Skip to content

Link user_destroyed event for user provisioned by group to the group

Asmaa Hassan requested to merge asmaa.hassan-scim_provisioned_user_autodeletion into master

What does this MR do and why?

This MR links user_destroyed audit event for user provisioned by group to the group. It should allow organizations see user_destroyed audit events for their deleted users that were provisioned by their group SAML or group SCIM. This MR also adds a reason of deletion to user_destroyed audit event's message when the user deletion is initiated by automatic deletion of unconfirmed users background process.

Those changes will resolve #423322 (closed).

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Group audit events Instance audit events
Screenshot_from_2025-01-06_16-28-14 Screenshot_from_2025-01-06_16-28-20

How to set up and validate locally

  • On your instance, ensure group SAML along with SCIM are configured. (On gdk, you can try manually setting the attribute provisioned_by for the test user isntead of setting up SCIM)
  • Ensure you that the setting to automatically delete unconfirmed users is enabled .
    • On rails console, run:
    1. Gitlab::CurrentSettings.update(delete_unconfirmed_users: true)
    2. Gitlab::CurrentSettings.update(unconfirmed_users_delete_after_days: 3)
  • Pick an unconfirmed user that was created more than a day ago.
    • You can also tweak this on rails console :
    1. u = User.find (user_id)
    2. u.created_at="older_date"
    3. u.save!
    • You can do the same to set the user to unconfirmed
    1. u = User.find (user_id)
    2. u.confirmed_at=nil
    3. u.save!
  • If you are using a SM instance, Patch your instance to include the changes to files ee/app/services/ee/users/destroy_service.rb, ee/app/workers/users/unconfirmed_users_deletion_cron_worker.rb. On gdk, just make sure your branch is up to date.
  • At the top of the hour, the DeleteUserWorker will run and delete the user you picked. Else, you can manually trigger it via rails console Users::UnconfirmedUsersDeletionCronWorker.perform_async.
  • In instance and group audit events, you should find the record of the user deletion with the message "User username scheduled for deletion. Reason: GitLab automatically deletes unconfirmed users after 3 days since their creation"
Edited by Bogdan Denkovych

Merge request reports