Fix Error 500 when deleting a pipeline via the API

GitLab EE has an admin audit log that attempts to call `full_path` on the entity for metadata. Unlike a project or a group, a CI pipeline doesn't have this; the best we could do is delegate the project path. For now, set the value to empty but fill in details of the destroyed pipeline. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55481

Fix Error 500 when deleting a pipeline via the API
GitLab EE has an admin audit log that attempts to call `full_path` on the entity for metadata. Unlike a project or a group, a CI pipeline doesn't have this; the best we could do is delegate the project path. For now, set the value to empty but fill in details of the destroyed pipeline. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55481
c3696602 · Stan Hu · 1a20f683 · c3696602 · c3696602 · c3696602
Commit c3696602 authored Jan 09, 2019 by Stan Hu
4 changed files
--- a/app/services/ci/destroy_pipeline_service.rb
+++ b/app/services/ci/destroy_pipeline_service.rb
@@ -5,9 +5,15 @@ module Ci
    def execute(pipeline)
      raise Gitlab::Access::AccessDeniedError unless can?(current_user, :destroy_pipeline, pipeline)

-      AuditEventService.new(current_user, pipeline).security_event
+      AuditEventService.new(current_user, pipeline, audit_details).security_event

      pipeline.destroy!
    end
+
+    def audit_details
+      {
+        custom_message: 'Destroyed pipeline'
+      }
+    end
  end
 end
--- a/ee/app/services/ee/audit_event_service.rb
+++ b/ee/app/services/ee/audit_event_service.rb
@@ -181,8 +181,12 @@ module EE
    end

    def add_security_event_admin_details!
+      # TODO: Entities such as projects and groups have a full path that
+      # we can log. However, objects such as CI pipelines do not have
+      # this. We could delegate this to the project path in the future, but
+      # for now, just set it to empty.
      @details.merge!(ip_address: ip_address,
-                      entity_path: @entity.full_path)
+                      entity_path: @entity.try(:full_path))
    end

    def custom_project_link_group_attributes(group_link)

--- a/ee/changelogs/unreleased/sh-fix-delete-pipeline-api.yml
+++ b/ee/changelogs/unreleased/sh-fix-delete-pipeline-api.yml
+---
+title: Fix Error 500 when deleting a pipeline via the API
+merge_request: 9104
+author:
+type: fixed
--- a/spec/services/ci/destroy_pipeline_service_spec.rb
+++ b/spec/services/ci/destroy_pipeline_service_spec.rb
@@ -19,11 +19,16 @@ describe ::Ci::DestroyPipelineService do

    context 'when audit events is enabled' do
      before do
-        stub_licensed_features(extended_audit_events: true)
+        stub_licensed_features(extended_audit_events: true, admin_audit_log: true)
      end

      it 'logs an audit event' do
        expect { subject }.to change { SecurityEvent.count }.by(1)
+
+        event = SecurityEvent.first
+        expect(event.entity_type).to eq('Ci::Pipeline')
+        expect(event.entity_id).to eq(pipeline.id)
+        expect(event.details[:custom_message]).to eq('Destroyed pipeline')
      end
    end