From 64b55f367e41835effa4e8acf19a9e47ae6ca1f0 Mon Sep 17 00:00:00 2001
From: Eduardo Bonet <ebonet@gitlab.com>
Date: Mon, 9 Sep 2024 11:21:22 +0200
Subject: [PATCH] Logs audit event for self-hosted models usage

Logs an audit event when and admin accepts usage of self-hosted models.

Changelog: added
---
 .../types/self_hosted_model_terms_accepted.yml     |  9 +++++++++
 doc/user/compliance/audit_event_types.md           |  6 ++++++
 .../admin/ai/terms_and_conditions_controller.rb    | 14 ++++++++++++++
 .../ai/terms_and_conditions_controller_spec.rb     | 12 ++++++++++++
 4 files changed, 41 insertions(+)
 create mode 100644 config/audit_events/types/self_hosted_model_terms_accepted.yml

diff --git a/config/audit_events/types/self_hosted_model_terms_accepted.yml b/config/audit_events/types/self_hosted_model_terms_accepted.yml
new file mode 100644
index 00000000000000..2fcf48fb24210a
--- /dev/null
+++ b/config/audit_events/types/self_hosted_model_terms_accepted.yml
@@ -0,0 +1,9 @@
+name: self_hosted_model_terms_accepted
+description: Terms for usage of self-hosted models were accepted
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/477999
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/165480
+feature_category: self-hosted_models
+milestone: '17.4'
+saved_to_database: true
+scope: [Instance, User]
+streamed: true
diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md
index f38d27ef7a4091..c34c4aeabe3d82 100644
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@@ -449,6 +449,12 @@ Audit event types belong to the following product categories.
 |:------------|:------------|:------------------|:---------|:--------------|:--------------|
 | [`policy_project_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102154) | This event is triggered whenever the security policy project is updated for a project. | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.6](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) | Group, Project |
 
+### Self-hosted models
+
+| Name | Description | Saved to database | Streamed | Introduced in | Scope |
+|:------------|:------------|:------------------|:---------|:--------------|:--------------|
+| [`self_hosted_model_terms_accepted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/165480) | Terms for usage of self-hosted models were accepted | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/477999) | Instance, User |
+
 ### Source code management
 
 | Name | Description | Saved to database | Streamed | Introduced in | Scope |
diff --git a/ee/app/controllers/admin/ai/terms_and_conditions_controller.rb b/ee/app/controllers/admin/ai/terms_and_conditions_controller.rb
index 2e6cacff12bd19..85516f70f2e4d4 100644
--- a/ee/app/controllers/admin/ai/terms_and_conditions_controller.rb
+++ b/ee/app/controllers/admin/ai/terms_and_conditions_controller.rb
@@ -17,6 +17,8 @@ def index
       def create
         ::Ai::TestingTermsAcceptance.create!(user_id: current_user.id, user_email: current_user.email)
 
+        audit_event(current_user)
+
         redirect_to admin_ai_self_hosted_models_url, notice: _("Successfully accepted GitLab Testing Terms")
       end
 
@@ -26,6 +28,18 @@ def ensure_feature_enabled!
         render_404 unless Feature.enabled?(:ai_custom_model) # rubocop:disable Gitlab/FeatureFlagWithoutActor -- The feature flag is global
         render_404 unless Ability.allowed?(current_user, :manage_ai_settings)
       end
+
+      def audit_event(user)
+        audit_context = {
+          name: 'self_hosted_model_terms_accepted',
+          author: user,
+          scope: user,
+          target: user,
+          message: "Self-hosted model usage terms accepted by user #{user.id}"
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
+      end
     end
   end
 end
diff --git a/ee/spec/requests/admin/ai/terms_and_conditions_controller_spec.rb b/ee/spec/requests/admin/ai/terms_and_conditions_controller_spec.rb
index eb299b8a6d50b6..7c55154bce4d02 100644
--- a/ee/spec/requests/admin/ai/terms_and_conditions_controller_spec.rb
+++ b/ee/spec/requests/admin/ai/terms_and_conditions_controller_spec.rb
@@ -64,11 +64,23 @@
   end
 
   describe 'POST #create' do
+    let(:audit_context) do
+      {
+        name: 'self_hosted_model_terms_accepted',
+        author: admin,
+        scope: admin,
+        target: admin,
+        message: "Self-hosted model usage terms accepted by user #{admin.id}"
+      }
+    end
+
     subject :perform_request do
       post admin_ai_terms_and_conditions_url
     end
 
     it 'saves the acceptance' do
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context)
+
       expect { perform_request }.to change { ::Ai::TestingTermsAcceptance.count }.by(1)
 
       acceptance = ::Ai::TestingTermsAcceptance.last
-- 
GitLab