Organisations (ORG)

Emplacement de la charge de travail

Charges de travail root uniquement

Source du journal d'audit

Journaux d'audit Kubernetes

Opérations auditées

Effectuer des opérations sur le plan de gestion de l'API KRM

Effectuer des opérations sur le plan de gestion de l'API KRM

Champs de l'entrée de journal contenant des informations d'audit
Métadonnées d'audit Nom du champ d'audit Valeur
Identité de l'utilisateur ou du service user

Par exemple,

"user":{"uid": "253b9e2f-fde2-4e37-ae7b-36a55d57aafb", "username": "system:serviceaccount: gatekeeper-system: gatekeeper-admin", "extra": {"authentication.kubernet es.io/pod-name": [ "gatekeeper-audit-7fd7bc5d97-x9x8b"], "authentication.kubernetes.io/pod-uid":["e62eaabc-2530-4c36-b793-a98b42c061eb"]}, "groups":["system: serviceaccounts", "system: serviceacc ounts: gatekeeper-system", "system: authenticated"]}

Cible

(Champs et valeurs qui appellent l'API)

requestURI

Par exemple,

"requestURI":"/apis/resourcemanager.gdc.goog/v1"

Action

(Champs contenant l'opération effectuée)

verb "verb":"list"
Code temporel de l'événement requestReceivedTimestamp

Par exemple,

"requestReceivedTimestamp":"2022-12-06T23:05:22.586546Z"

Source de l'action sourceIPs

Par exemple,

"sourceIPs":["10.200.0.4"]

Résultat responseStatus

Par exemple,

"responseStatus":{"code":200, "metadata":{}}

Autres champs annotations

Par exemple,

"annotations":{"authorization.k8s.io/decision": "allow","authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""}

Exemple de journal

{
   "userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
   "sourceIPs":[
      "10.200.0.4"
   ],
   "objectRef":{
      "apiGroup":"resourcemanager.gdc.goog",
      "resource":"organizations",
      "apiVersion":"v1alpha1"
   },
   "stageTimestamp":"2022-12-06T23:05:22.590986Z",
   "kind":"Event",
   "apiVersion":"audit.k8s.io/v1",
   "level":"Metadata",
   "auditID":"38da3a00-47b8-424f-8d63-d89258e2043e",
   "requestReceivedTimestamp":"2022-12-06T23:05:22.586546Z",
   "verb":"list",
   "_gdch_cluster":"root-admin",
   "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-2j85z",
   "stage":"ResponseComplete",
   "responseStatus":{
      "code":200,
      "metadata":{}
   },
   "user":{
      "uid":"253b9e2f-fde2-4e37-ae7b-36a55d57aafb",
      "username":"system:serviceaccount:gatekeeper-system:gatekeeper-admin",
      "extra":{
         "authentication.kubernet es.io/pod-name":[
            "gatekeeper-audit-7fd7bc5d97-x9x8b"
         ],
         "authentication.kubernetes.io/pod-uid":[
            "e62eaabc-2530-4c36-b793-a98b42c061eb"
         ]
      },
      "groups":[
         "system:serviceaccounts",
         "system:serviceaccounts:gatekeeper-system",
         "system: authenticated"
      ]
   },
   "requestURI":"/apis/resourcemanager.gdc.goog/v1alpha1/organizations?limit=500",
   "annotations":{
      "authorization.k8s.io/decision":"allow",
      "authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""
   },
   "_gdch_service_name":"apiserver"
}