Commit 67e266d7 authored by Dmytro Zaporozhets's avatar Dmytro Zaporozhets

Merge branch '35855-add-project-import-audit-event' into 'master'

Add project import to group-level audit events

Closes #35855

See merge request gitlab-org/gitlab!31103
parents 94530c42 3a402700
...@@ -22,6 +22,8 @@ module Projects ...@@ -22,6 +22,8 @@ module Projects
import_data import_data
after_execute_hook
success success
rescue Gitlab::UrlBlocker::BlockedUrlError => e rescue Gitlab::UrlBlocker::BlockedUrlError => e
Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type)
...@@ -37,6 +39,10 @@ module Projects ...@@ -37,6 +39,10 @@ module Projects
private private
def after_execute_hook
# Defined in EE::Projects::ImportService
end
def add_repository_to_project def add_repository_to_project
if project.external_import? && !unknown_url? if project.external_import? && !unknown_url?
begin begin
...@@ -131,3 +137,5 @@ module Projects ...@@ -131,3 +137,5 @@ module Projects
end end
end end
end end
Projects::ImportService.prepend_if_ee('EE::Projects::ImportService')
...@@ -50,6 +50,7 @@ From there, you can see the following actions: ...@@ -50,6 +50,7 @@ From there, you can see the following actions:
- User sign-in via [Group SAML](../user/group/saml_sso/index.md) - User sign-in via [Group SAML](../user/group/saml_sso/index.md)
- Permissions changes of a user assigned to a group - Permissions changes of a user assigned to a group
- Removed user from group - Removed user from group
- Project imported in to group
- Project added to group and with which visibility level - Project added to group and with which visibility level
- Project removed from group - Project removed from group
- [Project shared with group](../user/project/members/share_project_with_groups.md) - [Project shared with group](../user/project/members/share_project_with_groups.md)
......
# frozen_string_literal: true
module EE
module Projects
module ImportService
extend ::Gitlab::Utils::Override
override :after_execute_hook
def after_execute_hook
super
log_audit_event if project.group.present?
end
private
def log_audit_event
::AuditEventService.new(
current_user,
project.group,
action: :custom,
custom_message: 'Project imported'
).for_repository_import(project.full_path).security_event
end
end
end
end
---
title: Add project import to group as audit event
merge_request: 31103
author:
type: added
# frozen_string_literal: true
require 'spec_helper'
describe Projects::ImportService do
let_it_be(:project) { create(:project) }
let_it_be(:user) { project.creator }
subject { described_class.new(project, user) }
before do
allow(project).to receive(:lfs_enabled?).and_return(true)
project.import_url = Project::UNKNOWN_IMPORT_URL
end
context 'when imported in to a group' do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, group: group) }
context 'when audit_events is licensed' do
before do
stub_licensed_features(audit_events: true)
end
it 'does audit' do
expect { subject.execute }.to change { SecurityEvent.count }.by(1)
end
end
context 'when audit_events is unlicensed' do
before do
allow(group).to receive(:feature_available?).and_return(false)
stub_licensed_features(audit_events: false)
end
it 'does not audit' do
expect { subject.execute }.not_to change { SecurityEvent.count }
end
end
end
context 'when not imported in to a group' do
let_it_be(:project) { create(:project) }
context 'when audit_events is licensed' do
before do
stub_licensed_features(audit_events: true)
end
it 'does not audit' do
expect { subject.execute }.not_to change { SecurityEvent.count }
end
end
context 'when audit_events is unlicensed' do
before do
stub_licensed_features(audit_events: false)
end
it 'does not audit' do
expect { subject.execute }.not_to change { SecurityEvent.count }
end
end
end
end
...@@ -11,7 +11,9 @@ describe RepositoryImportWorker do ...@@ -11,7 +11,9 @@ describe RepositoryImportWorker do
project.update(import_type: 'gitlab_custom_project_template') project.update(import_type: 'gitlab_custom_project_template')
project.import_state.update(jid: '123') project.import_state.update(jid: '123')
expect_any_instance_of(Projects::ImportService).to receive(:execute).and_return({ status: :error, message: error }) expect_next_instance_of(Projects::ImportService) do |service|
expect(service).to receive(:execute).and_return({ status: :error, message: error })
end
expect do expect do
subject.perform(project.id) subject.perform(project.id)
...@@ -24,8 +26,9 @@ describe RepositoryImportWorker do ...@@ -24,8 +26,9 @@ describe RepositoryImportWorker do
let(:project) { create(:project, :mirror, :import_scheduled) } let(:project) { create(:project, :mirror, :import_scheduled) }
it 'adds mirror in front of the mirror scheduler queue' do it 'adds mirror in front of the mirror scheduler queue' do
expect_any_instance_of(Projects::ImportService).to receive(:execute) expect_next_instance_of(Projects::ImportService) do |service|
.and_return({ status: :ok }) expect(service).to receive(:execute).and_return({ status: :ok })
end
expect_any_instance_of(EE::ProjectImportState).to receive(:force_import_job!) expect_any_instance_of(EE::ProjectImportState).to receive(:force_import_job!)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment