Add runner unregistration audit event
Audit need
When admins, group/project owners/maintainers unregister a runner, it is important to preserve a trail of data of the event.
There are 2 ways a runner can be unregistered:
-
Through the REST API, where we have an authentication_token
which allows us to locate the runner, but not to know the identity of the caller-
Direct destruction -
Indirect destruction (e.g. by way of deleting a ci_runner_projects
record / cascading delete)
-
-
Through the GraphQL API/UI, where we know the identity of the PAT used for the API call
Proposal
Add the following audit events for when a GitLab Runner is unregistered at the instance, group, or project level.
- Date and timestamp in UTC
- Public IP address (i.e. the source IP address from where the registration command was run)
- Runner short SHA
- Author if available, otherwise the short authentication token
Edited by Pedro Pombeiro