Commit 554bc9fe authored by Alper Akgun's avatar Alper Akgun

Merge branch '340649-audit-compliance-framework-chagnes' into 'master'

Audit changes to compliance frameworks

See merge request gitlab-org/gitlab!74292
parents 0fe05e70 77d672bb
...@@ -86,6 +86,7 @@ From there, you can see the following actions: ...@@ -86,6 +86,7 @@ From there, you can see the following actions:
- 2FA enforcement or grace period changed. - 2FA enforcement or grace period changed.
- Roles allowed to create project changed. - Roles allowed to create project changed.
- Group CI/CD variable added, removed, or protected status changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.3. - Group CI/CD variable added, removed, or protected status changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.3.
- Compliance framework created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) in GitLab 14.6.
Group events can also be accessed via the [Group Audit Events API](../api/audit_events.md#group-audit-events) Group events can also be accessed via the [Group Audit Events API](../api/audit_events.md#group-audit-events)
......
...@@ -36,9 +36,22 @@ module ComplianceManagement ...@@ -36,9 +36,22 @@ module ComplianceManagement
end end
def success def success
audit_create
ServiceResponse.success(payload: { framework: framework }) ServiceResponse.success(payload: { framework: framework })
end end
def audit_create
audit_context = {
name: 'create_compliance_framework',
author: current_user,
scope: framework.namespace,
target: framework,
message: "Created compliance framework #{framework.name}"
}
::Gitlab::Audit::Auditor.audit(audit_context)
end
def error def error
ServiceResponse.error(message: _('Failed to create framework'), payload: framework.errors ) ServiceResponse.error(message: _('Failed to create framework'), payload: framework.errors )
end end
......
...@@ -23,12 +23,25 @@ module ComplianceManagement ...@@ -23,12 +23,25 @@ module ComplianceManagement
end end
def success def success
audit_destroy
ServiceResponse.success(message: _('Framework successfully deleted')) ServiceResponse.success(message: _('Framework successfully deleted'))
end end
def error def error
ServiceResponse.error(message: _('Failed to create framework'), payload: framework.errors ) ServiceResponse.error(message: _('Failed to create framework'), payload: framework.errors )
end end
def audit_destroy
audit_context = {
name: 'destroy_compliance_framework',
author: current_user,
scope: framework.namespace,
target: framework,
message: "Destroyed compliance framework #{framework.name}"
}
::Gitlab::Audit::Auditor.audit(audit_context)
end
end end
end end
end end
...@@ -25,6 +25,7 @@ module ComplianceManagement ...@@ -25,6 +25,7 @@ module ComplianceManagement
end end
def success def success
audit_changes
ServiceResponse.success(payload: { framework: framework }) ServiceResponse.success(payload: { framework: framework })
end end
...@@ -34,6 +35,20 @@ module ComplianceManagement ...@@ -34,6 +35,20 @@ module ComplianceManagement
private private
def audit_changes
framework.previous_changes.each do |attribute, changes|
audit_context = {
name: 'update_compliance_framework',
author: current_user,
scope: framework.namespace,
target: framework,
message: "Changed compliance framework's #{attribute} from #{changes[0]} to #{changes[1]}"
}
::Gitlab::Audit::Auditor.audit(audit_context)
end
end
def permitted? def permitted?
can? current_user, :manage_compliance_framework, framework can? current_user, :manage_compliance_framework, framework
end end
......
...@@ -97,6 +97,10 @@ RSpec.describe ComplianceManagement::Frameworks::CreateService do ...@@ -97,6 +97,10 @@ RSpec.describe ComplianceManagement::Frameworks::CreateService do
context 'when using parameters for a valid compliance framework' do context 'when using parameters for a valid compliance framework' do
subject { described_class.new(namespace: namespace, params: params, current_user: namespace.owner) } subject { described_class.new(namespace: namespace, params: params, current_user: namespace.owner) }
it 'audits the changes' do
expect { subject.execute }.to change { AuditEvent.count }.by(1)
end
it 'creates a new compliance framework' do it 'creates a new compliance framework' do
expect { subject.execute }.to change { ComplianceManagement::Framework.count }.by(1) expect { subject.execute }.to change { ComplianceManagement::Framework.count }.by(1)
end end
......
...@@ -37,6 +37,10 @@ RSpec.describe ComplianceManagement::Frameworks::DestroyService do ...@@ -37,6 +37,10 @@ RSpec.describe ComplianceManagement::Frameworks::DestroyService do
it 'is successful' do it 'is successful' do
expect(subject.execute.success?).to be true expect(subject.execute.success?).to be true
end end
it 'audits the destruction' do
expect { subject.execute }.to change { AuditEvent.count }.by(1)
end
end end
context 'when current user is not the namespace owner' do context 'when current user is not the namespace owner' do
......
...@@ -66,6 +66,18 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do ...@@ -66,6 +66,18 @@ RSpec.describe ComplianceManagement::Frameworks::UpdateService do
it 'is successful' do it 'is successful' do
expect(subject.execute.success?).to be true expect(subject.execute.success?).to be true
end end
it 'audits the changes' do
expect { subject.execute }.to change { AuditEvent.count }.by(3)
messages = AuditEvent.last(3).map { |e| e.details[:custom_message] }
expect(messages).to contain_exactly(
'Changed compliance framework\'s name from GDPR to New Name',
'Changed compliance framework\'s color from #004494 to #000001',
'Changed compliance framework\'s description from The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). to New Description'
)
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment