Identity Platform CI/CD Auditlog Pipeline

Pipeline Overview

accessctl GitLab CI/CD Pipeline Jobs

Provisioning Stage

GitLab Self-Managed Instance API

GitLab.com SaaS API

Google Workspace Directory API

Okta API

Stage 3.5
GitLab Self-Managed Groups Job
provision:gitlab-self-groups

Stage 3.1
Okta Users Job
provision:okta-users

Stage 3.2
Okta Groups Job
provision:okta-groups

Stage 3.3
Google Groups Job
provision:google-groups

Stage 3.4
GitLab SaaS Groups Job
provision:gitlab-saas-groups

Auditlog Stage

Stage 2.1
Users Job
CLI auditlog:users

Stage 2.2
Attributes Job
CLI auditlog:attributes

Stage 2.3
Roles Job
CLI auditlog:roles

Stage 2.4
Org Units Job
CLI auditlog:ou

Manifest Stage

Stage 1.1
Users Job
CLI manifest:users

Stage 1.2
Roles Job
CLI manifest:roles

Stage 1.3
Org Units Job
CLI manifest:ou

accessctl GitLab Repositories

accessctl-auditlog Repo

auditlog/users/
onboarding.yml/json/csv

auditlog/users/
offboarding.yml/json/csv

auditlog/users/
attributes.yml/json/csv

auditlog/attribute/
{attribute}.yml/json/csv

auditlog/role/
{role}.yml/json/csv

auditlog/ou/
{ou}.yml/json/csv

accessctl-manifests Repo

manifests/users/
users.yml/json/csv

manifests/attributes/
{attribute}.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

accessctl-policies Repo

policies/role/{kingdom}.yml

policies/ou/{kingdom}.yml

CI/CD Job Workflows

Users Auditlog

Identity GitLab Repositories

Identity Platform CI/CD Auditlog Stage Scripts

Identity GitLab Repositories

accessctl-auditlog Repo

accessctl-manifests Repo

manifests/users/
users.yml/json/csv

manifests/attributes/
{attribute}.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

Stage 2.1
Users Job
CLI auditlog:users

Parse Current Manifest Commit

Parse Previous Manifest Commit

Filter results
with differences

Check if user has been created

Check if user has been deprovisioned

Loop through users and
compare attributes for differences

Create Audit Log entry in S3 bucket

Audit Transaction
REST API Call to accessctl
for automation workflows

Append Auditlog in Repository

auditlog/users/
onboarding.yml/json/csv

auditlog/users/
offboarding.yml/json/csv

auditlog/users/
attributes.yml/json/csv

Attributes Auditlog

Identity GitLab Repositories

Identity Platform CI/CD Auditlog Stage Scripts

Identity GitLab Repositories

accessctl-auditlog Repo

accessctl-manifests Repo

manifests/users/
users.yml/json/csv

manifests/attributes/
{attribute}.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

Stage 2.2
Attributes Job
CLI auditlog:attributes

Parse Current Manifest Commit

Parse Previous Manifest Commit

Filter results
with differences

Check if attribute has been created

Check if attribute has been deleted

Create Audit Log entry in S3 bucket

Audit Transaction
REST API Call to accessctl
for automation workflows

Append Auditlog in Repository

auditlog/attribute/
{attribute}.yml/json/csv

auditlog/role/
{role}.yml/json/csv

auditlog/ou/
{ou}.yml/json/csv

Roles Auditlog

Identity GitLab Repositories

Identity Platform CI/CD Auditlog Stage Scripts

Identity GitLab Repositories

accessctl-auditlog Repo

accessctl-manifests Repo

manifests/users/
users.yml/json/csv

manifests/attributes/
{attribute}.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

Stage 2.3
Roles Job
CLI auditlog:roles

Parse Current Manifest Commit

Parse Previous Manifest Commit

Filter results
with differences

Check if user has been added

Check if user has been deleted

Create Audit Log entry in S3 bucket

Audit Transaction
REST API Call to accessctl
for automation workflows

Append Auditlog in Repository

auditlog/attribute/
{attribute}.yml/json/csv

auditlog/role/
{role}.yml/json/csv

auditlog/ou/
{ou}.yml/json/csv

Organization Units Auditlog

Identity GitLab Repositories

Identity Platform CI/CD Auditlog Stage Scripts

Identity GitLab Repositories

accessctl-auditlog Repo

accessctl-manifests Repo

manifests/users/
users.yml/json/csv

manifests/attributes/
{attribute}.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

Stage 2.4
Org Units Job
CLI auditlog:ou

Parse Current Manifest Commit

Parse Previous Manifest Commit

Filter results
with differences

Check if user has been added

Check if user has been deleted

Create Audit Log entry in S3 bucket

Audit Transaction
REST API Call to accessctl
for automation workflows

Append Auditlog in Repository

auditlog/attribute/
{attribute}.yml/json/csv

auditlog/role/
{role}.yml/json/csv

auditlog/ou/
{ou}.yml/json/csv