Backup and Restore (BACK)

Backup

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "extra":{
    "authentication.kubernetes.io/pod-name": ["gpcbackup-controlplane-controller-8557fdb956-47zjb"],
    "authentication.kubernetes.io/pod-uid": ["f3aa711d-b09e-4863-90d6-3d6e7122f4a3"]
  },
  "username": "system:serviceaccount:gpc-backup-system:gpcbackup-controlplane-manager-sa",
  "groups": ["system:serviceaccounts","system:serviceaccounts:gpc-backup-system","system:authenticated"],"uid":"e77ab07e-a987-4ba3-ad7d-b3bf002125eb"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"backup.gdc.goog",
  "resource":"backups",
  "apiVersion":"v1",
  "name":"backup-test-2",
  "namespace":"default"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

BackupPlan

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"backup.gdc.goog",
  "resource":"backupplans",
  "apiVersion":"v1",
  "name":"backupplan-test-2",
  "namespace":"default"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

Restore

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "uid":"e77ab07e-a987-4ba3-ad7d-b3bf002125eb",
  "username":"system:serviceaccount:gpc-backup-system:gpcbackup-controlplane-manager-sa",
  "extra":{
    "authentication.kubernetes.io/pod-uid":["f3aa711d-b09e-4863-90d6-3d6e7122f4a3"],
    "authentication.kubernetes.io/pod-name":["gpcbackup-controlplane-controller-8557fdb956-47zjb"]
  },
  "groups":["system:serviceaccounts", "system:serviceaccounts:gpc-backup-system", "system:authenticated"]
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"backup.gdc.goog",
  "apiVersion":"v1",
  "name":"restore-test-2",
  "resource":"restores",
  "namespace":"default"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

RestorePlan

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "namespace":"default",
  "apiGroup":"backup.gdc.goog",
  "resource":"restoreplans",
  "apiVersion":"v1",
  "name":"restoreplan-test-2"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

ManualBackupRequest

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "resource":"manualbackuprequests",
  "namespace":"default",
  "apiGroup":"backup.gdc.goog",
  "name":"manualbackuprequest-test-2",
  "apiVersion":"v1"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

ManualRestoreRequest

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "resource":"manualrestorerequests",
  "apiGroup":"backup.gdc.goog",
  "apiVersion":"v1",
  "name":"manualrestorerequest-test-2",
  "namespace":"default"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

DeleteBackupRequest

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"backup.gdc.goog",
  "resource":"deletebackuprequests",
  "apiVersion":"v1",
  "name":"deletebackuprequest-test-2",
  "namespace":"default"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

BackupRepository

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"backup.gdc.goog",
  "name":"default",
  "resource":"backuprepositories",
  "apiVersion":"v1"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "root-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

BackupRepositoryManager

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "username":"kubernetes-admin",
  "groups":["system:masters","system:authenticated"]
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "name":"default",
  "resource":"backuprepositorymanagers",
  "apiVersion":"v1",
  "apiGroup":"backup.gdc.goog"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-admin"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

VirtualMachineBackupPlan

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vmbpt-vm-vm",
  "namespace":"default",
  "resource":"virtualmachinebackupplans"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

VirtualMachineBackup

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vm-backup-test",
  "namespace":"default",
  "resource":"virtualmachinebackups"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

VirtualMachineRestore

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vm-restore-test",
  "namespace":"default",
  "resource":"virtualmachinerestores"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

MachineBackupPlanTemplate

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vmbpt",
  "namespace":"default",
  "resource":"virtualmachinebackupplantemplates"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

VirtualMachineBackupRequest

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vmbr-test",
  "namespace":"default",
  "resource":"virtualmachinebackuprequests"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

VirtualMachineRestoreRequest

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vmrr-test",
  "namespace":"default",
  "resource":"virtualmachinerestorerequests"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

VirtualMachineDeleteBackupRequest

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity user

For example,

"user": {
  "groups":["system:masters","system:authenticated"],
  "username":"kubernetes-admin"
}

Target

(Fields and values that call the API)

objectRef

"objectRef": {
  "apiGroup":"virtualmachine.gdc.goog",
  "apiVersion":"v1",
  "name":"vmdbr",
  "namespace":"default",
  "resource":"virtualmachinedeletebackuprequests"
}

Action

(Fields containing the performed operation)

verb

"verb":"create"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z"

Source of action _gdch_cluster

For example,

"_gdch_cluster": "org-1-system"

Outcome responseStatus

For example,

"responseStatus": {
  "code":201,
  "metadata":{}
}

Other fields Not applicable Not applicable

Example log

{
  "api_group": "backup.gdc.goog",
  "cluster": "root-admin",
  "fluentbit_pod": "anthos-audit-logs-forwarder-h89tv",
  "service_name": "apiserver",
  "Time": 1692629803549,
  "_gdch_cluster": "root-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-h89tv",
  "_gdch_org_id": "root.zone1.google.gdch.test",
  "_gdch_org_name": "root",
  "_gdch_service_name": "apiserver",
  "_gdch_tenant_id": "infra-obs",
  "annotations": {
    "authorization.k8s.io/decision":"allow","mutation.webhook.admission.k8s.io/round_0_index_2":"{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gpcbackup-controlplane-manager-role\" of ClusterRole \"gpcbackup-controlplane-manager-role\" to ServiceAccount \"gpcbackup-controlplane-manager-sa/gpc-backup-system\""
  },
  "apiVersion": "audit.k8s.io/v1",
  "auditID": "856f47ac-f022-467f-82ea-55aa08d948e1",
  "kind": "Event",
  "level": "Metadata",
  "objectRef": {
    "apiGroup":"backup.gdc.goog",
    "resource":"backups",
    "apiVersion":"v1",
    "name":"backup-test-2",
    "namespace":"default"
  },
  "requestReceivedTimestamp": "2023-08-21T14:56:43.549191Z",
  "requestURI": "/apis/backup.gdc.goog/v1/namespaces/default/backups",
  "responseStatus": {
    "code":201,
    "metadata":{}
  },
  "sourceIPs": ["10.200.0.3"],
  "stage": "ResponseComplete",
  "stageTimestamp": "2023-08-21T14:56:43.560200Z",
  "tsNs": 1692629803549191000,
  "user": {
    "extra":{
      "authentication.kubernetes.io/pod-name":["gpcbackup-controlplane-controller-8557fdb956-47zjb"],
      "authentication.kubernetes.io/pod-uid":["f3aa711d-b09e-4863-90d6-3d6e7122f4a3"]
    },
    "username":"system:serviceaccount:gpc-backup-system:gpcbackup-controlplane-manager-sa",
    "groups":["system:serviceaccounts","system:serviceaccounts:gpc-backup-system","system:authenticated"],"uid":"e77ab07e-a987-4ba3-ad7d-b3bf002125eb"
  },
  "userAgent": "manager/v0.0.0 (linux/amd64) kubernetes/$Format",
  "verb": "create"
}