Skip to content

Add more details to Protected Branches Audit Events

Adrien Gooris requested to merge adrien.gooris/gitlab:add-more-details-to-protected-branches-audit-events into master

What does this MR do?

EE feature

Closes #338873 (closed)

This MR adds more details on what has changed regarding Protected Branches settings, ie:

  • Which Users/Groups were added/removed to Allowed to Merge
  • Which Users/Groups were added/removed to Allowed to Push
  • Track changes on Allowed to force push option
  • Track changes on Require Codeowners approval option

It also provides a detailed message on displayed Audit Events (Projects > Security & Compliance > Audit Events) when Adding/Removing/Updating protected branches.

Screenshots are more relevants.

Before:

image

After:

image

Detailed audit logs:

{"severity":"INFO","time":"2021-08-31T15:56:16.483Z","correlation_id":"01FEEESS43BVZNB2855G7P1VZM","author_id":1,"author_name":"Administrator","entity_id":17,"entity_type":"Project","ip_address":"127.0.0.1","custom_message":"Added protected branch with [allowed to push: [\"Maintainers\"], allowed to merge: [\"Maintainers\"], allow force push: false, code owner approval required: true]","target_id":39,"target_type":"ProtectedBranch","target_details":"branch1","push_access_levels":["Maintainers"],"merge_access_levels":["Maintainers"],"allow_force_push":false,"code_owner_approval_required":true,"entity_path":"test-group/test"}
{"severity":"INFO","time":"2021-08-31T15:56:30.829Z","correlation_id":"01FEEET75V6P12V9FTYNJP6WE4","author_id":1,"author_name":"Administrator","entity_id":17,"entity_type":"Project","ip_address":"127.0.0.1","change":"allowed to merge","from":"[\"Maintainers\"]","to":"[\"Maintainers\", \"Developers + Maintainers\", \"Administrator\"]","target_id":39,"target_type":"ProtectedBranch","target_details":"branch1","entity_path":"test-group/test"}
{"severity":"INFO","time":"2021-08-31T15:56:38.953Z","correlation_id":"01FEEETF5GZ3XM9HQX9FN7718P","author_id":1,"author_name":"Administrator","entity_id":17,"entity_type":"Project","ip_address":"127.0.0.1","change":"allow force push","from":"false","to":"true","target_id":39,"target_type":"ProtectedBranch","target_details":"branch1","entity_path":"test-group/test"}
{"severity":"INFO","time":"2021-08-31T15:56:41.219Z","correlation_id":"01FEEETHF285ME65N2A5PRMYB9","author_id":1,"author_name":"Administrator","entity_id":17,"entity_type":"Project","ip_address":"127.0.0.1","change":"code owner approval required","from":"true","to":"false","target_id":39,"target_type":"ProtectedBranch","target_details":"branch1","entity_path":"test-group/test"}
{"severity":"INFO","time":"2021-08-31T15:56:47.394Z","correlation_id":"01FEEETQD6H7N4R5BT0X9XNBWX","author_id":1,"author_name":"Administrator","entity_id":17,"entity_type":"Project","ip_address":"127.0.0.1","change":"allowed to push","from":"[\"Maintainers\"]","to":"[\"Administrator\", \"No one\"]","target_id":39,"target_type":"ProtectedBranch","target_details":"branch1","entity_path":"test-group/test"}
{"severity":"INFO","time":"2021-08-31T15:56:51.838Z","correlation_id":"01FEEETVRWXS9PA75ETFZZ5AGC","author_id":1,"author_name":"Administrator","entity_id":17,"entity_type":"Project","ip_address":"127.0.0.1","custom_message":"Unprotected branch","target_id":39,"target_type":"ProtectedBranch","target_details":"branch1","push_access_levels":[],"merge_access_levels":[],"allow_force_push":true,"code_owner_approval_required":false,"entity_path":"test-group/test"}

Audit Events API:

[
  {
    "id": 151,
    "author_id": 1,
    "entity_id": 17,
    "entity_type": "Project",
    "details": {
      "author_name": "Administrator",
      "custom_message": "Unprotected branch",
      "target_id": 39,
      "target_type": "ProtectedBranch",
      "target_details": "branch1",
      "push_access_levels": [],
      "merge_access_levels": [],
      "allow_force_push": true,
      "code_owner_approval_required": false,
      "ip_address": "127.0.0.1",
      "entity_path": "test-group/test"
    },
    "created_at": "2021-08-31T15:56:51.841Z"
  },
  {
    "id": 150,
    "author_id": 1,
    "entity_id": 17,
    "entity_type": "Project",
    "details": {
      "change": "allowed to push",
      "from": "[\"Maintainers\"]",
      "to": "[\"Administrator\", \"No one\"]",
      "target_id": 39,
      "target_type": "ProtectedBranch",
      "target_details": "branch1",
      "ip_address": "127.0.0.1",
      "entity_path": "test-group/test",
      "author_name": "Administrator"
    },
    "created_at": "2021-08-31T15:56:47.397Z"
  },
  {
    "id": 149,
    "author_id": 1,
    "entity_id": 17,
    "entity_type": "Project",
    "details": {
      "change": "code owner approval required",
      "from": "true",
      "to": "false",
      "author_name": "Administrator",
      "target_id": 39,
      "target_type": "ProtectedBranch",
      "target_details": "branch1",
      "ip_address": "127.0.0.1",
      "entity_path": "test-group/test"
    },
    "created_at": "2021-08-31T15:56:41.221Z"
  },
  {
    "id": 148,
    "author_id": 1,
    "entity_id": 17,
    "entity_type": "Project",
    "details": {
      "change": "allow force push",
      "from": "false",
      "to": "true",
      "author_name": "Administrator",
      "target_id": 39,
      "target_type": "ProtectedBranch",
      "target_details": "branch1",
      "ip_address": "127.0.0.1",
      "entity_path": "test-group/test"
    },
    "created_at": "2021-08-31T15:56:38.954Z"
  },
  {
    "id": 147,
    "author_id": 1,
    "entity_id": 17,
    "entity_type": "Project",
    "details": {
      "change": "allowed to merge",
      "from": "[\"Maintainers\"]",
      "to": "[\"Maintainers\", \"Developers + Maintainers\", \"Administrator\"]",
      "target_id": 39,
      "target_type": "ProtectedBranch",
      "target_details": "branch1",
      "ip_address": "127.0.0.1",
      "entity_path": "test-group/test",
      "author_name": "Administrator"
    },
    "created_at": "2021-08-31T15:56:30.853Z"
  },
  {
    "id": 146,
    "author_id": 1,
    "entity_id": 17,
    "entity_type": "Project",
    "details": {
      "author_name": "Administrator",
      "custom_message": "Added protected branch with [allowed to push: [\"Maintainers\"], allowed to merge: [\"Maintainers\"], allow force push: false, code owner approval required: true]",
      "target_id": 39,
      "target_type": "ProtectedBranch",
      "target_details": "branch1",
      "push_access_levels": [
        "Maintainers"
      ],
      "merge_access_levels": [
        "Maintainers"
      ],
      "allow_force_push": false,
      "code_owner_approval_required": true,
      "ip_address": "127.0.0.1",
      "entity_path": "test-group/test"
    },
    "created_at": "2021-08-31T15:56:16.507Z"
  }
]

Does this MR meet the acceptance criteria?

Conformity

  • I have included changelog trailers.
  • I have added/updated documentation.
  • I have properly separated EE content from FOSS.
  • I have self-reviewed this MR per code review guidelines.
  • This MR does not harm performance, or I have asked a reviewer to help assess the performance impact.
  • I have followed the style guides

Availability and Testing

  • I have added/updated tests following the Testing Guide.
  • I have tested this MR in all supported browsers.

Security

N/A

Edited by Adrien Gooris

Merge request reports