Add audit event when sending runner usage report by e-mail
What does this MR do and why?
This MR updates Ci::Runners::SendUsageCsvService to create an audit event when it is invoked, so that system admins know when sensitive data is sent out, in the event of a compromised admin account.
EE: true
Part of #426562 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Step | Screenshot |
|---|---|
| Run mutation in http://gdk.test:3000/-/graphql-explorer |
|
| Navigate to http://gdk.test:3000/admin/audit_logs |
|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
-
Start the clickhouse server ./clickhouse server
-
Run migrations
bundle exec rake gitlab:clickhouse:migrate -
Run mutation in http://gdk.test:3000/-/graphql-explorer:
Query:
mutation runnersExportUsage($input: RunnersExportUsageInput!) { runnersExportUsage(input: $input) { errors } }Query variables:
{ "input": { "type": "INSTANCE_TYPE" } }This will dispatch the worker asynchronously in Sidekiq, and the email should be available shortly in http://gdk.test:3000/rails/letter_opener/.
-
Navigate to http://gdk.test:3000/admin/audit_logs and confirm that an audit event was created.