Audit changes to system artifacts

System artifacts exist in the Artifact Registry of the admin cluster. All changes and operations performed on the system artifacts are audited. As an Infrastructure Operator (IO), view the audit logs through the monitoring instance.

Before you begin

To get the permissions that you need to view audit logs, ask your Security Admin to grant you the Grafana Viewer (grafana-viewer) role.

Retrieve audit logs for system artifacts in the admin cluster

To retrieve audit logs for system artifacts in the admin cluster, complete the following steps:

  1. Go to the monitoring instance UI for the admin cluster.

  2. Click Explore > audit-logs-loki and build the query to get audit logs.

The audit-logs-loki option is selected on the Explore page of the monitoring instance UI for the admin cluster.

Find artifacts with Loki queries

You can build Loki queries to find artifacts.

The following sections contain examples for querying audit logs.

Query audit logs for all system artifacts

Run the following query to return audit logs for all system artifacts:

{cluster="ADMIN_CLUSTER",service_name="artifactmanagement"}

Replace ADMIN_CLUSTER with the target cluster name, such as root-admin.

For example:

{cluster="root-admin", service_name="artifactmanagement"}`

Query audit logs for one specific Artifact Registry

Run the following query to return audit logs for one specific Artifact Registry:

{cluster="ADMIN_CLUSTER",service_name="artifactmanagement"} | json resource="resource" | resource=~"^REGISTRY_PREFIX.*"

Replace the following:

  • ADMIN_CLUSTER: the admin cluster name, such as root-admin.
  • REGISTRY_PREFIX: the target Artifact Registry name prefix.

For example:

{cluster="root-admin",service_name="artifactmanagement"} | json resource="resource" | resource=~"^gpc-system-services.*"

The query to return audit logs from the gpc-system-services Artifact Registry of the root-admin cluster displays the resulting audit logs as a list on the same page.

Query audit logs for multiple Artifact Registry registries

Run the following query to return audit logs for multiple Artifact Registry registries:

{cluster="ADMIN_CLUSTER",service_name="artifactmanagement"} | json resource="resource" | resource=~"^REGISTRY1_PREFIX.*" or resource=~"^REGISTRY2_PREFIX.*"

Replace the following:

  • ADMIN_CLUSTER: the target cluster name, such as root-admin.
  • REGISTRY1_PREFIX: the first target Artifact Registry name prefix.
  • REGISTRY2_PREFIX: the second target Artifact Registry name prefix.

For example:

{cluster="root-admin",service_name="artifactmanagement"} | json resource="resource" | resource=~"^gpc-system.*" or resource=~"^library/.*"