Merge branch '7531-audit-approval-list-changes' into 'master'

Audit number of required approvals changes at project level

See merge request gitlab-org/gitlab!26553

doc/administration/audit_events.md

@@ -81,6 +81,7 @@ From there, you can see the following actions:
 - Release milestone associations changed
 - Permission to approve merge requests by committers was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/7531) in GitLab 12.9)
 - Permission to approve merge requests by authors was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/7531) in GitLab 12.9)
+- Number of required approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/7531) in GitLab 12.9)
 
 ### Instance events **(PREMIUM ONLY)**
 

ee/app/services/concerns/approval_rules/updater.rb

@@ -2,13 +2,17 @@
 
 module ApprovalRules
   module Updater
+    include EE::Audit::Changes # rubocop: disable Cop/InjectEnterpriseEditionModule
+
     def action
       filter_eligible_users!
       filter_eligible_groups!
       filter_eligible_protected_branches!
 
       if rule.update(params)
+        log_audit_event(rule)
         rule.reset
+
         success
       else
         error(rule.errors.messages)
@@ -41,5 +45,14 @@ module ApprovalRules
           .id_in(protected_branch_ids)
           .for_project(project)
     end
+
+    def log_audit_event(rule)
+      audit_changes(
+        :approvals_required,
+        as: 'number of required approvals',
+        entity: rule.project,
+        model: rule
+      )
+    end
   end
 end

ee/changelogs/unreleased/7531-audit-approval-list-changes.yml

+---
+title: Audit number of required approvals changes
+merge_request: 7531
+author:
+type: added

ee/spec/services/approval_rules/update_service_spec.rb

@@ -5,7 +5,7 @@ require 'spec_helper'
 describe ApprovalRules::UpdateService do
   let(:project) { create(:project) }
   let(:user) { project.creator }
-  let(:approval_rule) { target.approval_rules.create(name: 'foo') }
+  let(:approval_rule) { target.approval_rules.create(name: 'foo', approvals_required: 2) }
 
   shared_examples 'editable' do
     let(:new_approvers) { create_list(:user, 2) }
@@ -190,6 +190,61 @@ describe ApprovalRules::UpdateService do
         end
       end
     end
+
+    describe 'audit events' do
+      subject(:operation) do
+        described_class.new(
+          approval_rule,
+          user,
+          name: 'developers',
+          approvals_required: 1
+        ).execute
+      end
+
+      context 'when licensed' do
+        before do
+          stub_licensed_features(audit_events: true)
+        end
+
+        context 'when rule update operation succeeds' do
+          it 'logs an audit event' do
+            expect { operation }.to change { AuditEvent.count }.by(1)
+          end
+
+          it 'logs the audit event info' do
+            operation
+
+            expect(AuditEvent.last).to have_attributes(
+              details: hash_including(change: 'number of required approvals', from: 2, to: 1)
+            )
+          end
+        end
+
+        context 'when rule update operation fails' do
+          before do
+            allow(approval_rule).to receive(:update).and_return(false)
+          end
+
+          it 'does not log any audit event' do
+            expect { operation }.not_to change { AuditEvent.count }
+          end
+        end
+      end
+
+      context 'when not licensed' do
+        before do
+          stub_licensed_features(
+            admin_audit_log: false,
+            audit_events: false,
+            extended_audit_events: false
+          )
+        end
+
+        it 'does not log any audit event' do
+          expect { operation }.not_to change { AuditEvent.count }
+        end
+      end
+    end
   end
 
   context 'when target is merge request' do