From 8314c019383025921eec295e5df501a55e1939a7 Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Wed, 12 Mar 2025 17:35:21 -0600 Subject: [PATCH 1/7] Adds audit event for LDAP sign ins Successful events are now also streamed --- doc/user/compliance/audit_event_types.md | 1 + .../ee/ldap/omniauth_callbacks_controller.rb | 12 ++++++++++++ .../audit_events/types/authenticated_with_ldap.yml | 11 +++++++++++ 3 files changed, 24 insertions(+) create mode 100644 ee/config/audit_events/types/authenticated_with_ldap.yml diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 1d324ddff40939..c0ee8ad063c1a2 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -597,6 +597,7 @@ Audit event types belong to the following product categories. | [`allow_mfa_for_subgroups_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting for Subgroups can set up their own two-factor authentication rules updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`allowed_email_domain_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166105) | Group setting allowed email domain entry is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`application_setting_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124639) | An application setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/282428) | Instance | +| [`authenticated_with_ldap`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with LDAP authentication | {{< icon name="check-circle" >}} Yes | GitLab [17.10](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | | [`disable_personal_access_tokens_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Disable personal access tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`email_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is created | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User | | [`email_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User | diff --git a/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb b/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb index 487be1db9c608a..2508e840bfdab0 100644 --- a/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb +++ b/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb @@ -35,6 +35,18 @@ def show_ldap_sync_flash flash[:notice] = _('LDAP sync in progress. This could take a few minutes. '\ 'Refresh the page to see the changes.') end + + override :log_audit_event + def log_audit_event(user, options = {}) + ldap = options[:with] + ::Gitlab::Audit::Auditor.audit({ + name: "authenticated_with_ldap", + author: user, + scope: user, + target: user, + message: "Signed in with #{ldap.upcase} authentication" + }) + end end end end diff --git a/ee/config/audit_events/types/authenticated_with_ldap.yml b/ee/config/audit_events/types/authenticated_with_ldap.yml new file mode 100644 index 00000000000000..edb848c64968a6 --- /dev/null +++ b/ee/config/audit_events/types/authenticated_with_ldap.yml @@ -0,0 +1,11 @@ + +--- +name: authenticated_with_ldap +description: Successfully signing in with LDAP authentication +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/509377 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763 +milestone: '17.10' +feature_category: system_access +saved_to_database: true +streamed: true +scope: [User] \ No newline at end of file -- GitLab From a9c69108a03d057cdb94d001dbcb1c982ead695e Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Thu, 13 Mar 2025 16:30:45 -0600 Subject: [PATCH 2/7] Add oAuth authentication audit event - Updates OmniauthCallbacksController to use the new Auditor approach - Adds new audit event for oAuth --- .../omniauth_callbacks_controller.rb | 19 +++++++++++++++++-- doc/user/compliance/audit_event_types.md | 1 + .../ee/ldap/omniauth_callbacks_controller.rb | 18 +++++++++++++----- .../types/authenticated_with_ldap.yml | 1 - .../types/authenticated_with_oauth.yml | 10 ++++++++++ 5 files changed, 41 insertions(+), 8 deletions(-) create mode 100644 ee/config/audit_events/types/authenticated_with_oauth.yml diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 95c5ab39920365..421849c1dccb24 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -366,8 +366,23 @@ def handle_disabled_provider end def log_audit_event(user, options = {}) - AuditEventService.new(user, user, options) - .for_authentication.security_event + return if options[:with].blank? + + provider = options[:with] + audit_context = { + name: 'authenticated_with_oauth', + author: user, + scope: user, + target: user, + message: "Signed in with #{provider.upcase} authentication", + authentication_event: true, + authentication_provider: provider, + additional_details: { + with: provider + } + } + + ::Gitlab::Audit::Auditor.audit(audit_context) end def set_remember_me(user, auth_user) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index c0ee8ad063c1a2..ee6df3d53ad129 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -598,6 +598,7 @@ Audit event types belong to the following product categories. | [`allowed_email_domain_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166105) | Group setting allowed email domain entry is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`application_setting_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124639) | An application setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/282428) | Instance | | [`authenticated_with_ldap`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with LDAP authentication | {{< icon name="check-circle" >}} Yes | GitLab [17.10](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | +| [`authenticated_with_oauth`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with OAuth | {{< icon name="check-circle" >}} Yes | GitLab [17.10](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | | [`disable_personal_access_tokens_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Disable personal access tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`email_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is created | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User | | [`email_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User | diff --git a/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb b/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb index 2508e840bfdab0..d03eb92cf4d6b3 100644 --- a/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb +++ b/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb @@ -38,14 +38,22 @@ def show_ldap_sync_flash override :log_audit_event def log_audit_event(user, options = {}) - ldap = options[:with] - ::Gitlab::Audit::Auditor.audit({ - name: "authenticated_with_ldap", + return if options[:with].blank? + + provider = options[:with] + audit_context = { + name: 'authenticated_with_ldap', author: user, scope: user, target: user, - message: "Signed in with #{ldap.upcase} authentication" - }) + message: "Signed in with #{provider.upcase} authentication", + authentication_event: true, + authentication_provider: provider, + additional_details: { + with: provider + } + } + ::Gitlab::Audit::Auditor.audit(audit_context) end end end diff --git a/ee/config/audit_events/types/authenticated_with_ldap.yml b/ee/config/audit_events/types/authenticated_with_ldap.yml index edb848c64968a6..f08df856b492c5 100644 --- a/ee/config/audit_events/types/authenticated_with_ldap.yml +++ b/ee/config/audit_events/types/authenticated_with_ldap.yml @@ -1,4 +1,3 @@ - --- name: authenticated_with_ldap description: Successfully signing in with LDAP authentication diff --git a/ee/config/audit_events/types/authenticated_with_oauth.yml b/ee/config/audit_events/types/authenticated_with_oauth.yml new file mode 100644 index 00000000000000..07c0d435c6f469 --- /dev/null +++ b/ee/config/audit_events/types/authenticated_with_oauth.yml @@ -0,0 +1,10 @@ +--- +name: authenticated_with_oauth +description: Successfully signing in with OAuth +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/509377 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763 +milestone: '17.10' +feature_category: system_access +saved_to_database: true +streamed: true +scope: [User] \ No newline at end of file -- GitLab From e696a64bd519b77a8adaf762dcea5ab1c2ba0434 Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Thu, 13 Mar 2025 17:07:12 -0600 Subject: [PATCH 3/7] Move audit events outside EE Files originally created under EE directory have now been moved --- .../audit_events/types/authenticated_with_ldap.yml | 0 .../audit_events/types/authenticated_with_oauth.yml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {ee/config => config}/audit_events/types/authenticated_with_ldap.yml (100%) rename {ee/config => config}/audit_events/types/authenticated_with_oauth.yml (100%) diff --git a/ee/config/audit_events/types/authenticated_with_ldap.yml b/config/audit_events/types/authenticated_with_ldap.yml similarity index 100% rename from ee/config/audit_events/types/authenticated_with_ldap.yml rename to config/audit_events/types/authenticated_with_ldap.yml diff --git a/ee/config/audit_events/types/authenticated_with_oauth.yml b/config/audit_events/types/authenticated_with_oauth.yml similarity index 100% rename from ee/config/audit_events/types/authenticated_with_oauth.yml rename to config/audit_events/types/authenticated_with_oauth.yml -- GitLab From 009f4b3f9883d7caec359e81118f0e6cf69db377 Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Mon, 17 Mar 2025 13:10:50 -0600 Subject: [PATCH 4/7] Add specs for new audit events Adds rspec to test for event creations and updates the audit event docs --- config/audit_events/types/authenticated_with_ldap.yml | 2 +- config/audit_events/types/authenticated_with_oauth.yml | 2 +- doc/user/compliance/audit_event_types.md | 4 ++-- .../ldap/omniauth_callbacks_controller_spec.rb | 6 ++++++ spec/controllers/omniauth_callbacks_controller_spec.rb | 10 ++++++++-- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/config/audit_events/types/authenticated_with_ldap.yml b/config/audit_events/types/authenticated_with_ldap.yml index f08df856b492c5..3a8e08fbedb3ef 100644 --- a/config/audit_events/types/authenticated_with_ldap.yml +++ b/config/audit_events/types/authenticated_with_ldap.yml @@ -3,7 +3,7 @@ name: authenticated_with_ldap description: Successfully signing in with LDAP authentication introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/509377 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763 -milestone: '17.10' +milestone: '17.11' feature_category: system_access saved_to_database: true streamed: true diff --git a/config/audit_events/types/authenticated_with_oauth.yml b/config/audit_events/types/authenticated_with_oauth.yml index 07c0d435c6f469..d23ef7389c3f89 100644 --- a/config/audit_events/types/authenticated_with_oauth.yml +++ b/config/audit_events/types/authenticated_with_oauth.yml @@ -3,7 +3,7 @@ name: authenticated_with_oauth description: Successfully signing in with OAuth introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/509377 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763 -milestone: '17.10' +milestone: '17.11' feature_category: system_access saved_to_database: true streamed: true diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index ee6df3d53ad129..2a6118f598d0fc 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -597,8 +597,6 @@ Audit event types belong to the following product categories. | [`allow_mfa_for_subgroups_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting for Subgroups can set up their own two-factor authentication rules updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`allowed_email_domain_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166105) | Group setting allowed email domain entry is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`application_setting_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124639) | An application setting is updated | {{< icon name="check-circle" >}} Yes | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/282428) | Instance | -| [`authenticated_with_ldap`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with LDAP authentication | {{< icon name="check-circle" >}} Yes | GitLab [17.10](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | -| [`authenticated_with_oauth`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with OAuth | {{< icon name="check-circle" >}} Yes | GitLab [17.10](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | | [`disable_personal_access_tokens_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164973) | Setting Disable personal access tokens is updated | {{< icon name="check-circle" >}} Yes | GitLab [17.4](https://gitlab.com/gitlab-org/gitlab/-/issues/486532) | Group | | [`email_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is created | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User | | [`email_destroyed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114546) | An email is destroyed | {{< icon name="check-circle" >}} Yes | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | User | @@ -624,6 +622,8 @@ Audit event types belong to the following product categories. | [`user_access_unlocked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124973) | User access to the instance is unlocked | {{< icon name="check-circle" >}} Yes | GitLab [16.2](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244) | User | | [`user_disable_two_factor`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89598) | A user disables two factor authentication. Group scope was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171988) in GitLab 17.6. | {{< icon name="check-circle" >}} Yes | GitLab [15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/238177) | User, Group | | [`user_enable_admin_mode`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104754) | Admin Mode enabled | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/362101) | User | +| [`authenticated_with_ldap`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with LDAP authentication | {{< icon name="check-circle" >}} Yes | GitLab [17.11](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | +| [`authenticated_with_oauth`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with OAuth | {{< icon name="check-circle" >}} Yes | GitLab [17.11](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | ### Team planning diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb index b16f8ad1a5811e..7c5da98ab333ab 100644 --- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb @@ -16,6 +16,12 @@ expect(AuthenticationEvent.last.provider).to eq(provider.to_s) end + it 'creates an authentication audit event' do + expect { post provider }.to change { + AuditEvent.where("details LIKE '%authenticated_with_ldap%'").count + }.by(1) + end + context 'with sign in prevented' do let(:ldap_settings) { ldap_setting_defaults.merge(prevent_ldap_sign_in: true) } diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb index 7c86bca02a035a..3eb19a0693d02b 100644 --- a/spec/controllers/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/omniauth_callbacks_controller_spec.rb @@ -129,11 +129,17 @@ expect { post(provider) }.to( change do Gitlab::Metrics.registry - .get(:gitlab_omniauth_login_total) - .get(omniauth_provider: 'github', status: 'succeeded') + .get(:gitlab_omniauth_login_total) + .get(omniauth_provider: 'github', status: 'succeeded') end.by(1) ) end + + it 'creates an authentication audit event' do + expect { post provider }.to change { + AuditEvent.where("details LIKE '%authenticated_with_oauth%'").count + }.by(1) + end end context 'with signed-in user' do -- GitLab From 34fd8e9876fd3210adfb6343a3e4a7c19bab8a14 Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Mon, 17 Mar 2025 13:55:51 -0600 Subject: [PATCH 5/7] Updated controllers to use new audit events Moved logic to proper controllers and cleaned up to avoid repetition --- .../ldap/omniauth_callbacks_controller.rb | 5 +++++ .../omniauth_callbacks_controller.rb | 5 ++--- .../ee/ldap/omniauth_callbacks_controller.rb | 20 ------------------- 3 files changed, 7 insertions(+), 23 deletions(-) diff --git a/app/controllers/ldap/omniauth_callbacks_controller.rb b/app/controllers/ldap/omniauth_callbacks_controller.rb index 1c79bd3a668e12..1dad923eae6d6c 100644 --- a/app/controllers/ldap/omniauth_callbacks_controller.rb +++ b/app/controllers/ldap/omniauth_callbacks_controller.rb @@ -50,6 +50,11 @@ def available_providers server['provider_name'] end end + + override :log_audit_event + def log_audit_event(user, options = {}) + super(user, options, 'authenticated_with_ldap') + end end Ldap::OmniauthCallbacksController.prepend_mod_with('Ldap::OmniauthCallbacksController') diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 421849c1dccb24..0a72d94a533642 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -365,12 +365,12 @@ def handle_disabled_provider redirect_to new_user_session_path end - def log_audit_event(user, options = {}) + def log_audit_event(user, options = {}, name = 'authenticated_with_oauth') return if options[:with].blank? provider = options[:with] audit_context = { - name: 'authenticated_with_oauth', + name: name, author: user, scope: user, target: user, @@ -381,7 +381,6 @@ def log_audit_event(user, options = {}) with: provider } } - ::Gitlab::Audit::Auditor.audit(audit_context) end diff --git a/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb b/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb index d03eb92cf4d6b3..487be1db9c608a 100644 --- a/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb +++ b/ee/app/controllers/ee/ldap/omniauth_callbacks_controller.rb @@ -35,26 +35,6 @@ def show_ldap_sync_flash flash[:notice] = _('LDAP sync in progress. This could take a few minutes. '\ 'Refresh the page to see the changes.') end - - override :log_audit_event - def log_audit_event(user, options = {}) - return if options[:with].blank? - - provider = options[:with] - audit_context = { - name: 'authenticated_with_ldap', - author: user, - scope: user, - target: user, - message: "Signed in with #{provider.upcase} authentication", - authentication_event: true, - authentication_provider: provider, - additional_details: { - with: provider - } - } - ::Gitlab::Audit::Auditor.audit(audit_context) - end end end end -- GitLab From b747293d2ffba77ba078c86cb78b69b6fb78e9c4 Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Tue, 18 Mar 2025 09:15:24 -0600 Subject: [PATCH 6/7] Update audit event description Description is now more clear for both new audit evnets --- config/audit_events/types/authenticated_with_ldap.yml | 2 +- config/audit_events/types/authenticated_with_oauth.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/audit_events/types/authenticated_with_ldap.yml b/config/audit_events/types/authenticated_with_ldap.yml index 3a8e08fbedb3ef..8f192b86c30e9c 100644 --- a/config/audit_events/types/authenticated_with_ldap.yml +++ b/config/audit_events/types/authenticated_with_ldap.yml @@ -1,6 +1,6 @@ --- name: authenticated_with_ldap -description: Successfully signing in with LDAP authentication +description: User successfully signed in with LDAP introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/509377 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763 milestone: '17.11' diff --git a/config/audit_events/types/authenticated_with_oauth.yml b/config/audit_events/types/authenticated_with_oauth.yml index d23ef7389c3f89..cb9213936600cd 100644 --- a/config/audit_events/types/authenticated_with_oauth.yml +++ b/config/audit_events/types/authenticated_with_oauth.yml @@ -1,6 +1,6 @@ --- name: authenticated_with_oauth -description: Successfully signing in with OAuth +description: User successfully signed in with OAuth introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/509377 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763 milestone: '17.11' -- GitLab From 75520429cccc99c9bb1b1b3359db70660d8f7ca1 Mon Sep 17 00:00:00 2001 From: Ulises Fierro Date: Tue, 18 Mar 2025 09:50:58 -0600 Subject: [PATCH 7/7] Update audit event docs for new events Updates audit events docs via rake task for newly added events --- doc/user/compliance/audit_event_types.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 2a6118f598d0fc..487e48a8186586 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -622,8 +622,8 @@ Audit event types belong to the following product categories. | [`user_access_unlocked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124973) | User access to the instance is unlocked | {{< icon name="check-circle" >}} Yes | GitLab [16.2](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244) | User | | [`user_disable_two_factor`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89598) | A user disables two factor authentication. Group scope was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171988) in GitLab 17.6. | {{< icon name="check-circle" >}} Yes | GitLab [15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/238177) | User, Group | | [`user_enable_admin_mode`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104754) | Admin Mode enabled | {{< icon name="check-circle" >}} Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/362101) | User | -| [`authenticated_with_ldap`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with LDAP authentication | {{< icon name="check-circle" >}} Yes | GitLab [17.11](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | -| [`authenticated_with_oauth`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | Successfully signing in with OAuth | {{< icon name="check-circle" >}} Yes | GitLab [17.11](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | +| [`authenticated_with_ldap`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | User successfully signed in with LDAP | {{< icon name="check-circle" >}} Yes | GitLab [17.11](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | +| [`authenticated_with_oauth`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175763) | User successfully signed in with OAuth | {{< icon name="check-circle" >}} Yes | GitLab [17.11](https://gitlab.com/gitlab-org/gitlab/-/issues/509377) | User | ### Team planning -- GitLab