Merge branch '299943-follow-up-from-project-access-token-api' into 'master'

Project access token audit events- Log token id instead of user id See merge request gitlab-org/gitlab!52535

Merge branch '299943-follow-up-from-project-access-token-api' into 'master'
Project access token audit events- Log token id instead of user id See merge request gitlab-org/gitlab!52535
e6dff31c · Robert Speicher · 260e0afc · 85c58c0e · e6dff31c · e6dff31c
Commit e6dff31c authored Jan 28, 2021 by Robert Speicher
5 changed files
--- a/ee/app/services/ee/resource_access_tokens/create_service.rb
+++ b/ee/app/services/ee/resource_access_tokens/create_service.rb
@@ -13,7 +13,7 @@ module EE

      def audit_event_service(token, response)
        message = if response.success?
-                    "Created #{resource_type} access token with id: #{token.user.id} with scopes: #{token.scopes}"
+                    "Created #{resource_type} access token with token_id: #{token.id} with scopes: #{token.scopes}"
                  else
                    "Attempted to create #{resource_type} access token but failed with message: #{response.message}"
                  end

--- a/ee/app/services/ee/resource_access_tokens/revoke_service.rb
+++ b/ee/app/services/ee/resource_access_tokens/revoke_service.rb
@@ -5,7 +5,7 @@ module EE
    module RevokeService
      def execute
        super.tap do |response|
-          audit_event_service(bot_user, response)
+          audit_event_service(access_token, response)
        end
      end

@@ -13,15 +13,15 @@ module EE

      def audit_event_service(token, response)
        message = if response.success?
-                    "Revoked #{resource.class.name.downcase} access token with id: #{bot_user.id}"
+                    "Revoked #{resource.class.name.downcase} access token with token_id: #{access_token.id}"
                  else
-                    "Attempted to revoke #{resource.class.name.downcase} access token with id: #{bot_user.id}, but failed with message: #{response.message}"
+                    "Attempted to revoke #{resource.class.name.downcase} access token with token_id: #{access_token.id}, but failed with message: #{response.message}"
                  end

        ::AuditEventService.new(
          current_user,
          resource,
-          target_details: bot_user.name,
+          target_details: access_token.user.name,
          action: :custom,
          custom_message: message,
          ip_address: current_user.current_sign_in_ip

--- a/ee/changelogs/unreleased/299943-follow-up-from-project-access-token-api.yml
+++ b/ee/changelogs/unreleased/299943-follow-up-from-project-access-token-api.yml
+---
+title: Log token_id in project access token audit events instead of user_id
+merge_request: 52535
+author:
+type: changed
--- a/ee/spec/services/resource_access_tokens/create_service_spec.rb
+++ b/ee/spec/services/resource_access_tokens/create_service_spec.rb
@@ -85,7 +85,7 @@ RSpec.describe ResourceAccessTokens::CreateService do

          audit_event = AuditEvent.where(author_id: user.id).last

-          expect(audit_event.details[:custom_message]).to eq("Created project access token with id: #{response.payload[:access_token].user.id} with scopes: #{response.payload[:access_token].scopes}")
+          expect(audit_event.details[:custom_message]).to eq("Created project access token with token_id: #{response.payload[:access_token].id} with scopes: #{response.payload[:access_token].scopes}")
          expect(audit_event.details[:target_details]).to match(response.payload[:access_token].user.name)
        end
      end

--- a/ee/spec/services/resource_access_tokens/revoke_service_spec.rb
+++ b/ee/spec/services/resource_access_tokens/revoke_service_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do

        audit_event = AuditEvent.where(author_id: user.id).last

-        expect(audit_event.details[:custom_message]).to match(/Revoked project access token with id: \d+/)
+        expect(audit_event.details[:custom_message]).to match(/Revoked project access token with token_id: \d+/)
        expect(audit_event.details[:target_details]).to eq(access_token.user.name)
      end
    end
@@ -56,7 +56,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
        it 'logs the find error message' do
          subject

-          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with id: \d+, but failed with message: Failed to find bot user/)
+          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with token_id: \d+, but failed with message: Failed to find bot user/)
        end
      end

@@ -71,7 +71,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
        it 'logs the permission error message' do
          subject

-          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with id: \d+, but failed with message: #{user.name} cannot delete #{access_token.user.name}/)
+          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with token_id: \d+, but failed with message: #{user.name} cannot delete #{access_token.user.name}/)
        end
      end
    end