| Ubicación de la carga de trabajo |
Cargas de trabajo de la organización y de la raíz |
| Fuente del registro de auditoría | |
| Operaciones auditadas |
Registros de auditoría del plano de administración de la API de KRM (proyecto)
| Campos de la entrada de registro que contienen información de auditoría | ||
|---|---|---|
| Metadatos de auditoría | Nombre del campo de auditoría | Valor |
| Identidad del usuario o del servicio | username |
Por ejemplo: "username":system:serviceaccount:gpc-system:fleet-admin-controller" |
|
Target (Campos y valores que llaman a la API) |
requestURI |
|
|
Acción (Campos que contienen la operación realizada) |
verb |
|
| Marca de tiempo del evento |
requestReceivedTimestamp
|
Por ejemplo:
|
| Fuente de la acción | sourceIPs |
Por ejemplo:
|
| Resultado | stage |
Por ejemplo: "stage": "ResponseComplete" |
| Otros campos |
|
Por ejemplo: "kind": "Event", "objectRef": { "name": "istio-system", "apiVersion": "v1alpha1", "apiGroup": "resourcemanager.gdc.goog", "resourceVersion": "7812139", "resource": "projects", "uid": "7d3a3bb1-a0be-4c5c-980b-f9cd3632f6e3", "namespace": "gpc-system" }, |
Ejemplo de registro
{
"stage": "ResponseComplete",
"apiVersion": "audit.k8s.io/v1",
"objectRef": {
"name": "istio-system",
"apiVersion": "v1alpha1",
"apiGroup": "resourcemanager.gdc.goog",
"resourceVersion": "7812139",
"resource": "projects",
"uid": "7d3a3bb1-a0be-4c5c-980b-f9cd3632f6e3",
"namespace": "gpc-system"
},
"requestReceivedTimestamp": "2022-12-22T15:46:41.028873Z",
"sourceIPs": [
"10.253.128.178"
],
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-admin-common-controller\" of ClusterRole \"fleet-admin-common-controllers-role\" to ServiceAccount \"fleet-admin-controller/gpc-system\"",
"mutation.webhook.admission.k8s.io/round_0_index_5": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"_gdch_cluster": "root-admin",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-t4rld",
"user": {
"uid": "da8e839f-eca4-4a96-9058-94fa4202824f",
"extra": {
"authentication.kubernetes.io/pod-uid": [
"09335650-82b0-451c-83e2-f8157e9d518c"
],
"authentication.kubernetes.io/pod-name": [
"fleet-admin-controller-75dbdf7659-ccfrn"
]
},
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:gpc-system",
"system:authenticated"
],
"username": "system:serviceaccount:gpc-system:fleet-admin-controller"
},
"stageTimestamp": "2022-12-22T15:46:41.119767Z",
"kind": "Event",
"verb": "update",
"requestURI": "/apis/resourcemanager.gdc.goog/v1alpha1/namespaces/gpc-system/projects/istio-system",
"responseStatus": {
"metadata": {},
"code": 200
},
"userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"auditID": "5aeaeab6-7371-4b63-8355-b4469e1440bb",
"level": "Metadata",
"_gdch_service_name": "apiserver",
"_gdch_tenant_id": "infra-obs"
}
Registros de auditoría del plano de administración de la API de KRM (RBAC del proyecto: ProjectRole)
| Campos de la entrada de registro que contienen información de auditoría | ||
|---|---|---|
| Metadatos de auditoría | Nombre del campo de auditoría | Valor |
| Identidad del usuario o del servicio | username |
Por ejemplo: "username": "system:serviceaccount: gpc-system:fleet-admin-controller" |
|
Target (Campos y valores que llaman a la API) |
requestURI |
|
|
Acción (Campos que contienen la operación realizada) |
verb |
|
| Marca de tiempo del evento |
requestReceivedTimestamp
|
Por ejemplo:
|
| Fuente de la acción | sourceIPs |
Por ejemplo:
|
| Resultado | stage |
Por ejemplo: "stage": "ResponseComplete" |
| Otros campos |
|
Por ejemplo: "kind": "Event", "objectRef": { "apiVersion": "v1alpha1", "namespace": "vm-prober-system-obs-system", "resourceVersion": "5573513", "apiGroup": "resourcemanager.gdc.goog", "resource": "projectroles", "name": "service-now-admin", "subresource": "status", "uid": "c220806d-a708-4e42-8a2c-8442b6a74038" }, |
Ejemplo de registro
{
"verb": "update",
"responseStatus": {
"metadata": {},
"code": 200
},
"objectRef": {
"apiVersion": "v1alpha1",
"namespace": "vm-prober-system-obs-system",
"resourceVersion": "5573513",
"apiGroup": "resourcemanager.gdc.goog",
"resource": "projectroles",
"name": "service-now-admin",
"subresource": "status",
"uid": "c220806d-a708-4e42-8a2c-8442b6a74038"
},
"apiVersion": "audit.k8s.io/v1",
"sourceIPs": [
"10.253.128.178"
],
"kind": "Event",
"requestURI": "/apis/resourcemanager.gdc.goog/v1alpha1/namespaces/vm-prober-system-obs-system/projectroles/service-now-admin/status",
"auditID": "e40537d8-0e49-4f34-85b3-f6bb5c373a58",
"_gdch_cluster": "root-admin",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-admin-controller\" of ClusterRole \"fleet-admin-controller\" to ServiceAccount \"fleet-admin-controller/gpc-system\""
},
"stageTimestamp": "2022-12-21T23:36:45.814414Z",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-t4rld",
"level": "Metadata",
"stage": "ResponseComplete",
"userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"requestReceivedTimestamp": "2022-12-21T23:36:45.808663Z",
"user": {
"extra": {
"authentication.kubernetes.io/pod-name": [
"fleet-admin-controller-75dbdf7659-ccfrn"
],
"authentication.kubernetes.io/pod-uid": [
"09335650-82b0-451c-83e2-f8157e9d518c"
]
},
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:gpc-system",
"system:authenticated"
],
"username": "system:serviceaccount:gpc-system:fleet-admin-controller",
"uid": "da8e839f-eca4-4a96-9058-94fa4202824f"
},
"_gdch_service_name": "apiserver",
"_gdch_tenant_id": "infra-obs"
}
Registros de auditoría del plano de administración de la API de KRM (RBAC del proyecto: ProjectRoleBinding)
| Campos de la entrada de registro que contienen información de auditoría | ||
|---|---|---|
| Metadatos de auditoría | Nombre del campo de auditoría | Valor |
| Identidad del usuario o del servicio | username |
Por ejemplo: "username": "system:serviceaccount: gatekeeper-system:gatekeeper-admin" |
|
Target (Campos y valores que llaman a la API) |
requestURI |
|
|
Acción (Campos que contienen la operación realizada) |
verb |
|
| Marca de tiempo del evento |
requestReceivedTimestamp
|
Por ejemplo:
|
| Fuente de la acción | sourceIPs |
Por ejemplo:
|
| Resultado | stage |
Por ejemplo: "stage": "RequestReceived" |
| Otros campos |
|
Por ejemplo: "kind": "Event", "objectRef": { "resource": "projectrolebindings", "apiVersion": "v1alpha1", "apiGroup": "resourcemanager.gdc.goog" }, |
Ejemplo de registro
{
"verb": "list",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-t4rld",
"userAgent": "gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
"objectRef": {
"apiVersion": "v1alpha1",
"resource": "projectrolebindings",
"apiGroup": "resourcemanager.gdc.goog"
},
"sourceIPs": [
"10.253.128.219"
],
"responseStatus": {
"code": 200,
"metadata": {}
},
"kind": "Event",
"stage": "ResponseComplete",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""
},
"requestURI": "/apis/resourcemanager.gdc.goog/v1alpha1/projectrolebindings?limit=500",
"user": {
"uid": "d23f8b07-b318-47fb-a81d-9932e81c3be8",
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:gatekeeper-system",
"system:authenticated"
],
"extra": {
"authentication.kubernetes.io/pod-uid": [
"86ab2ec3-93ae-49b6-9feb-cadae6d014c4"
],
"authentication.kubernetes.io/pod-name": [
"gatekeeper-audit-54d846f776-z6bzn"
]
},
"username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin"
},
"stageTimestamp": "2022-12-21T23:11:57.899640Z",
"auditID": "e8d0d02b-f309-4127-8cdb-e93a39ebaea7",
"apiVersion": "audit.k8s.io/v1",
"level": "Metadata",
"_gdch_cluster": "root-admin",
"requestReceivedTimestamp": "2022-12-21T23:11:57.897447Z",
"_gdch_service_name": "apiserver",
"_gdch_tenant_id": "infra-obs"
}