diff --git a/app/services/ci/runners/create_runner_service.rb b/app/services/ci/runners/create_runner_service.rb index fbf49d1f3f72ce25056f6d0b12a1a02e5ff4cfeb..013cbec7f6a4b552761416d8df7d231d20269666 100644 --- a/app/services/ci/runners/create_runner_service.rb +++ b/app/services/ci/runners/create_runner_service.rb @@ -49,7 +49,7 @@ def normalize_params private - attr_reader :user, :params, :strategy + attr_reader :user, :scope, :params, :strategy def track_runner_event(runner) return if params[:maintenance_note].blank? @@ -73,3 +73,5 @@ def track_runner_event(runner) end end end + +Ci::Runners::CreateRunnerService.prepend_mod diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 4ea4a566215e2735b2f7e609e4bf0827278597ab..b572d145809b4df5e57025372f546111de9334db 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -307,6 +307,7 @@ Audit event types belong to the following product categories. | Name | Description | Saved to database | Introduced in | Scope | |:------------|:------------|:------------------|:---------|:--------------|:--------------| +| [`ci_runner_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173885) | Triggered when a runner is created | **{check-circle}** Yes | GitLab [17.7](https://gitlab.com/gitlab-org/gitlab/-/issues/503315) | Instance, Group, Project | | [`ci_runner_usage_export`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/139578) | A runner usage report is generated | **{check-circle}** Yes | GitLab [16.8](https://gitlab.com/gitlab-org/gitlab/-/issues/426560) | Instance | | [`ci_runners_bulk_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173886) | Triggered when runners are deleted in bulk | **{check-circle}** Yes | GitLab [17.7](https://gitlab.com/gitlab-org/gitlab/-/issues/503315) | User | diff --git a/ee/app/services/ee/ci/runners/create_runner_service.rb b/ee/app/services/ee/ci/runners/create_runner_service.rb new file mode 100644 index 0000000000000000000000000000000000000000..f4cd8975872feb50b5a3c899f8abc9a56169385d --- /dev/null +++ b/ee/app/services/ee/ci/runners/create_runner_service.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module EE + module Ci + module Runners + # Creates a CI Runner and logs an audit event + module CreateRunnerService + extend ::Gitlab::Utils::Override + + override :execute + def execute + super.tap do |response| + audit_event(response.payload[:runner]) if response.success? + end + end + + private + + def audit_event(runner) + token_scope = runner.instance_type? ? ::Gitlab::Audit::InstanceScope.new : scope + + ::AuditEvents::RunnerAuditEventService.new( + runner, user, token_scope, + name: 'ci_runner_created', + message: "Created %{runner_type} CI runner" + ).track_event + end + end + end + end +end diff --git a/ee/config/audit_events/types/ci_runner_created.yml b/ee/config/audit_events/types/ci_runner_created.yml new file mode 100644 index 0000000000000000000000000000000000000000..5f216b888e0951de3102b0585bd6c76c31fcd9ef --- /dev/null +++ b/ee/config/audit_events/types/ci_runner_created.yml @@ -0,0 +1,10 @@ +--- +name: ci_runner_created +description: Triggered when a runner is created +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/503315 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173885 +feature_category: fleet_visibility +milestone: '17.7' +saved_to_database: true +streamed: true +scope: [Instance, Group, Project] diff --git a/spec/requests/api/graphql/mutations/ci/runner/create_spec.rb b/spec/requests/api/graphql/mutations/ci/runner/create_spec.rb index 844be90851d6ec19f4f2e2e0e0ecaa47a87136dd..5a7a719eb9bc09e344247f532383852ed1760862 100644 --- a/spec/requests/api/graphql/mutations/ci/runner/create_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/runner/create_spec.rb @@ -25,13 +25,9 @@ end let(:mutation) do - variables = { - **mutation_params - } - graphql_mutation( :runner_create, - variables, + mutation_params, <<-QL runner { ephemeralAuthenticationToken