Filtering team-added-to-pipeline audit events to pipeline

Hey all!

I’m trying to get together some GraphQL queries for our runbooks. One thing I’m stumped by is how do I find modifications for the teams that have permissions on the pipeline. This feels like an important event to keep track of just to know what’s going on around our infrastructure, but am kind of stumped on how to filter the events for a given pipeline. The query I’m starting with is

query auditEventsForPipeline($orgSlug: ID!) {
  organization(slug: $orgSlug) {
    auditEvents(first: 500, type: TEAM_PIPELINE_CREATED) {
      edges {
        node {
          type
          occurredAt
          actor {
            name
          }
          subject {
            id
            name
            type
            uuid
          }
          data
        }
      }
    }
  }
}

and I can see the events, but the subject appears to be, without knowing what’s going on, the row in the join table between teams and pipelines?

"subject": {
  "id": "QASDFASDFASDFASDFASDFASDFASDFASDF",
  "name": null,
  "type": "TEAM_PIPELINE",
  "uuid": "01234567-89ab-cdef-0123-456789abcdef"
},

Is there a way to filter the events for a specific pipeline? Or, if I’m interested in a specific pipeline, do I just have to crawl all audit entries of type TEAM_PIPELINE_CREATED? Or maybe I’m looking at the wrong event type?

Thanks!

Hello Abhishek,

Well spotted the subject represents a row of an internal table between team and pipeline.

If you are interested in a specific pipeline, you can filter by subject’s GraphQL ID:

auditEvents(first: 500, subject: "pipeline-graphql-id") { 
  ...
}

GraphQL ID is an encoded representation of subject’s usual ID.

Try filter a pipeline query from the GraphQL console

Then you can also add type: PIPELINE_UPDATED for events you’re interested in.

To get pipelines’s graphql ID, here is the query

query auditEventsForPipeline {
  organization(slug: "your-org-slug") {
    pipelines(first: 500) {
      edges {
        node {
          id
        }
      }
    }
  }
}

Hope this helps!
Juanito

Hey! Unfortunately that doesn’t seem to work for specifically the TEAM_PIPELINE_CREATED since the subject who’s GraphQL ID I need is… the join table row? At the least what I can see from my side is that using the pipeline’s GraphQL ID as the subject results in an empty result for a pipeline which does have a team associated with it. I’ve tried getting the GraphQL ID from both the Pipeline’s settings, as well as from the query you sent

Just reread your response and you suggested to leverage PIPELINE_UPDATED. I’ve given that a shot with the query

query auditEventsForPipeline($orgSlug: ID!, $subject: [ID!]) {
  organization(slug: $orgSlug) {
    auditEvents(first: 500, type: PIPELINE_UPDATED, subject: $subject) {
      edges {
        node {
          type
          occurredAt
          actor {
            name
          }
          subject {
            id
            name
            type
            uuid
          }
          data
        }
      }
    }
  }
}

But grepping for a team that my pipeline does grant access to in the result finds no matches :confused:

Hi Abhishek,

Sorry, the PIPELINE_UPDATED was an example if you’re interested in that event. Wasn’t meant to solve your case.

I think to get what you want, you filter by events you’re interested in and a date period:

query {
  organization(slug: "your-org-slug") {
    auditEvents(type: [TEAM_PIPELINE_UPDATED, TEAM_PIPELINE_CREATED, TEAM_PIPELINE_DELETED] first:500 occurredAtFrom: "2021-06-01" occurredAtTo: "2021-06-30") {
      edges {
        node {
          data
          type
        }
      }
    }
  }
}

The response looks like this

{
  "data": {
    "organization": {
      "auditEvents": {
        "edges": [
          {
            "node": {
              "data": "{\n  \"team\": {\n    \"name\": \"Team A\",\n    \"uuid\": \"123456-97db-4d67-b0e1-123456789012\"\n  },\n  \"pipeline\": {\n    \"name\": \"Pipeline A\",\n    \"uuid\": \"12345678-dfae-432b-a1a6-123456789098\"\n  },\n  \"access_level\": \"read_only\"\n}",
              "type": "TEAM_PIPELINE_CREATED"
            }
          },
          {
            "node": {
              "data": "{\n  \"team\": {\n    \"name\": \"Team B\",\n    \"uuid\": \"123456-97db-4d67-b0e1-1234567890987\"\n  },\n  \"pipeline\": {\n    \"name\": \"Pipeline B\",\n    \"uuid\": \"1qasderf-731b-4b50-8c4c-123wsdfr4567\"\n  },\n  \"access_level\": \"manage_build_and_read\"\n}",
              "type": "TEAM_PIPELINE_UPDATED"
            }
          }
        ]
      }
    }
  }
}

which should help you achieve what you’re doing. You can change the date range to audit events in other months.

Hope this helps you :slight_smile:

Cheers,
Juanito

Thanks that makes sense. The part I’m still unfortunately having trouble with is combining the two answers. I can get the relevant audit events of team pipeline associations, and relevant events for a specific pipeline updates. But I cannot get team-pipeline association changes for a specific pipeline, because the subject for the team_pipeline related audit events is completely opaque to users? This feels like this should be a doable operation as it seems like a very reasonable thing to want to know when a team was granted/ungranted access to a specific pipeline?

Hey @amukherjee,

Yup, it seems you are correct.
An alternative is to get the information you need from data (which is a json).

Cheers!