Disable audit event logging for pipeline destruction

AuditEventService isn't equipped to handle logging of the destruction of entities such as CI pipelines. It's a project-level event that operates on a pipeline. Rather than pollute the database with information that doesn't quite fit in the schema, let's remove it altogether.

Disable audit event logging for pipeline destruction
AuditEventService isn't equipped to handle logging of the destruction of entities such as CI pipelines. It's a project-level event that operates on a pipeline. Rather than pollute the database with information that doesn't quite fit in the schema, let's remove it altogether.
0c0e6440 · Stan Hu · c3696602 · 0c0e6440 · 0c0e6440 · 0c0e6440
Commit 0c0e6440 authored Jan 10, 2019 by Stan Hu
4 changed files
--- a/app/services/ci/destroy_pipeline_service.rb
+++ b/app/services/ci/destroy_pipeline_service.rb
@@ -5,15 +5,7 @@ module Ci
    def execute(pipeline)
      raise Gitlab::Access::AccessDeniedError unless can?(current_user, :destroy_pipeline, pipeline)

-      AuditEventService.new(current_user, pipeline, audit_details).security_event
-
      pipeline.destroy!
    end
-
-    def audit_details
-      {
-        custom_message: 'Destroyed pipeline'
-      }
-    end
  end
 end
--- a/ee/app/services/ee/audit_event_service.rb
+++ b/ee/app/services/ee/audit_event_service.rb
@@ -181,12 +181,8 @@ module EE
    end

    def add_security_event_admin_details!
-      # TODO: Entities such as projects and groups have a full path that
-      # we can log. However, objects such as CI pipelines do not have
-      # this. We could delegate this to the project path in the future, but
-      # for now, just set it to empty.
      @details.merge!(ip_address: ip_address,
-                      entity_path: @entity.try(:full_path))
+                      entity_path: @entity.full_path)
    end

    def custom_project_link_group_attributes(group_link)

--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
@@ -458,11 +458,11 @@ describe API::Pipelines do

      context 'when audit events is enabled' do
        before do
-          stub_licensed_features(extended_audit_events: true)
+          stub_licensed_features(extended_audit_events: true, admin_audit_log: true)
        end

-        it 'logs an audit event' do
-          expect { delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", owner) }.to change { SecurityEvent.count }.by(1)
+        it 'does not log an audit event' do
+          expect { delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", owner) }.not_to change { SecurityEvent.count }
        end
      end


--- a/spec/services/ci/destroy_pipeline_service_spec.rb
+++ b/spec/services/ci/destroy_pipeline_service_spec.rb
@@ -22,13 +22,8 @@ describe ::Ci::DestroyPipelineService do
        stub_licensed_features(extended_audit_events: true, admin_audit_log: true)
      end

-      it 'logs an audit event' do
-        expect { subject }.to change { SecurityEvent.count }.by(1)
-
-        event = SecurityEvent.first
-        expect(event.entity_type).to eq('Ci::Pipeline')
-        expect(event.entity_id).to eq(pipeline.id)
-        expect(event.details[:custom_message]).to eq('Destroyed pipeline')
+      it 'does not log an audit event' do
+        expect { subject }.not_to change { SecurityEvent.count }
      end
    end