Workload location |
Root and organization workloads |
Audit log source |
GKE Identity Service |
Audited operations |
Create STS token
Fields in the log entry that contain audit information | ||
---|---|---|
Audit metadata | Audit field name | Value |
User or service identity | identity |
For example,
|
Target (Fields and values that call the API) |
resource |
"resource":"AIS STS token" |
Action (Fields containing the performed operation) |
action |
"action":"Create" |
Event timestamp | time |
For example,
|
Source of action | userAgent |
For example,
|
Outcome | response |
For example,
|
Other fields | Not applicable | Not applicable |
Example log
{
"action":"Create",
"auditID":"vwWq8fQ-o9RTopgcZtAC_psm1aYyMKxkv47GOkdU",
"description":"An AIS STS token is minted for fop-shengjiang (from fake-oidc-provider) and will be valid for 11h59m49.438314611s",
"resource":"AIS STS token",
"response":"Success",
"time":"2022-11-22T18:31:37.084205362+00:00",
"user":{
"groups":[
"group-claim-1",
"group-claim-2"
],
"identity":"fop-shengjiang",
"issuer":"fake-oidc-provider"
},
"userAgent":"Go-http-client/2.0"
}