Merge branch...

Merge branch '335232-does-not-create-audit-event-for-failed-long-on-read-only-database' into 'master' Do not create audit event for failed logins on read-only DB See merge request gitlab-org/gitlab!65504

Merge branch...
Merge branch '335232-does-not-create-audit-event-for-failed-long-on-read-only-database' into 'master' Do not create audit event for failed logins on read-only DB See merge request gitlab-org/gitlab!65504
e8b67da0 · Michael Kozono · 0394b804 · d073e732 · e8b67da0 · e8b67da0
Commit e8b67da0 authored Jul 07, 2021 by Michael Kozono
Showing with 11 additions and 1 deletion

ee/app/services/ee/audit_event_service.rb ee/app/services/ee/audit_event_service.rb +1 -1

ee/spec/services/audit_event_service_spec.rb ee/spec/services/audit_event_service_spec.rb +10 -0

No files found.
--- a/ee/app/services/ee/audit_event_service.rb
+++ b/ee/app/services/ee/audit_event_service.rb
@@ -133,7 +133,7 @@ module EE
    # @return [AuditEvent, nil] if record is persisted or nil if audit events
    #   features are not enabled
    def unauth_security_event
-      return unless audit_events_enabled?
+      return unless audit_events_enabled? && ::Gitlab::Database.read_write?

      add_security_event_admin_details!


--- a/ee/spec/services/audit_event_service_spec.rb
+++ b/ee/spec/services/audit_event_service_spec.rb
@@ -333,6 +333,16 @@ RSpec.describe AuditEventService, :request_store do
        expect(event.details).not_to have_key(:ip_address)
      end
    end
+
+    context 'on a read-only instance' do
+      before do
+        allow(Gitlab::Database).to receive(:read_only?).and_return(true)
+      end
+
+      it 'does not create an event record in the database' do
+        expect { service.for_failed_login.unauth_security_event }.not_to change(AuditEvent, :count)
+      end
+    end
  end

  describe '#for_project_group_link' do