Confidential Computing audit logging
This document describes audit logging for Confidential Computing. Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. For more information, see Cloud Audit Logs overview.
This page was last generated on 2024-05-23 18:15:50 UTC.
Service name
Confidential Computing audit logs use the service name confidentialcomputing.googleapis.com.
Methods by permission type
Methods that check DATA_READ, DATA_WRITE, and ADMIN_READ
permission types are Data Access audit logs.
Methods that check ADMIN_WRITE permission types are Admin Activity audit logs.
| Permission type | Methods |
|---|---|
| ADMIN_WRITE | google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation |
Audit logs per API interface
For information about which permissions are evaluated and how for each method, see the Identity and Access Management documentation for Confidential Computing.
google.cloud.confidentialcomputing.v1.ConfidentialComputing
Details about audit logs associated with methods belonging to google.cloud.confidentialcomputing.v1.ConfidentialComputing.
google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge
- Method: google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge
- Audit log Type: Admin Activity
- Permissions:
confidentialcomputing.challenges.create - ADMIN_WRITE
- Method is a Long Running Operation or Streaming: No.
- Filter for this method:
protoPayload.methodName="google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge"
google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation
- Method: google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation
- Audit log Type: Admin Activity
- Permissions:
confidentialcomputing.challenges.verify - ADMIN_WRITE
- Method is a Long Running Operation or Streaming: No.
- Filter for this method:
protoPayload.methodName="google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation"
google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing
Details about audit logs associated with methods belonging to google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.
google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge
- Method: google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge
- Audit log Type: Admin Activity
- Permissions:
confidentialcomputing.challenges.create - ADMIN_WRITE
- Method is a Long Running Operation or Streaming: No.
- Filter for this method:
protoPayload.methodName="google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge"
google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation
- Method: google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation
- Audit log Type: Admin Activity
- Permissions:
confidentialcomputing.challenges.verify - ADMIN_WRITE
- Method is a Long Running Operation or Streaming: No.
- Filter for this method:
protoPayload.methodName="google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation"