Audit successful GPG keys creation and removal
What does this MR do?
Audit successful GPG key creation and removal via app and API.
How to test
Via App
- Authenticated to the app as a user, and follow the steps to create and remove GPG Key
- Create https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/#adding-a-gpg-key-to-your-account
- Remove https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/#removing-a-gpg-key
Via API
- Authenticated to the RESTFul API, and follow the steps to create and remove GPG Key
- Create https://docs.gitlab.com/ee/api/users.html#add-a-gpg-key
- Remove https://docs.gitlab.com/ee/api/users.html#delete-ssh-key-for-current-user
Screenshots or Screencasts (strongly suggested)
Navigate to Admin Area > Monitoring > Audit Events and view the newly created audit events
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Related to #220127 (closed)
Edited by Tan Le