated_using_job_token.yml @@ -8,4 +8,3 @@ milestone: '17.4' saved_to_database: false streamed: true scope: [Project] -g -- GitLab From e6537179086917e49c1c292ba407b408223e25b1 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Wed, 4 Sep 2024 10:31:46 +0530 Subject: [PATCH 07/13] Update scope --- doc/user/compliance/audit_event_types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index ed1be49b28510c..8a845e42398d5c 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -188,7 +188,7 @@ Audit event types belong to the following product categories. | [`update_approval_rules`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89939) | Event triggered on updating a merge approval rule | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363092) | Project | | [`update_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | Triggered when a compliance framework is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group | | [`update_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | Event triggered when an external status check is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project | -| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060) | Audit event triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Instance | +| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060) | Audit event triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Project | ### Container registry -- GitLab From 74e3129be24a84c3af1adf4744e58fe6b3079459 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Mon, 9 Sep 2024 12:04:30 +0530 Subject: [PATCH 08/13] Fix Rspec --- .../types/user_authenticated_using_job_token.yml | 2 +- ee/spec/requests/api/ci/runner_spec.rb | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/config/audit_events/types/user_authenticated_using_job_token.yml index bcc172d3374854..a6691078c60a75 100644 --- a/config/audit_events/types/user_authenticated_using_job_token.yml +++ b/config/audit_events/types/user_authenticated_using_job_token.yml @@ -2,7 +2,7 @@ name: user_authenticated_using_job_token description: Audit event triggered when a user is authenticated using job token introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/481325 -introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164546 feature_category: compliance_management milestone: '17.4' saved_to_database: false diff --git a/ee/spec/requests/api/ci/runner_spec.rb b/ee/spec/requests/api/ci/runner_spec.rb index 55ec693124009d..28a724ef248bfa 100644 --- a/ee/spec/requests/api/ci/runner_spec.rb +++ b/ee/spec/requests/api/ci/runner_spec.rb @@ -135,20 +135,21 @@ def request_job(token = runner.token, **params) before do project.group.root_ancestor.external_audit_event_destinations.create!(destination_url: 'http://example.com') stub_licensed_features(admin_audit_log: true, extended_audit_events: true, external_audit_events: true) + allow(::Gitlab::Audit::Auditor).to receive(:audit).and_call_original + allow(AuditEvents::AuditEventStreamingWorker).to receive(:perform_async).and_call_original end it 'downloads artifacts' do + download_artifact + expect(::Gitlab::Audit::Auditor).to( - receive(:audit).with(hash_including(name: 'job_artifact_downloaded')).and_call_original + have_received(:audit).with(hash_including(name: 'job_artifact_downloaded')) ) expect(AuditEvents::AuditEventStreamingWorker).to( - receive(:perform_async) + have_received(:perform_async) .with('job_artifact_downloaded', nil, a_string_including("Downloaded artifact")) - .and_call_original ) - download_artifact - expect(response).to have_gitlab_http_status(:ok) end end -- GitLab From 3d7ef4c8a865a23f2529805dcdd0fb4e99f1b24f Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Mon, 9 Sep 2024 12:08:21 +0530 Subject: [PATCH 09/13] Update docs --- doc/user/compliance/audit_event_types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 8a845e42398d5c..53dc21c3ba8b51 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -188,7 +188,7 @@ Audit event types belong to the following product categories. | [`update_approval_rules`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89939) | Event triggered on updating a merge approval rule | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363092) | Project | | [`update_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | Triggered when a compliance framework is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group | | [`update_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | Event triggered when an external status check is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project | -| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161060) | Audit event triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Project | +| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164546) | Audit event triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Project | ### Container registry -- GitLab From 818b9f4eb3f7efe1c9985ab6146d20297b726ced Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Mon, 9 Sep 2024 14:21:12 +0530 Subject: [PATCH 10/13] Update target details --- ee/lib/ee/gitlab/auth/auth_finders.rb | 3 ++- ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ee/lib/ee/gitlab/auth/auth_finders.rb b/ee/lib/ee/gitlab/auth/auth_finders.rb index 12ae2ee2c658ff..d1bfb47e9aafc2 100644 --- a/ee/lib/ee/gitlab/auth/auth_finders.rb +++ b/ee/lib/ee/gitlab/auth/auth_finders.rb @@ -75,7 +75,8 @@ def audit_job_token_authentication(user) stream_only: true, author: user, scope: @current_authenticated_job.project, - target: user, + target: @current_authenticated_job, + target_details: @current_authenticated_job.id.to_s, message: "#{user.name} authenticated using job token of job id: #{@current_authenticated_job.id}" } # rubocop:enable Gitlab/ModuleWithInstanceVariables diff --git a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb index 5de3a3c23cf493..c7ad874b9b7c20 100644 --- a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb +++ b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb @@ -242,7 +242,8 @@ def set_header(key, value) stream_only: true, author: user, scope: job.project, - target: user, + target: job, + target_details: job.id.to_s, message: "#{user.name} authenticated using job token of job id: #{job.id}" ) end -- GitLab From 1efcdaaba1c6f6bb33fdba36b70d45f25f3ce231 Mon Sep 17 00:00:00 2001 From: Harsimar Sandhu Date: Wed, 11 Sep 2024 09:09:23 +0000 Subject: [PATCH 11/13] Apply 2 suggestion(s) to 2 file(s) Co-authored-by: Huzaifa Iftikhar --- .../audit_events/types/user_authenticated_using_job_token.yml | 2 +- ee/lib/ee/gitlab/auth/auth_finders.rb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/config/audit_events/types/user_authenticated_using_job_token.yml index a6691078c60a75..d499d597b67cfe 100644 --- a/config/audit_events/types/user_authenticated_using_job_token.yml +++ b/config/audit_events/types/user_authenticated_using_job_token.yml @@ -1,6 +1,6 @@ --- name: user_authenticated_using_job_token -description: Audit event triggered when a user is authenticated using job token +description: Triggered when a user is authenticated using job token introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/481325 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164546 feature_category: compliance_management diff --git a/ee/lib/ee/gitlab/auth/auth_finders.rb b/ee/lib/ee/gitlab/auth/auth_finders.rb index d1bfb47e9aafc2..1d8553ce290ea1 100644 --- a/ee/lib/ee/gitlab/auth/auth_finders.rb +++ b/ee/lib/ee/gitlab/auth/auth_finders.rb @@ -72,7 +72,6 @@ def audit_job_token_authentication(user) # rubocop:disable Gitlab/ModuleWithInstanceVariables -- Already used in super audit_context = { name: "user_authenticated_using_job_token", - stream_only: true, author: user, scope: @current_authenticated_job.project, target: @current_authenticated_job, -- GitLab From b0d84cf082650df9abd22f95ce40bce0eba34345 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Wed, 11 Sep 2024 15:21:02 +0530 Subject: [PATCH 12/13] Update audit event type docs --- doc/user/compliance/audit_event_types.md | 7 ++++++- .../types/user_authenticated_using_job_token.yml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) rename {config => ee/config}/audit_events/types/user_authenticated_using_job_token.yml (89%) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 53dc21c3ba8b51..0c174b69834817 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -188,7 +188,6 @@ Audit event types belong to the following product categories. | [`update_approval_rules`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89939) | Event triggered on updating a merge approval rule | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363092) | Project | | [`update_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74292) | Triggered when a compliance framework is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [14.6](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) | Group | | [`update_status_check`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84624) | Event triggered when an external status check is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) | Project | -| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164546) | Audit event triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Project | ### Container registry @@ -444,6 +443,12 @@ Audit event types belong to the following product categories. |:------------|:------------|:------------------|:---------|:--------------|:--------------| | [`skip_secret_push_protection`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147855) | Triggered when secret push protection is skipped by the user | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.11](https://gitlab.com/gitlab-org/gitlab/-/issues/441185) | Project | +### Secrets management + +| Name | Description | Saved to database | Streamed | Introduced in | Scope | +|:------------|:------------|:------------------|:---------|:--------------|:--------------| +| [`user_authenticated_using_job_token`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164546) | Triggered when a user is authenticated using job token | **{dotted-circle}** No | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/481325) | Project | + ### Security policy management | Name | Description | Saved to database | Streamed | Introduced in | Scope | diff --git a/config/audit_events/types/user_authenticated_using_job_token.yml b/ee/config/audit_events/types/user_authenticated_using_job_token.yml similarity index 89% rename from config/audit_events/types/user_authenticated_using_job_token.yml rename to ee/config/audit_events/types/user_authenticated_using_job_token.yml index d499d597b67cfe..351ce178924d30 100644 --- a/config/audit_events/types/user_authenticated_using_job_token.yml +++ b/ee/config/audit_events/types/user_authenticated_using_job_token.yml @@ -3,7 +3,7 @@ name: user_authenticated_using_job_token description: Triggered when a user is authenticated using job token introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/481325 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164546 -feature_category: compliance_management +feature_category: secrets_management milestone: '17.4' saved_to_database: false streamed: true -- GitLab From 2582180ffebf6a2707f0bc1e2decd79aea42be06 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Wed, 11 Sep 2024 17:26:29 +0530 Subject: [PATCH 13/13] remove stream only from spec --- ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb index c7ad874b9b7c20..20069d4806dbe4 100644 --- a/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb +++ b/ee/spec/lib/ee/gitlab/auth/auth_finders_spec.rb @@ -239,7 +239,6 @@ def set_header(key, value) expect(::Gitlab::Audit::Auditor).to have_received(:audit).with( name: "user_authenticated_using_job_token", - stream_only: true, author: user, scope: job.project, target: job, -- GitLab