Added delete api for instance GCP config for audit events
What does this MR do and why?
This MR adds a new mutation to the GraphQL API that allows users to delete instance level Google Cloud Logging configurations. The mutation will delete the configuration and create an audit event. If there is an error during deletion, the mutation will return an error message. The mutation is available to only instance admins of instances with Ultimate license.
This is quite similar to group level api for deletion of gcp configs as mentioned in https://docs.gitlab.com/ee/administration/audit_event_streaming/graphql_api.html#delete-google-cloud-logging-configurations.
Creation API is being added in !130663 (merged).
Query plan
Select query
https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/22209/commands/71768
SELECT
"audit_events_instance_google_cloud_logging_configurations".*
FROM
"audit_events_instance_google_cloud_logging_configurations"
WHERE
"audit_events_instance_google_cloud_logging_configurations"."id" = 6
Deletion query
https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/22209/commands/71769
DELETE FROM
"audit_events_instance_google_cloud_logging_configurations"
WHERE
"audit_events_instance_google_cloud_logging_configurations"."id" = 6
How to set up and validate locally
- For this you need to have admin access of a GitLab instance with an Ultimate license.
- Create an entry for the instance level GCP config by running following command in rails console
AuditEvents::Instance::GoogleCloudLoggingConfiguration.create!(google_project_id_name: "project-name", client_email: "abcd@rt.com", log_id_name: "some_log_name", name: "First destination", private_key: "random_private_key")
- Visit graphql explorer https://gitlab.localdev:3000/-/graphql-explorer.
- Run following query to list down the destination and note the graphql id for the same
query instanceGoogleCloudLoggingConfigurations {
instanceGoogleCloudLoggingConfigurations {
nodes {
id
logIdName
googleProjectIdName
clientEmail
name
}
}
}
- Then run the delete mutation in the explorer using the graphql id of the destination obtained in step 4.
mutation instanceGoogleCloudLoggingConfigurationDestroy {
instanceGoogleCloudLoggingConfigurationDestroy(input: { id: "gid://gitlab/AuditEvents::Instance::GoogleCloudLoggingConfiguration/9" }) {
errors
}
}
- Run the query in step 4 to verify the config got deleted. Also check for the audit event generated in https://gitlab.localdev:3000/admin/audit_logs, it should look something like following image
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #423040 (closed)