Skip to content

Add table for filtering namespace audit events for instance

Hitesh Raghuvanshi requested to merge 429743-migration-model-instance into master

What does this MR do and why?

  1. This MR adds a migration and model changes for supporting group and project level filters for instance level external audit event destinations.
  2. We are creating a Instance::NamespaceFilter model and corresponding table which will be used for storing group or project filters for a certain external audit event destination for streaming instance level audit events.
  3. We are adding a limit of 1 such filter per destination as per requirement.

Note: This MR is similar to !135080 (merged) which was for group-level audit event destinations.

Migrations

# Up for table

bundle exec rake db:migrate:up:main VERSION=20231115064007
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 79384
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: migrating
main: -- create_table(:audit_events_streaming_http_instance_namespace_filters)
main:    -> 0.0129s
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: migrated (0.1126s)

main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 79384

# Down for table

bundle exec rake db:migrate:down:main VERSION=20231115064007
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 78582
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: reverting
main: -- drop_table(:audit_events_streaming_http_instance_namespace_filters)
main:    -> 0.0027s
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: reverted (0.0085s)

main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 78582


# Up for destination foreign key migration

bundle exec rake db:migrate:up:main VERSION=20231116115303
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 77411
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: migrating
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters ADD CONSTRAINT fk_4c9d5c4edb FOREIGN KEY (instance_external_audit_event_destination_id) REFERENCES audit_events_instance_external_audit_event_destinations (id) ON DELETE CASCADE NOT VALID;")
main:    -> 0.0016s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0002s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters VALIDATE CONSTRAINT fk_4c9d5c4edb;")
main:    -> 0.0008s
main: -- execute("RESET statement_timeout")
main:    -> 0.0002s
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: migrated (0.1663s)

# Down for destination foreign key migration

bundle exec rake db:migrate:down:main VERSION=20231116115303
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 75746
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: reverting
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- remove_foreign_key(:audit_events_streaming_http_instance_namespace_filters, {:column=>:instance_external_audit_event_destination_id})
main:    -> 0.1289s
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: reverted (0.1417s)

main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 75746

# Up for namespace foreign key migration

bundle exec rake db:migrate:up:main VERSION=20231116115237
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 74962
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: migrating
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters ADD CONSTRAINT fk_23f3ab7df0 FOREIGN KEY (namespace_id) REFERENCES namespaces (id) ON DELETE CASCADE NOT VALID;")
main:    -> 0.0016s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0003s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters VALIDATE CONSTRAINT fk_23f3ab7df0;")
main:    -> 0.0020s
main: -- execute("RESET statement_timeout")
main:    -> 0.0003s
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: migrated (0.1329s)

main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 74962

# Down for namespace foreign key migration

bundle exec rake db:migrate:down:main VERSION=20231116115237
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 73464
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: reverting
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- remove_foreign_key(:audit_events_streaming_http_instance_namespace_filters, {:column=>:namespace_id})
main:    -> 0.0935s
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: reverted (0.1049s)

main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 73464

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Create a new instance level custom http external audit event streaming destination by following steps in https://docs.gitlab.com/ee/administration/audit_event_streaming/#add-a-new-http-destination-1.
  2. Open rails console gdk rails console.
  3. Run following command to create a namespace filter for the destination, it should create the filter and should not return any error.
AuditEvents::Streaming::HTTP::Instance::NamespaceFilter.create!(instance_external_audit_event_destination: AuditEvents::InstanceExternalAuditEventDestination.first, namespace: Group.last)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #432424 (closed)

Edited by Hitesh Raghuvanshi

Merge request reports

Loading