debian-mirror-gitlab/doc/api/audit_events.md

373 lines
11 KiB
Markdown
Raw Normal View History

2021-01-29 00:20:46 +05:30
---
2022-10-11 01:57:18 +05:30
stage: Govern
2021-03-08 18:12:59 +05:30
group: Compliance
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2021-09-30 23:02:18 +05:30
# Audit Events API **(PREMIUM)**
2019-12-26 22:10:19 +05:30
2023-04-23 21:23:45 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/121) in GitLab 12.4.
> - [Author Email added to the response body](https://gitlab.com/gitlab-org/gitlab/-/issues/386322) in GitLab 15.9.
2023-06-20 00:43:36 +05:30
> - Support for keyset pagination [added](https://gitlab.com/gitlab-org/gitlab/-/issues/367528) in GitLab 15.11.
2021-04-17 20:07:23 +05:30
2021-03-11 19:13:27 +05:30
## Instance Audit Events **(PREMIUM SELF)**
2019-12-21 20:55:43 +05:30
2020-11-24 15:15:51 +05:30
The Audit Events API allows you to retrieve [instance audit events](../administration/audit_events.md#instance-events).
2021-09-04 01:27:46 +05:30
This API cannot retrieve group or project audit events.
2019-12-21 20:55:43 +05:30
2023-04-23 21:23:45 +05:30
To retrieve audit events using the API, you must [authenticate yourself](rest/index.md#authentication) as an Administrator.
2019-12-21 20:55:43 +05:30
2019-12-26 22:10:19 +05:30
### Retrieve all instance audit events
2019-12-21 20:55:43 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-21 20:55:43 +05:30
GET /audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2021-10-27 15:23:28 +05:30
| `created_after` | string | no | Return audit events created on or after the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) |
| `created_before` | string | no | Return audit events created on or before the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) |
2019-12-21 20:55:43 +05:30
| `entity_type` | string | no | Return audit events for the given entity type. Valid values are: `User`, `Group`, or `Project`. |
2019-12-26 22:10:19 +05:30
| `entity_id` | integer | no | Return audit events for the given entity ID. Requires `entity_type` attribute to be present. |
2019-12-21 20:55:43 +05:30
2023-06-20 00:43:36 +05:30
This endpoint supports both offset-based and [keyset-based](rest/index.md#keyset-based-pagination) pagination. You should use keyset-based
pagination when requesting consecutive pages of results.
2019-12-21 20:55:43 +05:30
2023-04-23 21:23:45 +05:30
Read more on [pagination](rest/index.md#pagination).
2019-12-21 20:55:43 +05:30
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://primary.example.com/api/v4/audit_events"
2019-12-21 20:55:43 +05:30
```
Example response:
```json
[
{
"id": 1,
"author_id": 1,
"entity_id": 6,
"entity_type": "Project",
"details": {
"custom_message": "Project archived",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-21 20:55:43 +05:30
"target_id": "flightjs/flight",
"target_type": "Project",
"target_details": "flightjs/flight",
"ip_address": "127.0.0.1",
"entity_path": "flightjs/flight"
},
"created_at": "2019-08-30T07:00:41.885Z"
},
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"add": "group",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-21 20:55:43 +05:30
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-27T18:36:44.162Z"
},
{
"id": 3,
"author_id": 51,
"entity_id": 51,
"entity_type": "User",
"details": {
"change": "email address",
"from": "hello@flightjs.com",
"to": "maintainer@flightjs.com",
"author_name": "Andreas",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-21 20:55:43 +05:30
"target_id": 51,
"target_type": "User",
"target_details": "Andreas",
"ip_address": null,
"entity_path": "Andreas"
},
"created_at": "2019-08-22T16:34:25.639Z"
}
]
```
2019-12-26 22:10:19 +05:30
### Retrieve single instance audit event
2019-12-21 20:55:43 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-21 20:55:43 +05:30
GET /audit_events/:id
```
2020-04-08 14:13:33 +05:30
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer | yes | The ID of the audit event |
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://primary.example.com/api/v4/audit_events/1"
2019-12-21 20:55:43 +05:30
```
Example response:
```json
{
"id": 1,
"author_id": 1,
"entity_id": 6,
"entity_type": "Project",
"details": {
"custom_message": "Project archived",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-21 20:55:43 +05:30
"target_id": "flightjs/flight",
"target_type": "Project",
"target_details": "flightjs/flight",
"ip_address": "127.0.0.1",
"entity_path": "flightjs/flight"
},
"created_at": "2019-08-30T07:00:41.885Z"
}
```
2019-12-26 22:10:19 +05:30
2021-09-30 23:02:18 +05:30
## Group Audit Events
2019-12-26 22:10:19 +05:30
2022-08-13 15:12:31 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34078) in GitLab 12.5.
2023-06-20 00:43:36 +05:30
> - Support for keyset pagination [added](https://gitlab.com/gitlab-org/gitlab/-/issues/333968) in GitLab 15.2.
2019-12-26 22:10:19 +05:30
2020-11-24 15:15:51 +05:30
The Group Audit Events API allows you to retrieve [group audit events](../administration/audit_events.md#group-events).
2021-09-04 01:27:46 +05:30
This API cannot retrieve project audit events.
2019-12-26 22:10:19 +05:30
2022-08-27 11:52:29 +05:30
A user with:
2019-12-26 22:10:19 +05:30
2022-08-27 11:52:29 +05:30
- The Owner role can retrieve group audit events of all users.
- The Developer or Maintainer role is limited to group audit events based on their individual actions.
2022-08-13 15:12:31 +05:30
2023-04-23 21:23:45 +05:30
This endpoint supports both offset-based and [keyset-based](rest/index.md#keyset-based-pagination) pagination. Keyset-based
2022-08-27 11:52:29 +05:30
pagination is recommended when requesting consecutive pages of results.
2022-08-13 15:12:31 +05:30
2019-12-26 22:10:19 +05:30
### Retrieve all group audit events
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-26 22:10:19 +05:30
GET /groups/:id/audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2023-04-23 21:23:45 +05:30
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
2021-10-27 15:23:28 +05:30
| `created_after` | string | no | Return group audit events created on or after the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ)` |
| `created_before` | string | no | Return group audit events created on or before the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) |
2019-12-26 22:10:19 +05:30
By default, `GET` requests return 20 results at a time because the API results
are paginated.
2023-04-23 21:23:45 +05:30
Read more on [pagination](rest/index.md#pagination).
2019-12-26 22:10:19 +05:30
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://primary.example.com/api/v4/groups/60/audit_events"
2019-12-26 22:10:19 +05:30
```
Example response:
```json
[
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"custom_message": "Group marked for deletion",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-26 22:10:19 +05:30
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-28T19:36:44.162Z"
},
{
"id": 1,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"add": "group",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-26 22:10:19 +05:30
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-27T18:36:44.162Z"
}
]
```
### Retrieve a specific group audit event
Only available to group owners and administrators.
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-26 22:10:19 +05:30
GET /groups/:id/audit_events/:audit_event_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2023-04-23 21:23:45 +05:30
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
2020-04-08 14:13:33 +05:30
| `audit_event_id` | integer | yes | The ID of the audit event |
2019-12-26 22:10:19 +05:30
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://primary.example.com/api/v4/groups/60/audit_events/2"
2019-12-26 22:10:19 +05:30
```
Example response:
```json
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"custom_message": "Group marked for deletion",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2019-12-26 22:10:19 +05:30
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-28T19:36:44.162Z"
}
```
2020-06-23 00:09:42 +05:30
2021-09-30 23:02:18 +05:30
## Project Audit Events
2020-06-23 00:09:42 +05:30
2023-05-27 22:25:52 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/219238) in GitLab 13.1.
2023-06-20 00:43:36 +05:30
> - Support for keyset pagination [added](https://gitlab.com/gitlab-org/gitlab/-/issues/367528) in GitLab 15.10.
2020-06-23 00:09:42 +05:30
2020-11-24 15:15:51 +05:30
The Project Audit Events API allows you to retrieve [project audit events](../administration/audit_events.md#project-events).
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
A user with a Maintainer role (or above) can retrieve project audit events of all users.
A user with a Developer role is limited to project audit events based on their individual actions.
2020-06-23 00:09:42 +05:30
2023-05-27 22:25:52 +05:30
When requesting consecutive pages of results, you should use [keyset pagination](rest/index.md#keyset-based-pagination).
2020-06-23 00:09:42 +05:30
### Retrieve all project audit events
```plaintext
GET /projects/:id/audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2023-04-23 21:23:45 +05:30
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) |
2021-10-27 15:23:28 +05:30
| `created_after` | string | no | Return project audit events created on or after the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) |
| `created_before` | string | no | Return project audit events created on or before the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) |
2020-06-23 00:09:42 +05:30
By default, `GET` requests return 20 results at a time because the API results
are paginated.
2023-04-23 21:23:45 +05:30
Read more on [pagination](rest/index.md#pagination).
2020-06-23 00:09:42 +05:30
```shell
2021-02-22 17:27:13 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://primary.example.com/api/v4/projects/7/audit_events"
2020-06-23 00:09:42 +05:30
```
Example response:
```json
[
{
"id": 5,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
2022-01-26 12:08:38 +05:30
"change": "prevent merge request approval from committers",
2020-06-23 00:09:42 +05:30
"from": "",
"to": "true",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2020-06-23 00:09:42 +05:30
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.230Z"
},
{
"id": 4,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from authors",
"from": "false",
"to": "true",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2020-06-23 00:09:42 +05:30
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.218Z"
}
]
```
### Retrieve a specific project audit event
2022-04-04 11:22:00 +05:30
Only available to users with at least the Maintainer role for the project.
2020-06-23 00:09:42 +05:30
```plaintext
GET /projects/:id/audit_events/:audit_event_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2023-04-23 21:23:45 +05:30
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) |
2020-06-23 00:09:42 +05:30
| `audit_event_id` | integer | yes | The ID of the audit event |
```shell
2021-02-22 17:27:13 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://primary.example.com/api/v4/projects/7/audit_events/5"
2020-06-23 00:09:42 +05:30
```
Example response:
```json
{
"id": 5,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
2022-01-26 12:08:38 +05:30
"change": "prevent merge request approval from committers",
2020-06-23 00:09:42 +05:30
"from": "",
"to": "true",
"author_name": "Administrator",
2023-04-23 21:23:45 +05:30
"author_email": "admin@example.com",
2020-06-23 00:09:42 +05:30
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.230Z"
}
```