Add audit events for protected environments
What does this MR do and why?
This merge request adds two audit events for when an environment is protected or unprotected:
environment_protected
environment_unprotected
The audit events are triggered regardless of whether this is a group-level or project-level protected environment.
Resolves #216164 (closed).
How to set up and validate locally
To validate locally, please do the following steps:
- In your local GDK setup, create a new project if you don't have one already.
- Inside that project, create an environment in Deployments > Environments.
- Go to Settings > CI/CD, and expand the Protected Environments section.
- Protect the environment you had created earlier.
- From the same page, expand the Protected Environments section again.
- Unprotect the environment.
- Verify that you can see two audit events in the database (via the
rails
console) as follows:
> [1] pry(main)> AuditEvent.last(2)
- You should see the two events each with the correct audit event type.
- You can also verify the audit events were logged by checking
log/audit_events.log
as can be seen below:
{"severity":"INFO","time":"2023-01-05T22:58:13.858Z","correlation_id":"01GP22G1KB5XE9FVY1D2MMR61Z","id":457,"author_id":1,"entity_id":56,"entity_type":"Project","details":{"author_name":"Administrator","author_class":"User","target_id":55,"target_type":"ProtectedEnvironment","target_details":"production","custom_message":"Protected an environment: production","ip_address":"127.0.0.1","entity_path":"root/gitlab-216164"},"ip_address":"127.0.0.1","author_name":"Administrator","entity_path":"root/gitlab-216164","target_details":"production","created_at":"2023-01-05T22:58:13.840Z","target_type":"ProtectedEnvironment","target_id":55,"author_class":"User","custom_message":"Protected an environment: production"}
{"severity":"INFO","time":"2023-01-05T23:00:45.636Z","correlation_id":"01GP22MNRFA9ES120ERF7M012F","id":458,"author_id":1,"entity_id":56,"entity_type":"Project","details":{"author_name":"Administrator","author_class":"User","target_id":55,"target_type":"ProtectedEnvironment","target_details":"production","custom_message":"Unprotected an environment: production","ip_address":"127.0.0.1","entity_path":"root/gitlab-216164"},"ip_address":"127.0.0.1","author_name":"Administrator","entity_path":"root/gitlab-216164","target_details":"production","created_at":"2023-01-05T23:00:45.619Z","target_type":"ProtectedEnvironment","target_id":55,"author_class":"User","custom_message":"Unprotected an environment: production"}
Note: the same should apply if you protect or unprotect the environment via the API. Also, with group-level protected environments.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Ahmed Hemdan