Merge branch 'track-changes-in-mr-approval-settings-in-audit-events' into 'master'

Track changes in merge request approval settings in Audit Events

See merge request gitlab-org/gitlab!66234

doc/administration/audit_events.md

@@ -123,6 +123,9 @@ From there, you can see the following actions:
 - Created, updated, or deleted DAST profiles, DAST scanner profiles, and DAST site profiles
   ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1)
 - Changed a project's compliance framework ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/329362) in GitLab 14.1)
+- User password required for approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
+- Permission to modify merge requests approval rules in merge requests was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
+- New approvals requirement when new commits are added to an MR was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
 
 Project events can also be accessed via the [Project Audit Events API](../api/audit_events.md#project-audit-events).
 

ee/lib/ee/audit/project_changes_auditor.rb

@@ -13,6 +13,9 @@ module EE
 
         audit_changes(:merge_requests_author_approval, as: 'prevent merge request approval from authors', model: model)
         audit_changes(:merge_requests_disable_committers_approval, as: 'prevent merge request approval from reviewers', model: model)
+        audit_changes(:reset_approvals_on_push, as: 'require new approvals when new commits are added to an MR', model: model)
+        audit_changes(:disable_overriding_approvers_per_merge_request, as: 'prevent users from modifying MR approval rules in merge requests', model: model)
+        audit_changes(:require_password_to_approve, as: 'require user password for approvals', model: model)
 
         audit_project_feature_changes
         audit_compliance_framework_changes

ee/spec/lib/ee/audit/project_changes_auditor_spec.rb

@@ -14,7 +14,10 @@ RSpec.describe EE::Audit::ProjectChangesAuditor do
         repository_size_limit: 10,
         packages_enabled: true,
         merge_requests_author_approval: false,
-        merge_requests_disable_committers_approval: true
+        merge_requests_disable_committers_approval: true,
+        reset_approvals_on_push: false,
+        disable_overriding_approvers_per_merge_request: false,
+        require_password_to_approve: false
       )
     end
 
@@ -162,6 +165,45 @@ RSpec.describe EE::Audit::ProjectChangesAuditor do
           )
         end
       end
+
+      it 'creates an event when the reset approvals on push changes' do
+        project.update!(reset_approvals_on_push: true)
+
+        aggregate_failures do
+          expect { foo_instance.execute }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details).to include(
+            change: 'require new approvals when new commits are added to an MR',
+            from: false,
+            to: true
+          )
+        end
+      end
+
+      it 'creates an event when the require password to approve changes' do
+        project.update!(require_password_to_approve: true)
+
+        aggregate_failures do
+          expect { foo_instance.execute }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details).to include(
+            change: 'require user password for approvals',
+            from: false,
+            to: true
+          )
+        end
+      end
+
+      it 'creates an event when the disable overriding approvers per merge request changes' do
+        project.update!(disable_overriding_approvers_per_merge_request: true)
+
+        aggregate_failures do
+          expect { foo_instance.execute }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details).to include(
+            change: 'prevent users from modifying MR approval rules in merge requests',
+            from: false,
+            to: true
+          )
+        end
+      end
     end
   end
 end