Add table for filtering namespace audit events for instance
What does this MR do and why?
- This MR adds a migration and model changes for supporting group and project level filters for instance level external audit event destinations.
- We are creating a
Instance::NamespaceFilter
model and corresponding table which will be used for storing group or project filters for a certain external audit event destination for streaming instance level audit events. - We are adding a limit of 1 such filter per destination as per requirement.
Note: This MR is similar to !135080 (merged) which was for group-level audit event destinations.
Migrations
# Up for table
bundle exec rake db:migrate:up:main VERSION=20231115064007
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 79384
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: migrating
main: -- create_table(:audit_events_streaming_http_instance_namespace_filters)
main: -> 0.0129s
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: migrated (0.1126s)
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 79384
# Down for table
bundle exec rake db:migrate:down:main VERSION=20231115064007
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 78582
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: reverting
main: -- drop_table(:audit_events_streaming_http_instance_namespace_filters)
main: -> 0.0027s
main: == 20231115064007 CreateAuditEventsStreamingHttpInstanceNamespaceFilters: reverted (0.0085s)
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 78582
# Up for destination foreign key migration
bundle exec rake db:migrate:up:main VERSION=20231116115303
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 77411
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: migrating
main: -- transaction_open?(nil)
main: -> 0.0000s
main: -- transaction_open?(nil)
main: -> 0.0000s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters ADD CONSTRAINT fk_4c9d5c4edb FOREIGN KEY (instance_external_audit_event_destination_id) REFERENCES audit_events_instance_external_audit_event_destinations (id) ON DELETE CASCADE NOT VALID;")
main: -> 0.0016s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0002s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters VALIDATE CONSTRAINT fk_4c9d5c4edb;")
main: -> 0.0008s
main: -- execute("RESET statement_timeout")
main: -> 0.0002s
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: migrated (0.1663s)
# Down for destination foreign key migration
bundle exec rake db:migrate:down:main VERSION=20231116115303
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 75746
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: reverting
main: -- transaction_open?(nil)
main: -> 0.0000s
main: -- remove_foreign_key(:audit_events_streaming_http_instance_namespace_filters, {:column=>:instance_external_audit_event_destination_id})
main: -> 0.1289s
main: == 20231116115303 AddNamespaceFkToAuditEventsHttpInstanceNamespaceFilters: reverted (0.1417s)
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 75746
# Up for namespace foreign key migration
bundle exec rake db:migrate:up:main VERSION=20231116115237
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 74962
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: migrating
main: -- transaction_open?(nil)
main: -> 0.0000s
main: -- transaction_open?(nil)
main: -> 0.0000s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters ADD CONSTRAINT fk_23f3ab7df0 FOREIGN KEY (namespace_id) REFERENCES namespaces (id) ON DELETE CASCADE NOT VALID;")
main: -> 0.0016s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0003s
main: -- execute("ALTER TABLE audit_events_streaming_http_instance_namespace_filters VALIDATE CONSTRAINT fk_23f3ab7df0;")
main: -> 0.0020s
main: -- execute("RESET statement_timeout")
main: -> 0.0003s
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: migrated (0.1329s)
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 74962
# Down for namespace foreign key migration
bundle exec rake db:migrate:down:main VERSION=20231116115237
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 73464
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: reverting
main: -- transaction_open?(nil)
main: -> 0.0000s
main: -- remove_foreign_key(:audit_events_streaming_http_instance_namespace_filters, {:column=>:namespace_id})
main: -> 0.0935s
main: == 20231116115237 AddDestinationFkToAuditEventsHttpInstanceNamespaceFilters: reverted (0.1049s)
main: == [advisory_lock_connection] object_id: 184500, pg_backend_pid: 73464
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a new instance level custom http external audit event streaming destination by following steps in https://docs.gitlab.com/ee/administration/audit_event_streaming/#add-a-new-http-destination-1.
- Open rails console
gdk rails console
. - Run following command to create a namespace filter for the destination, it should create the filter and should not return any error.
AuditEvents::Streaming::HTTP::Instance::NamespaceFilter.create!(instance_external_audit_event_destination: AuditEvents::InstanceExternalAuditEventDestination.first, namespace: Group.last)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #432424 (closed)
Edited by Hitesh Raghuvanshi