Commit 75ac49a4 authored by Stan Hu's avatar Stan Hu

Merge branch '235758-track-ci-secrets-management-vault-usage' into 'master'

Track usage for CI Secrets (Vault)

See merge request gitlab-org/gitlab!46515
parents 98afd74f fabac744
---
title: Track usage of CI Secrets Management (Vault secrets)
merge_request: 46515
author:
type: added
---
name: usage_data_i_ci_secrets_management_vault_build_created
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46515
rollout_issue_url:
milestone: '13.6'
type: development
group: group::release management
default_enabled: true
......@@ -31,6 +31,7 @@ module EE
has_many :security_scans, class_name: 'Security::Scan'
after_save :stick_build_if_status_changed
after_commit :track_ci_secrets_management_usage, on: :create
delegate :service_specification, to: :runner_session, allow_nil: true
scope :license_scan, -> { joins(:job_artifacts).merge(::Ci::JobArtifact.license_scanning_reports) }
......@@ -135,6 +136,8 @@ module EE
end
def ci_secrets_management_available?
return false unless project
project.feature_available?(:ci_secrets_management)
end
......@@ -172,6 +175,13 @@ module EE
end.keys
end
end
def track_ci_secrets_management_usage
return unless ::Feature.enabled?(:usage_data_i_ci_secrets_management_vault_build_created, default_enabled: true)
return unless ci_secrets_management_available? && secrets?
::Gitlab::UsageDataCounters::HLLRedisCounter.track_event(user_id, 'i_ci_secrets_management_vault_build_created')
end
end
end
end
......@@ -15,6 +15,17 @@ RSpec.describe Ci::Build do
let(:job) { create(:ci_build, pipeline: pipeline) }
let(:artifact) { create(:ee_ci_job_artifact, :sast, job: job, project: job.project) }
let(:valid_secrets) do
{
DATABASE_PASSWORD: {
vault: {
engine: { name: 'kv-v2', path: 'kv-v2' },
path: 'production/db',
field: 'password'
}
}
}
end
describe '.license_scan' do
subject(:build) { described_class.license_scan.first }
......@@ -475,7 +486,15 @@ RSpec.describe Ci::Build do
end
describe 'ci_secrets_management_available?' do
subject(:build) { job.ci_secrets_management_available? }
subject { job.ci_secrets_management_available? }
context 'when build has no project' do
before do
job.update!(project: nil)
end
it { is_expected.to be false }
end
context 'when secrets management feature is available' do
before do
......@@ -495,18 +514,6 @@ RSpec.describe Ci::Build do
end
describe '#runner_required_feature_names' do
let(:valid_secrets) do
{
DATABASE_PASSWORD: {
vault: {
engine: { name: 'kv-v2', path: 'kv-v2' },
path: 'production/db',
field: 'password'
}
}
}
end
let(:build) { create(:ci_build, secrets: secrets) }
subject { build.runner_required_feature_names }
......@@ -547,4 +554,56 @@ RSpec.describe Ci::Build do
end
end
end
describe "secrets management usage data" do
context 'when secrets management feature is not available' do
before do
stub_licensed_features(ci_secrets_management: false)
end
it 'does not track unique users' do
expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event)
create(:ci_build, secrets: valid_secrets)
end
end
context 'when secrets management feature is available' do
before do
stub_licensed_features(ci_secrets_management: true)
end
context 'when there are secrets defined' do
context 'on create' do
it 'tracks unique users' do
ci_build = build(:ci_build, secrets: valid_secrets)
expect(Gitlab::UsageDataCounters::HLLRedisCounter).to receive(:track_event).with(ci_build.user_id, 'i_ci_secrets_management_vault_build_created')
ci_build.save!
end
end
context 'on update' do
it 'does not track unique users' do
ci_build = create(:ci_build, secrets: valid_secrets)
expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event)
ci_build.success
end
end
end
end
context 'when there are no secrets defined' do
let(:secrets) { {} }
it 'does not track unique users' do
expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event)
create(:ci_build, secrets: {})
end
end
end
end
......@@ -319,3 +319,8 @@
category: issues_edit
redis_slot: project_management
aggregation: daily
# Secrets Management
- name: i_ci_secrets_management_vault_build_created
category: ci_secrets_management
redis_slot: ci_secrets_management
aggregation: weekly
......@@ -20,7 +20,10 @@ RSpec.describe Gitlab::UsageDataCounters::HLLRedisCounter, :clean_gitlab_redis_s
describe '.categories' do
it 'gets all unique category names' do
expect(described_class.categories).to contain_exactly('analytics', 'compliance', 'ide_edit', 'search', 'source_code', 'incident_management', 'issues_edit', 'testing')
expect(described_class.categories).to contain_exactly(
'analytics', 'compliance', 'ide_edit', 'search', 'source_code',
'incident_management', 'issues_edit', 'testing', 'ci_secrets_management'
)
end
end
......
......@@ -1216,7 +1216,7 @@ RSpec.describe Gitlab::UsageData, :aggregate_failures do
subject { described_class.redis_hll_counters }
let(:categories) { ::Gitlab::UsageDataCounters::HLLRedisCounter.categories }
let(:ineligible_total_categories) { %w[source_code testing] }
let(:ineligible_total_categories) { %w[source_code testing ci_secrets_management] }
it 'has all known_events' do
expect(subject).to have_key(:redis_hll_counters)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment