Add audit events for categories and attributes changes
What does this MR do and why?
This MR implements audit event logging for security categories and attributes management operations in GitLab's security risk management feature. It adds audit events for all CRUD operations on security categories and attributes, as well as project-attribute associations.
Changelog: added EE: true
References
New audit events added:
Security Categories:
-
security_category_created- When a security category is created -
security_category_updated- When a security category is updated -
security_category_deleted- When a security category is deleted
Security Attributes:
-
security_attribute_created- When a security attribute is created -
security_attribute_updated- When a security attribute is updated -
security_attribute_deleted- When a security attribute is deleted -
security_attribute_attached_to_project- When a security attribute is attached to a project -
security_attribute_detached_from_project- When a security attribute is detached from a project
Key Changes
-
Service Layer Updates: Modified all security category and attribute services to generate audit events:
Security::Categories::CreateServiceSecurity::Categories::UpdateServiceSecurity::Categories::DestroyServiceSecurity::Attributes::CreateServiceSecurity::Attributes::UpdateServiceSecurity::Attributes::DestroyServiceSecurity::Attributes::UpdateProjectAttributesService
-
Audit Event Configuration: Added YAML configuration files for all 7 new audit event types in
ee/config/audit_events/types/ - Documentation: Updated the audit event types documentation to include the new security risk management section
- Test Coverage: Added comprehensive test coverage for all audit events, including verification of event details and proper scoping
Technical Implementation
- Uses GitLab's standard audit event framework with
Gitlab::Audit::Auditor - Events are properly scoped (Group-level for categories/attributes, Project-level for project associations)
- Includes detailed metadata in audit events (names, descriptions, colors, updated fields, etc.)
- Follows established patterns for audit event creation and queuing
This enhancement provides complete audit trail visibility for security risk management operations, supporting compliance and security monitoring requirements.
How to validate
Prerequisites
- Enable the required feature flags:
Feature.enable(:security_categories_and_attributes)
Feature.enable(:security_context_labels)Manual Testing
-
Access Security Configuration
- Navigate to a group page
- From the sidebar, go to "Secure -> Security configuration"
-
Test Attribute Operations
- Create new security categories with attributes
- Update existing security attributes
- Delete security attributes
-
Test Project Attribute Connections
- Go to a project
- Navigate to "Secure -> Security Configuration -> Security Attributes"
- Attach attributes to the project
- Detach attributes from the project
-
Verify Audit Events
- Navigate to "Secure -> Audit events" (at group level)
- Verify audit events are created for:
- Security attribute creation, updates, and deletion
- Project attribute attachments and detachments
- Check audit event structure includes proper attribute details and category information
-
Console Verification (Optional)
# Inspect recent audit events AuditEvent.last(5).each { |event| puts event.details.inspect }
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.