From 9d9b447bc5709529c54564dbd3f3bbba7b1a2402 Mon Sep 17 00:00:00 2001
From: Nate Rosandich <nrosandich@gitlab.com>
Date: Mon, 12 Feb 2024 00:02:28 +0000
Subject: [PATCH] Deprecation docs for 'repository_download_operation' for
 public projects

---
 ...wnload_operation-audit-event-to-private.yml | 13 +++++++++++++
 doc/update/deprecations.md                     | 18 ++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 data/deprecations/17-0-move-repository_download_operation-audit-event-to-private.yml

diff --git a/data/deprecations/17-0-move-repository_download_operation-audit-event-to-private.yml b/data/deprecations/17-0-move-repository_download_operation-audit-event-to-private.yml
new file mode 100644
index 0000000000000..920b01efedd33
--- /dev/null
+++ b/data/deprecations/17-0-move-repository_download_operation-audit-event-to-private.yml
@@ -0,0 +1,13 @@
+- title: "'repository_download_operation' audit event type for public projects"
+  removal_milestone: "17.0"
+  announcement_milestone: "16.9"
+  breaking_change: true
+  reporter: nrosandich
+  stage: Govern
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/383218
+  body: |  # (required) Don't change this line.
+    The audit event type `repository_download_operation` is currently saved to the database for all project downloads, both public projects and private projects. For
+    public projects, this audit event is not the most useful for auditing purposes because it can be triggered by non-authenticated users.
+
+    From GitLab 17.0, the `repository_download_operation` audit event type will only be triggered for private or internal projects. We will add a new audit event type
+    called `public_repository_download_operation` for public project downloads. This new audit even type will be streaming only.
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 7abd6cd106d92..f7210e7f798bf 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -303,6 +303,24 @@ From GitLab 18.0 and later, the methods to register runners introduced by the ne
 
 <div class="deprecation breaking-change" data-milestone="17.0">
 
+### 'repository_download_operation' audit event type for public projects
+
+<div class="deprecation-notes">
+- Announced in GitLab <span class="milestone">16.9</span>
+- Removal in GitLab <span class="milestone">17.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/383218).
+</div>
+
+The audit event type `repository_download_operation` is currently saved to the database for all project downloads, both public projects and private projects. For
+public projects, this audit event is not the most useful for auditing purposes because it can be triggered by non-authenticated users.
+
+From GitLab 17.0, the `repository_download_operation` audit event type will only be triggered for private or internal projects. We will add a new audit event type
+called `public_repository_download_operation` for public project downloads. This new audit even type will be streaming only.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="17.0">
+
 ### Agent for Kubernetes option `ca-cert-file` renamed
 
 <div class="deprecation-notes">
-- 
GitLab