diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index d44d3f64eb13b88d69a1fcc95a4d365e708ee627..48bd812c7f2254b3d528d7280b8843362c57c69a 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -123,6 +123,9 @@ From there, you can see the following actions: - Created, updated, or deleted DAST profiles, DAST scanner profiles, and DAST site profiles ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1) - Changed a project's compliance framework ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/329362) in GitLab 14.1) +- User password required for approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2) +- Permission to modify merge requests approval rules in merge requests was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2) +- New approvals requirement when new commits are added to an MR was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2) Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events). diff --git a/ee/lib/ee/audit/project_changes_auditor.rb b/ee/lib/ee/audit/project_changes_auditor.rb index d5cd69c37d27cd3e67dc78ad66e66c7ffe2f0342..c31c3ef8d1b35de094ef61ca94cc7fd46471486b 100644 --- a/ee/lib/ee/audit/project_changes_auditor.rb +++ b/ee/lib/ee/audit/project_changes_auditor.rb @@ -13,6 +13,9 @@ def execute audit_changes(:merge_requests_author_approval, as: 'prevent merge request approval from authors', model: model) audit_changes(:merge_requests_disable_committers_approval, as: 'prevent merge request approval from reviewers', model: model) + audit_changes(:reset_approvals_on_push, as: 'require new approvals when new commits are added to an MR', model: model) + audit_changes(:disable_overriding_approvers_per_merge_request, as: 'prevent users from modifying MR approval rules in merge requests', model: model) + audit_changes(:require_password_to_approve, as: 'require user password for approvals', model: model) audit_project_feature_changes audit_compliance_framework_changes diff --git a/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb b/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb index 7d4103ed41363763f4faffa2ae59f99dd528d2bd..cceb3a47aca1adeadc18e636418748b3e7f1ea48 100644 --- a/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb +++ b/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb @@ -14,7 +14,10 @@ repository_size_limit: 10, packages_enabled: true, merge_requests_author_approval: false, - merge_requests_disable_committers_approval: true + merge_requests_disable_committers_approval: true, + reset_approvals_on_push: false, + disable_overriding_approvers_per_merge_request: false, + require_password_to_approve: false ) end @@ -162,6 +165,45 @@ ) end end + + it 'creates an event when the reset approvals on push changes' do + project.update!(reset_approvals_on_push: true) + + aggregate_failures do + expect { foo_instance.execute }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details).to include( + change: 'require new approvals when new commits are added to an MR', + from: false, + to: true + ) + end + end + + it 'creates an event when the require password to approve changes' do + project.update!(require_password_to_approve: true) + + aggregate_failures do + expect { foo_instance.execute }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details).to include( + change: 'require user password for approvals', + from: false, + to: true + ) + end + end + + it 'creates an event when the disable overriding approvers per merge request changes' do + project.update!(disable_overriding_approvers_per_merge_request: true) + + aggregate_failures do + expect { foo_instance.execute }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details).to include( + change: 'prevent users from modifying MR approval rules in merge requests', + from: false, + to: true + ) + end + end end end end