diff options
Diffstat (limited to 'lib/gitlab/audit/auditor.rb')
-rw-r--r-- | lib/gitlab/audit/auditor.rb | 44 |
1 files changed, 38 insertions, 6 deletions
diff --git a/lib/gitlab/audit/auditor.rb b/lib/gitlab/audit/auditor.rb index 4a6e4e2e06e..fddc1f830aa 100644 --- a/lib/gitlab/audit/auditor.rb +++ b/lib/gitlab/audit/auditor.rb @@ -59,7 +59,8 @@ module Gitlab @context = context @name = @context.fetch(:name, 'audit_operation') - @stream_only = @context.fetch(:stream_only, false) + @is_audit_event_yaml_defined = Gitlab::Audit::Type::Definition.defined?(@name) + @stream_only = stream_only? @author = @context.fetch(:author) @scope = @context.fetch(:scope) @target = @context.fetch(:target) @@ -70,6 +71,14 @@ module Gitlab @target_details = @context[:target_details] @authentication_event = @context.fetch(:authentication_event, false) @authentication_provider = @context[:authentication_provider] + + # TODO: Remove this code once we close https://gitlab.com/gitlab-org/gitlab/-/issues/367870 + return unless @is_audit_event_yaml_defined + + # rubocop:disable Gitlab/RailsLogger + Rails.logger.warn('WARNING: Logging audit events without an event type definition will be deprecated soon.') + Rails.logger.warn('See https://docs.gitlab.com/ee/development/audit_event_guide/#event-type-definitions') + # rubocop:enable Gitlab/RailsLogger end def single_audit @@ -84,14 +93,23 @@ module Gitlab end def record(events) - log_events(events) unless @stream_only - send_to_stream(events) + @stream_only ? send_to_stream(events) : log_events_and_stream(events) end - def log_events(events) + def log_events_and_stream(events) log_authentication_event - log_to_database(events) + saved_events = log_to_database(events) + + # we only want to override events with saved_events when it successfully saves into database. + # we are doing so to ensure events in memory reflects events saved in database and have id column. + events = saved_events if saved_events.present? + + log_to_file_and_stream(events) + end + + def log_to_file_and_stream(events) log_to_file(events) + send_to_stream(events) end def audit_enabled? @@ -102,6 +120,14 @@ module Gitlab @authentication_event end + def stream_only? + if @is_audit_event_yaml_defined + Gitlab::Audit::Type::Definition.stream_only?(@name) + else + @context.fetch(:stream_only, false) + end + end + def log_authentication_event return unless Gitlab::Database.read_write? && authentication_event? @@ -145,7 +171,13 @@ module Gitlab end def log_to_database(events) - AuditEvent.bulk_insert!(events) + if events.one? + events.first.save! + events + else + event_ids = AuditEvent.bulk_insert!(events, returns: :ids) + AuditEvent.id_in(event_ids) + end rescue ActiveRecord::RecordInvalid => e ::Gitlab::ErrorTracking.track_exception(e, audit_operation: @name) end |