Commit d073e732 authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre Committed by Mike Kozono

Do not create audit event for failed logins on read-only DB

Changelog: fixed
EE: true
parent 8ba3b727
...@@ -133,7 +133,7 @@ module EE ...@@ -133,7 +133,7 @@ module EE
# @return [AuditEvent, nil] if record is persisted or nil if audit events # @return [AuditEvent, nil] if record is persisted or nil if audit events
# features are not enabled # features are not enabled
def unauth_security_event def unauth_security_event
return unless audit_events_enabled? return unless audit_events_enabled? && ::Gitlab::Database.read_write?
add_security_event_admin_details! add_security_event_admin_details!
......
...@@ -333,6 +333,16 @@ RSpec.describe AuditEventService, :request_store do ...@@ -333,6 +333,16 @@ RSpec.describe AuditEventService, :request_store do
expect(event.details).not_to have_key(:ip_address) expect(event.details).not_to have_key(:ip_address)
end end
end end
context 'on a read-only instance' do
before do
allow(Gitlab::Database).to receive(:read_only?).and_return(true)
end
it 'does not create an event record in the database' do
expect { service.for_failed_login.unauth_security_event }.not_to change(AuditEvent, :count)
end
end
end end
describe '#for_project_group_link' do describe '#for_project_group_link' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment