Commit d2430c45 authored by Sean McGivern's avatar Sean McGivern

Merge branch '323905-audit-event-new-administrator' into 'master'

Add instance-level audit event when admin status changes

See merge request gitlab-org/gitlab!65168
parents d4447503 03f0de49
...@@ -162,6 +162,7 @@ The following user actions are recorded: ...@@ -162,6 +162,7 @@ The following user actions are recorded:
- Failed second-factor authentication attempt ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/16826) in GitLab 13.5) - Failed second-factor authentication attempt ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/16826) in GitLab 13.5)
- A user's personal access token was successfully created or revoked ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6) - A user's personal access token was successfully created or revoked ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6)
- A failed attempt to create or revoke a user's personal access token ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6) - A failed attempt to create or revoke a user's personal access token ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6)
- Administrator added or removed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/323905) in GitLab 14.1)
Instance events can also be accessed via the [Instance Audit Events API](../api/audit_events.md#instance-audit-events). Instance events can also be accessed via the [Instance Audit Events API](../api/audit_events.md#instance-audit-events).
......
...@@ -24,6 +24,7 @@ module EE ...@@ -24,6 +24,7 @@ module EE
audit_changes(:email, as: 'email address') audit_changes(:email, as: 'email address')
audit_changes(:encrypted_password, as: 'password', skip_changes: true) audit_changes(:encrypted_password, as: 'password', skip_changes: true)
audit_changes(:username, as: 'username') audit_changes(:username, as: 'username')
audit_changes(:admin, as: 'admin status')
success success
end end
......
...@@ -101,6 +101,26 @@ RSpec.describe Users::UpdateService do ...@@ -101,6 +101,26 @@ RSpec.describe Users::UpdateService do
stub_licensed_features(admin_audit_log: true) stub_licensed_features(admin_audit_log: true)
end end
context 'updating administrator status' do
let_it_be(:admin_user) { create(:admin) }
it 'logs making a user an administrator' do
expect do
update_user_as(admin_user, user, admin: true)
end.to change { AuditEvent.count }.by(1)
expect(AuditEvent.last.present.action).to eq('Changed admin status from false to true')
end
it 'logs making an administrator a user' do
expect do
update_user_as(admin_user, create(:admin), admin: false)
end.to change { AuditEvent.count }.by(1)
expect(AuditEvent.last.present.action).to eq('Changed admin status from true to false')
end
end
context 'updating username' do context 'updating username' do
it 'logs audit event' do it 'logs audit event' do
previous_username = user.username previous_username = user.username
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment