com.google.cloud.audit.audit_log
Members list
Type members
Classlikes
Common audit log format for Google Cloud Platform API operations.
Common audit log format for Google Cloud Platform API operations.
Value parameters
- authenticationInfo
-
Authentication information.
- authorizationInfo
-
Authorization information. If there are multiple resources or permissions involved, then there is one AuthorizationInfo element for each {resource, permission} tuple.
- metadata
-
Other service-specific data about the request, response, and other information associated with the current audited event.
- methodName
-
The name of the service method or operation. For API calls, this should be the name of the API method. For example, "google.cloud.bigquery.v2.TableService.InsertTable" "google.logging.v2.ConfigServiceV2.CreateSink"
- numResponseItems
-
The number of items returned from a List or Query API method, if applicable.
- policyViolationInfo
-
Indicates the policy violations for this request. If the request is denied by the policy, violation information will be logged here.
- request
-
The operation request. This may not include all request parameters, such as those that are too large, privacy-sensitive, or duplicated elsewhere in the log record. It should never include user-generated data, such as file contents. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the
@type
property. - requestMetadata
-
Metadata about the operation.
- resourceLocation
-
The resource location information.
- resourceName
-
The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example: "projects/PROJECT_ID/zones/us-central1-a/instances" "projects/PROJECT_ID/datasets/DATASET_ID"
- resourceOriginalState
-
The resource's original state before mutation. Present only for operations which have successfully modified the targeted resource(s). In general, this field should contain all changed fields, except those that are already been included in
request
,response
,metadata
orservice_data
fields. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the@type
property. - response
-
The operation response. This may not include all response elements, such as those that are too large, privacy-sensitive, or duplicated elsewhere in the log record. It should never include user-generated data, such as file contents. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the
@type
property. - serviceData
-
Deprecated. Use the
metadata
field instead. Other service-specific data about the request, response, and other activities. - serviceName
-
The name of the API service performing the operation. For example,
"compute.googleapis.com"
. - status
-
The status of the overall operation.
Attributes
- Companion
- object
- Source
- AuditLog.scala
- Supertypes
-
trait Updatable[AuditLog]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- AuditLog.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[AuditLog]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
AuditLog.type
Attributes
- Source
- AuditLogProto.scala
- Supertypes
-
class GeneratedFileObjectclass Objecttrait Matchableclass Any
- Self type
-
AuditLogProto.type
Authentication information for the operation.
Authentication information for the operation.
Value parameters
- authoritySelector
-
The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority.
- principalEmail
-
The email address of the authenticated user (or service account on behalf of third party principal) making the request. For third party identity callers, the
principal_subject
field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs. - principalSubject
-
String representation of identity of requesting party. Populated for both first and third party identities.
- serviceAccountDelegationInfo
-
Identity delegation history of an authenticated service account that makes the request. It contains information on the real authorities that try to access GCP resources by delegating on a service account. When multiple authorities present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.
- serviceAccountKeyName
-
The name of the service account key used to create or exchange credentials for authenticating the service account making the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
- thirdPartyPrincipal
-
The third party identification (if any) of the authenticated user making the request. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the
@type
property.
Attributes
- Companion
- object
- Source
- AuthenticationInfo.scala
- Supertypes
-
trait Updatable[AuthenticationInfo]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- AuthenticationInfo.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[AuthenticationInfo]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
AuthenticationInfo.type
Authorization information for the operation.
Authorization information for the operation.
Value parameters
- granted
-
Whether or not authorization for
resource
andpermission
was granted. - permission
-
The required IAM permission.
- resource
-
The resource being accessed, as a REST-style or cloud resource string. For example: bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID or projects/PROJECTID/datasets/DATASETID
- resourceAttributes
-
Resource attributes used in IAM condition evaluation. This field contains resource attributes like resource type and resource name. To get the whole view of the attributes used in IAM condition evaluation, the user must also look into
AuditLog.request_metadata.request_attributes
.
Attributes
- Companion
- object
- Source
- AuthorizationInfo.scala
- Supertypes
-
trait Updatable[AuthorizationInfo]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- AuthorizationInfo.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[AuthorizationInfo]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
AuthorizationInfo.type
Represents OrgPolicy Violation information.
Represents OrgPolicy Violation information.
Value parameters
- payload
-
Optional. Resource payload that is currently in scope and is subjected to orgpolicy conditions. This payload may be the subset of the actual Resource that may come in the request. This payload should not contain any core content.
- resourceTags
-
Optional. Tags referenced on the resource at the time of evaluation. These also include the federated tags, if they are supplied in the CheckOrgPolicy or CheckCustomConstraints Requests. Optional field as of now. These tags are the Cloud tags that are available on the resource during the policy evaluation and will be available as part of the OrgPolicy check response for logging purposes.
- resourceType
-
Optional. Resource type that the orgpolicy is checked against. Example: compute.googleapis.com/Instance, store.googleapis.com/bucket
- violationInfo
-
Optional. Policy violations
Attributes
- Companion
- object
- Source
- OrgPolicyViolationInfo.scala
- Supertypes
-
trait Updatable[OrgPolicyViolationInfo]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- OrgPolicyViolationInfo.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[OrgPolicyViolationInfo]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
Information related to policy violations for this request.
Information related to policy violations for this request.
Value parameters
- orgPolicyViolationInfo
-
Indicates the orgpolicy violations for this resource.
Attributes
- Companion
- object
- Source
- PolicyViolationInfo.scala
- Supertypes
-
trait Updatable[PolicyViolationInfo]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- PolicyViolationInfo.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[PolicyViolationInfo]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
PolicyViolationInfo.type
Metadata about the request.
Metadata about the request.
Value parameters
- callerIp
-
The IP address of the caller. For a caller from the internet, this will be the public IPv4 or IPv6 address. For calls made from inside Google's internal production network from one GCP service to another,
caller_ip
will be redacted to "private". For a caller from a Compute Engine VM with a external IP address,caller_ip
will be the VM's external IP address. For a caller from a Compute Engine VM without a external IP address, if the VM is in the same organization (or project) as the accessed resource,caller_ip
will be the VM's internal IPv4 address, otherwisecaller_ip
will be redacted to "gce-internal-ip". See https://cloud.google.com/compute/docs/vpc/ for more information. - callerNetwork
-
The network of the caller. Set only if the network host project is part of the same GCP organization (or project) as the accessed resource. See https://cloud.google.com/compute/docs/vpc/ for more information. This is a scheme-less URI full resource name. For example: "//compute.googleapis.com/projects/PROJECT_ID/global/networks/NETWORK_ID"
- callerSuppliedUserAgent
-
The user agent of the caller. This information is not authenticated and should be treated accordingly. For example:
google-api-python-client/1.4.0
: The request was made by the Google API client for Python.Cloud SDK Command Line Tool apitools-client/1.0 gcloud/0.9.62
: The request was made by the Google Cloud SDK CLI (gcloud).AppEngine-Google; (+http://code.google.com/appengine; appid: s~my-project
: The request was made from themy-project
App Engine app.
- destinationAttributes
-
The destination of a network activity, such as accepting a TCP connection. In a multi hop network activity, the destination represents the receiver of the last hop. Only two fields are used in this message, Peer.port and Peer.ip. These fields are optionally populated by those services utilizing the IAM condition feature.
- requestAttributes
-
Request attributes used in IAM condition evaluation. This field contains request attributes like request time and access levels associated with the request. To get the whole view of the attributes used in IAM condition evaluation, the user must also look into
AuditLog.authentication_info.resource_attributes
.
Attributes
- Companion
- object
- Source
- RequestMetadata.scala
- Supertypes
-
trait Updatable[RequestMetadata]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- RequestMetadata.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[RequestMetadata]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
RequestMetadata.type
Location information about a resource.
Location information about a resource.
Value parameters
- currentLocations
-
The locations of a resource after the execution of the operation. Requests to create or delete a location based resource must populate the 'current_locations' field and not the 'original_locations' field. For example: "europe-west1-a" "us-east1" "nam3"
- originalLocations
-
The locations of a resource prior to the execution of the operation. Requests that mutate the resource's location must populate both the 'original_locations' as well as the 'current_locations' fields. For example: "europe-west1-a" "us-east1" "nam3"
Attributes
- Companion
- object
- Source
- ResourceLocation.scala
- Supertypes
-
trait Updatable[ResourceLocation]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- ResourceLocation.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[ResourceLocation]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
ResourceLocation.type
Identity delegation history of an authenticated service account.
Identity delegation history of an authenticated service account.
Value parameters
- principalSubject
-
A string representing the principal_subject associated with the identity. For most identities, the format will be
principal://iam.googleapis.com/{identity pool name}/subject/{subject)
except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy formatserviceAccount:{identity pool name}[{subject}]
Attributes
- Companion
- object
- Source
- ServiceAccountDelegationInfo.scala
- Supertypes
-
trait Updatable[ServiceAccountDelegationInfo]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- ServiceAccountDelegationInfo.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[ServiceAccountDelegationInfo]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
Provides information about the Policy violation info for this request.
Provides information about the Policy violation info for this request.
Value parameters
- checkedValue
-
Optional. Value that is being checked for the policy. This could be in encrypted form (if pii sensitive). This field will only be emitted in LIST_POLICY types
- constraint
-
Optional. Constraint name
- errorMessage
-
Optional. Error message that policy is indicating.
- policyType
-
Optional. Indicates the type of the policy.
Attributes
- Companion
- object
- Source
- ViolationInfo.scala
- Supertypes
-
trait Updatable[ViolationInfo]trait GeneratedMessagetrait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Source
- ViolationInfo.scala
- Supertypes
-
trait Producttrait Mirrortrait GeneratedMessageCompanion[ViolationInfo]trait Serializableclass Objecttrait Matchableclass AnyShow all
- Self type
-
ViolationInfo.type