From 37e3a83b940036eee1701227d798f049d079651a Mon Sep 17 00:00:00 2001
From: Adrien Gooris <adrien.gooris@michelin.com>
Date: Thu, 15 Jul 2021 10:29:13 +0200
Subject: [PATCH 1/2] Track changes in merge request approval settings in Audit
 Events

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66234
EE: true
---
 doc/administration/audit_events.md            |  3 ++
 ee/lib/ee/audit/project_changes_auditor.rb    |  3 ++
 .../ee/audit/project_changes_auditor_spec.rb  | 44 ++++++++++++++++++-
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index d44d3f64eb13b8..c2f6721bd06b3f 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -123,6 +123,9 @@ From there, you can see the following actions:
 - Created, updated, or deleted DAST profiles, DAST scanner profiles, and DAST site profiles
   ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1)
 - Changed a project's compliance framework ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/329362) in GitLab 14.1)
+- User password required for approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.1)
+- Permission to modify merge requests approval rules in merge requests was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.1)
+- New approvals requirement when new commits are added to an MR was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.1)
 
 Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events).
 
diff --git a/ee/lib/ee/audit/project_changes_auditor.rb b/ee/lib/ee/audit/project_changes_auditor.rb
index d5cd69c37d27cd..c31c3ef8d1b35d 100644
--- a/ee/lib/ee/audit/project_changes_auditor.rb
+++ b/ee/lib/ee/audit/project_changes_auditor.rb
@@ -13,6 +13,9 @@ def execute
 
         audit_changes(:merge_requests_author_approval, as: 'prevent merge request approval from authors', model: model)
         audit_changes(:merge_requests_disable_committers_approval, as: 'prevent merge request approval from reviewers', model: model)
+        audit_changes(:reset_approvals_on_push, as: 'require new approvals when new commits are added to an MR', model: model)
+        audit_changes(:disable_overriding_approvers_per_merge_request, as: 'prevent users from modifying MR approval rules in merge requests', model: model)
+        audit_changes(:require_password_to_approve, as: 'require user password for approvals', model: model)
 
         audit_project_feature_changes
         audit_compliance_framework_changes
diff --git a/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb b/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb
index 7d4103ed413637..cceb3a47aca1ad 100644
--- a/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb
+++ b/ee/spec/lib/ee/audit/project_changes_auditor_spec.rb
@@ -14,7 +14,10 @@
         repository_size_limit: 10,
         packages_enabled: true,
         merge_requests_author_approval: false,
-        merge_requests_disable_committers_approval: true
+        merge_requests_disable_committers_approval: true,
+        reset_approvals_on_push: false,
+        disable_overriding_approvers_per_merge_request: false,
+        require_password_to_approve: false
       )
     end
 
@@ -162,6 +165,45 @@
           )
         end
       end
+
+      it 'creates an event when the reset approvals on push changes' do
+        project.update!(reset_approvals_on_push: true)
+
+        aggregate_failures do
+          expect { foo_instance.execute }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details).to include(
+            change: 'require new approvals when new commits are added to an MR',
+            from: false,
+            to: true
+          )
+        end
+      end
+
+      it 'creates an event when the require password to approve changes' do
+        project.update!(require_password_to_approve: true)
+
+        aggregate_failures do
+          expect { foo_instance.execute }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details).to include(
+            change: 'require user password for approvals',
+            from: false,
+            to: true
+          )
+        end
+      end
+
+      it 'creates an event when the disable overriding approvers per merge request changes' do
+        project.update!(disable_overriding_approvers_per_merge_request: true)
+
+        aggregate_failures do
+          expect { foo_instance.execute }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details).to include(
+            change: 'prevent users from modifying MR approval rules in merge requests',
+            from: false,
+            to: true
+          )
+        end
+      end
     end
   end
 end
-- 
GitLab


From 38060f074b6e47b93fcaa34d866114d73a6960a6 Mon Sep 17 00:00:00 2001
From: Evan Read <eread@gitlab.com>
Date: Tue, 10 Aug 2021 07:02:06 +0000
Subject: [PATCH 2/2] Apply 1 suggestion(s) to 1 file(s)

---
 doc/administration/audit_events.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index c2f6721bd06b3f..48bd812c7f2254 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -123,9 +123,9 @@ From there, you can see the following actions:
 - Created, updated, or deleted DAST profiles, DAST scanner profiles, and DAST site profiles
   ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1)
 - Changed a project's compliance framework ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/329362) in GitLab 14.1)
-- User password required for approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.1)
-- Permission to modify merge requests approval rules in merge requests was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.1)
-- New approvals requirement when new commits are added to an MR was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.1)
+- User password required for approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
+- Permission to modify merge requests approval rules in merge requests was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
+- New approvals requirement when new commits are added to an MR was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
 
 Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events).
 
-- 
GitLab