Add specs to detect extra audit events
What does this MR do and why?
We have an epic, "Don't create audit events when there is no change"
In short, we want to make sure we do NOT emit audit events for API update calls that end up not resulting in an actual data change
As part of this epic, EE::Projects::UpdateService
audit events where identified as a potential place where the behavior described in the epic was occurring.
While working on on that issue, I added a spec to check for the duplicate audit event behavior. It turned out that this audit event source already does the correct thing.
As such, this commit just adds the aforementioned specs to prevent possible future regressions
closes: #370703 (closed)
Screenshots or screen recordings
Here is the state of the audit event UI after running the reproduction steps described below
audit event UI |
---|
|
How to set up and validate locally
- create an access token to use with the REST API
- In a terminal,
curl
a real updatecurl --request PUT --header "PRIVATE-TOKEN: ACCESS_TOKEN" "http://localhost:3000/api/v4/projects/1?name=GitlabTest"
- Use the rails console to see the audit event
- Use the audit event UI to see the update: http://localhost:3000/gitlab-org/gitlab-test/-/audit_events
- In a terminal, repeat the
curl
to create anoOp
updatecurl --request PUT --header "PRIVATE-TOKEN: ACCESS_TOKEN" "http://localhost:3000/api/v4/projects/1?name=GitlabTest"
- Use the rails console and audit event UI to verify no new audit event was created
- In a terminal, reset the attribute to generate another real update
curl --request PUT --header "PRIVATE-TOKEN: ACCESS_TOKEN" "http://localhost:3000/api/v4/projects/1?name=Gitlab%20Test"
- Use the rails console to see the audit event
- Use the audit event UI to see the update: http://localhost:3000/gitlab-org/gitlab-test/-/audit_events
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.