"annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""}
Example log
{"userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z","sourceIPs":["10.200.0.4"],"objectRef":{"apiGroup":"resourcemanager.gdc.goog","resource":"organizations","apiVersion":"v1alpha1"},"stageTimestamp":"2022-12-06T23:05:22.590986Z","kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"38da3a00-47b8-424f-8d63-d89258e2043e","requestReceivedTimestamp":"2022-12-06T23:05:22.586546Z","verb":"list","_gdch_cluster":"root-admin","_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-2j85z","stage":"ResponseComplete","responseStatus":{"code":200,"metadata":{}},"user":{"uid":"253b9e2f-fde2-4e37-ae7b-36a55d57aafb","username":"system:serviceaccount:gatekeeper-system:gatekeeper-admin","extra":{"authentication.kubernet es.io/pod-name":["gatekeeper-audit-7fd7bc5d97-x9x8b"],"authentication.kubernetes.io/pod-uid":["e62eaabc-2530-4c36-b793-a98b42c061eb"]},"groups":["system:serviceaccounts","system:serviceaccounts:gatekeeper-system","system: authenticated"]},"requestURI":"/apis/resourcemanager.gdc.goog/v1alpha1/organizations?limit=500","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""},"_gdch_service_name":"apiserver"}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis content details audit logs for root-only workloads, specifically focusing on operations performed on the KRM API Management Plane.\u003c/p\u003e\n"],["\u003cp\u003eAudit logs are sourced from Kubernetes audit logs, providing information on actions taken within the platform.\u003c/p\u003e\n"],["\u003cp\u003eKey fields in the audit log entries include user identity, the target of the action, the performed action (verb), the event timestamp, the source of the action, the outcome, and other relevant annotations.\u003c/p\u003e\n"],["\u003cp\u003eAn example log is included, showcasing a typical audit entry with detailed information on a "list" operation performed by a service account, along with details such as the request URI, source IP, and authorization decision.\u003c/p\u003e\n"]]],[],null,["# Organizations (ORG)\n\nPerform operations on the KRM API Management Plane\n--------------------------------------------------\n\n**Example log** \n\n {\n \"userAgent\":\"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z\",\n \"sourceIPs\":[\n \"10.200.0.4\"\n ],\n \"objectRef\":{\n \"apiGroup\":\"resourcemanager.gdc.goog\",\n \"resource\":\"organizations\",\n \"apiVersion\":\"v1alpha1\"\n },\n \"stageTimestamp\":\"2022-12-06T23:05:22.590986Z\",\n \"kind\":\"Event\",\n \"apiVersion\":\"audit.k8s.io/v1\",\n \"level\":\"Metadata\",\n \"auditID\":\"38da3a00-47b8-424f-8d63-d89258e2043e\",\n \"requestReceivedTimestamp\":\"2022-12-06T23:05:22.586546Z\",\n \"verb\":\"list\",\n \"_gdch_cluster\":\"root-admin\",\n \"_gdch_fluentbit_pod\":\"anthos-audit-logs-forwarder-2j85z\",\n \"stage\":\"ResponseComplete\",\n \"responseStatus\":{\n \"code\":200,\n \"metadata\":{}\n },\n \"user\":{\n \"uid\":\"253b9e2f-fde2-4e37-ae7b-36a55d57aafb\",\n \"username\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\",\n \"extra\":{\n \"authentication.kubernet es.io/pod-name\":[\n \"gatekeeper-audit-7fd7bc5d97-x9x8b\"\n ],\n \"authentication.kubernetes.io/pod-uid\":[\n \"e62eaabc-2530-4c36-b793-a98b42c061eb\"\n ]\n },\n \"groups\":[\n \"system:serviceaccounts\",\n \"system:serviceaccounts:gatekeeper-system\",\n \"system: authenticated\"\n ]\n },\n \"requestURI\":\"/apis/resourcemanager.gdc.goog/v1alpha1/organizations?limit=500\",\n \"annotations\":{\n \"authorization.k8s.io/decision\":\"allow\",\n \"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"gatekeeper-manager-rolebinding\\\" of ClusterRole \\\"gatekeeper-manager-role\\\" to ServiceAccount \\\"gatekeeper-admin/gatekeeper-system\\\"\"\n },\n \"_gdch_service_name\":\"apiserver\"\n }"]]
