Add audit logs when unassigning CI runner from a project

Changelog: added EE: true

Add audit logs when unassigning CI runner from a project
Changelog: added EE: true
25f9eb27 · Pedro Pombeiro · 0f1d1f62 · 25f9eb27 · 25f9eb27 · 25f9eb27
Commit 25f9eb27 authored Feb 24, 2022 by Pedro Pombeiro
4 changed files
--- a/app/services/ci/runners/unassign_runner_service.rb
+++ b/app/services/ci/runners/unassign_runner_service.rb
@@ -16,6 +16,12 @@ module Ci
        @runner_project.destroy
      end
+      private
+      attr_reader :runner_project, :user
    end
  end
 end
+Ci::Runners::UnassignRunnerService.prepend_mod
--- a/ee/app/services/ee/ci/runners/unassign_runner_service.rb
+++ b/ee/app/services/ee/ci/runners/unassign_runner_service.rb
+# frozen_string_literal: true
+module EE
+  module Ci
+    module Runners
+      module UnassignRunnerService
+        extend ::Gitlab::Utils::Override
+        include ::Audit::Changes
+        override :execute
+        def execute
+          runner = runner_project.runner
+          project = runner_project.project
+          result = super
+          audit_log_event(runner, project) if result
+          result
+        end
+        private
+        AUDIT_MESSAGE = 'Unassigned CI runner from project'
+        def audit_log_event(runner, project)
+          ::AuditEvents::RunnerCustomAuditEventService.new(runner, user, project, AUDIT_MESSAGE).track_event
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/services/ci/runners/unassign_runner_service_spec.rb
+++ b/ee/spec/services/ci/runners/unassign_runner_service_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe ::Ci::Runners::UnassignRunnerService, '#execute' do
+  let_it_be(:owner_project) { create(:project) }
+  let_it_be(:other_project) { create(:project) }
+  let_it_be(:project_runner) { create(:ci_runner, :project, projects: [owner_project, other_project]) }
+  let(:runner_project) { project_runner.runner_projects.last }
+  let(:audit_service) { instance_double(::AuditEvents::RunnerCustomAuditEventService) }
+  subject { described_class.new(runner_project, user).execute }
+  context 'with unauthorized user' do
+    let(:user) { build(:user) }
+    it 'does not call assign_to on runner and returns false', :aggregate_failures do
+      expect(project_runner).not_to receive(:assign_to)
+      expect(::AuditEvents::RunnerCustomAuditEventService).not_to receive(:new)
+      is_expected.to be_falsey
+    end
+  end
+  context 'with admin user', :enable_admin_mode do
+    let(:user) { create_default(:admin) }
+    before do
+      expect(audit_service).to receive(:track_event).once.and_return('track_event_return_value')
+    end
+    it 'calls track_event on RunnerCustomAuditEventService and returns the runner_project', :aggregate_failures do
+      expect(runner_project).to receive(:destroy).once.and_call_original
+      expect(::AuditEvents::RunnerCustomAuditEventService).to receive(:new)
+        .with(project_runner, user, other_project, 'Unassigned CI runner from project')
+        .once.and_return(audit_service)
+      is_expected.to eq(runner_project)
+    end
+  end
+end
--- a/spec/services/ci/runners/unassign_runner_service_spec.rb
+++ b/spec/services/ci/runners/unassign_runner_service_spec.rb
@@ -10,6 +10,10 @@ RSpec.describe ::Ci::Runners::UnassignRunnerService, '#execute' do
  let(:runner_project) { runner.runner_projects.last }
+  before do
+    allow(runner_project).to receive(:project).and_return(project)
+  end
  context 'without user' do
    let(:user) { nil }