Skip to content

Drop IP address input when creating audit events

Tan Le requested to merge ignore-ip-address-input-to-audit-event-service into master

What does this MR do?

Drop IP address input when creating audit events

To avoid the issue of injecting a wrong IP address, we are no longer accepting this information when invoking the AuditEventService or Auditor. One incorrect example is current_sign_in_ip which could be sometimes stale if the user has not logged out. AuditEventService and Auditor are capable of resolving the IP address directly from the Gitlab::RequestContext.

Relates to #296230 (closed)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Tan Le

Merge request reports

Loading