Audit when job token is used for authentication
What does this MR do and why?
Audit when job token is used for authentication
This commit adds audit event when a job token is used for authentication
EE: true Changelog: added
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Setup streaming audit event destination: https://docs.gitlab.com/ee/administration/audit_event_streaming/#http-destinations
- Create a pipeline with below template
stages:
- debug
print-token-and-wait:
stage: debug
script:
- echo "The job will now wait for 10 minutes. You can use the CI_JOB_TOKEN during this time to make API calls."
- sleep 600
-
To get the ci job token: open rails console and type: "Ci::Build.last.token"
-
Use this token to call GitLab API's, For testing I used:
curl --header "JOB-TOKEN: YOUR_TOKEN_HERE" "{{gdk_base_url}}/api/v4/job"
- Check streamed audit event.
Related to #481325
Edited by Harsimar Sandhu