Create API for instance level external audit events destination
What does this MR do and why?
Adding support for instance level external audit event destinations. This MR does the following:
- Adds a feature flag
ff_external_audit_events
. - Adds a GraphQL mutation for creating a new entry in table
audit_events_instance_external_audit_event_destinations
. - Feature is available for Ultimate licence only.
Relevant MRs and issues:
- Database changes and models were added in !116909 (merged)
- Since the whole graphql apis MR became huge to review, first sending create API then rest of the APIs are in original MR !115157 (merged).
GraphQL API
mutation {
instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://www.example.com"}) {
errors
instanceExternalAuditEventDestination {
destinationUrl
id
verificationToken
}
}
}
Query plan
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/17952/commands/59720
Query
INSERT INTO "audit_events_instance_external_audit_event_destinations" (
"created_at", "updated_at", "destination_url",
"encrypted_verification_token",
"encrypted_verification_token_iv"
)
VALUES
(
'2023-04-24 17:02:34.144301', '2023-04-24 17:02:34.144301',
'https://gitlab.com/example/testendpoint',
'\xb4a8476df243a57e207efc86d870a4657f47ffe7f7841ca1393b77ec7bce26578c91c1b3cd669557',
'\x0f600c461b970cef9c6a39be'
) RETURNING "id"
How to set up and validate locally
Happy flow:
- Go to rails console and enable the feature flag by running
Feature.enable(:ff_external_audit_events)
. - Login as an instance admin in the browser on http://localhost:3000.
- Go to http://localhost:3000/-/graphql-explorer and run the above GraphQl API, it should provide a success output with non nil verificationToken.
- Go to rails console and check if the corresponding entry has been made to database by running
AuditEvents::InstanceExternalAuditEventDestination.all
, you should receive atleast 1 entry in response to this.
Error scenarios:
- If you are an instance admin but the feature flag is disabled, you will get an error while running the mutation.
- If you are not logged in or not an instance admin then you will receive an error regardless of whether the feature flag is enabled or disabled.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #335175 (closed)
Edited by Hitesh Raghuvanshi