Merge pull request #32294 from github/repo-sync

Repo sync

Author: docs-bot

src/audit-logs/data/ghec/enterprise.json

@@ -146,7 +146,7 @@
   },
   {
     "action": "api.request",
-    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.",
     "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests",
     "fields": [
       "user_agent",

src/audit-logs/data/ghes-3.10/enterprise.json

@@ -1093,7 +1093,7 @@
   },
   {
     "action": "api.request",
-    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.",
     "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests",
     "fields": [
       "@timestamp",

src/audit-logs/data/ghes-3.11/enterprise.json

@@ -1099,7 +1099,7 @@
   },
   {
     "action": "api.request",
-    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.",
     "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests",
     "fields": [
       "@timestamp",

src/audit-logs/data/ghes-3.12/enterprise.json

@@ -1099,7 +1099,7 @@
   },
   {
     "action": "api.request",
-    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.",
     "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests",
     "fields": [
       "@timestamp",

src/audit-logs/data/ghes-3.13/enterprise.json

@@ -1105,7 +1105,7 @@
   },
   {
     "action": "api.request",
-    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.",
     "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests",
     "fields": [
       "@timestamp",

src/audit-logs/data/ghes-3.9/enterprise.json

@@ -1027,7 +1027,7 @@
   },
   {
     "action": "api.request",
-    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "description": "An API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.",
     "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests",
     "fields": [
       "@timestamp",

src/audit-logs/lib/config.json

@@ -1,4 +1,7 @@
 {
-  "apiOnlyEventsAdditionalDescription": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+  "appendedDescriptions": {
+    "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
+    "apiRequestEvent": "This event is only available via audit log streaming."
+  },
   "sha": "86e8c1638b4820a64a1e66501abd9e824b449b3e"
 }

src/audit-logs/lib/index.js

@@ -101,18 +101,11 @@ export function filterByAllowlistValues(
 
       const minimal = {
         action: event.action,
-        description: event.description,
+        description: processAndGetEventDescription(event, eventAllowlists, pipelineConfig),
         docs_reference_links: event.docs_reference_links,
         fields: event.fields,
       }
 
-      if (
-        eventAllowlists.includes('org_api_only') ||
-        eventAllowlists.includes('business_api_only')
-      ) {
-        minimal.description += ` ${pipelineConfig.apiOnlyEventsAdditionalDescription}`
-      }
-
       minimalEvents.push(minimal)
     }
   }
@@ -167,19 +160,12 @@ export function filterAndUpdateGhesDataByAllowlistValues(
       if (ghesVersionAllowlists === null) continue
       if (seenByGhesVersion.get(fullGhesVersion)?.has(event.action)) continue
 
-      const minimal = {
-        action: event.action,
-        description: event.description,
-        docs_reference_links: event.docs_reference_links,
-        fields: event.ghes[ghesVersion].fields,
-      }
-
       if (ghesVersionAllowlists.includes(allowListValue)) {
-        if (
-          ghesVersionAllowlists.includes('org_api_only') ||
-          ghesVersionAllowlists.includes('business_api_only')
-        ) {
-          minimal.description += ` ${pipelineConfig.apiOnlyEventsAdditionalDescription}`
+        const minimal = {
+          action: event.action,
+          description: processAndGetEventDescription(event, ghesVersionAllowlists, pipelineConfig),
+          docs_reference_links: event.docs_reference_links,
+          fields: event.ghes[ghesVersion].fields,
         }
 
         // we need to initialize as we go to build up the `minimalEvents`
@@ -208,3 +194,24 @@ export function filterAndUpdateGhesDataByAllowlistValues(
     }
   }
 }
+
+function processAndGetEventDescription(event, allowlists, pipelineConfig) {
+  let description = event.description
+
+  // api.request is a unique event because it's an api_only event but is the only
+  // one of these events where the description we append isn't correct so we
+  // have to account for it separately.  There's not yet anything in the schema
+  // we can hook onto to treat it differently.
+  if (
+    (allowlists.includes('org_api_only') || allowlists.includes('business_api_only')) &&
+    event.action !== 'api.request'
+  ) {
+    description += ` ${pipelineConfig.appendedDescriptions.apiOnlyEvents}`
+  }
+
+  if (event.action === 'api.request') {
+    description += ` ${pipelineConfig.appendedDescriptions.apiRequestEvent}`
+  }
+
+  return description
+}