Integrate deployment approval and approval rule changes into audit events
Release notes
Deployments in regulated industries is a central topic of compliance. While GitLab offered various audit events, deployment approvals were not part of the audited events leaving it hard to show if and when approval rules changed. GitLab now ships with a new set of audit events on deployment approval and approval rule changes. These events fire when deployment approval rules are change or when approval rules on protected environments are changes.
Summary
The audit_event
api does not contain deployment approvals and does not contain changes to approval rules for protected environments (e.g. if an approval rule is removed, this is not logged). This information is required for audit and compliance purposes. I am working with a large customer who is required to store this information for 12 months
Background
We added the Audit Event for Protected Environments in #216164 (closed), however, it seems we forgot to support update path (ProtectedEnvironments::UpdateService
). Create and Delete are already logged.
Proposal
We can introduce a similar logic with Feature Flag update process in ProtectedEnvironments::UpdateService
.