Serviço de banco de dados

Local da carga de trabalho

Cargas de trabalho somente da organização

Origem do registro de auditoria

Registros de auditoria do Kubernetes

Operações auditadas

DBClusters

Campos na entrada de registro que contêm informações de auditoria
Metadados de auditoria Nome do campo de auditoria Valor
Identidade do usuário user.username

Por exemplo,

"user":{"username":"kubernetes-admin"}
  

Objetivo

(Campos e valores que chamam a API)

objectRef

Por exemplo,

"objectRef":{
    "name":"emuv2",
    "namespace":"obs-system",
    "resource":"dbclusters",
    "apiGroup":"postgresql.dbadmin.gdc.goog",
    "apiVersion":"v1"
}

Ação

(Campos que contêm a operação realizada)

verb
  • "verb":"create"
  • "verb":"update"
  • "verb":"patch"
  • "verb":"list"
Carimbo de data/hora do evento requestReceivedTimestamp

Por exemplo,

"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"

Origem da ação sourceIPs

Por exemplo,

["10.200.0.7"]

Resultado responseStatus

Por exemplo,

"responseStatus":{
    "metadata":{},
    "code":201
}

Outros campos annotations

Por exemplo,

"annotations":{
"mutation.webhook.admission.k8s.io/round_0_index_24":
  "{\"configuration\":\"mutating-webhook-configurati on\",\"webhook\":\"mdbcluster.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
  "authorization.k8s.io/decision": "allow", "authorization.k8s.io/reason":""}
    

Exemplo de registro

{
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044f",
  "apiVersion": "audit.k8s.io/v1",
  "stageTimestamp": "2022-12-02T23:55:23.818903Z",
  "_gdch_cluster": "org-1-admin",
  "level": "Metadata",
  "auditID": "9365cb9f-9403-446a-a88a-f91b88284acf",
  "verb": "create",
  "stage": "ResponseComplete",
  "requestURI": "/a pis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/dbclusters?fieldManager-kubectl -client-side-apply&fieldValidation=Strict",
  "responseStatus": {
    "metadata": {},
    "code": 201
  },
  "annotations": {
    "mutation.webhook.admission.k8s.io/round_0_index_24": "{\"configuration\":\"mutating-webhook-configurati on\",\"webhook\":\"mdbcluster.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow",
    "authorization.k8s.io/reason": ""
  },
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-t21dm",
  "objectRef": {
    "name": "emuv2",
    "namespace": "obs-system",
    "resource": "dbclusters",
    "apiGrou p": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1"
  },
  "sourceIPs": [
    "10.200.0.7"
  ],
  "kind": "Event",
  "user": {
    "username": "kubernetes-admin",
    "groups": [
      "system:masters",
      "system:authenticated"
    ]
  },
  "requestReceivedTimestamp": "2022-12-02T23:55:23.739779Z",
  "_gdch_service_name": "apiserver"
}

Backup

Campos na entrada de registro que contêm informações de auditoria
Metadados de auditoria Nome do campo de auditoria Valor
Identidade do usuário user.username

Por exemplo,

"user":{"username":"system:serviceaccount:ods-fleet-system: fleet-controller-manager"}
  

Objetivo

(Campos e valores que chamam a API)

objectRef

Por exemplo,

"objectRef": {
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1",
    "resource": "backups",
    "namespace": "obs-system",
    "resourceVersion": "3189223",
    "name": "backup1",
    "uid": "3b5f6255-9a6d-4556-94b3-9956a5e6c8c2"
  }

Ação

(Campos que contêm a operação realizada)

verb
  • "verb":"create"
  • "verb":"update"
  • "verb":"delete"
  • "verb":"list"
Carimbo de data/hora do evento requestReceivedTimestamp

Por exemplo,

"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"

Origem da ação sourceIPs

Por exemplo,

["10.200.0.7"]

Resultado responseStatus

Por exemplo,

"responseStatus":{
    "metadata":{},
    "code":200
}

Outros campos annotations

Por exemplo,

"annotations":{
        "authorization.k8s.io/reason": "RBAC: allowed by Cluster RoleBinding \"fleet -manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to ServiceAccount \"fleet-controller-manager/ods-fleet-system\"",
        "authorization.k8s.io/decision": "allow"
    }
    

Exemplo de registro

{
  "responseStatus": {
    "metadata": {},
    "code": 200
  },
  "_gdch_cluster": "org-1-admin",
  "userAgent": "manager/v0.0.0 (linux/amd64) kubernetes/$Format",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-q2pvd",
  "annotations": {
    "authorization.k8s.io/reason": "RBAC: allowed by Cluster RoleBinding \"fleet -manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to ServiceAccount \"fleet-controller-manager/ods-fleet-system\"",
    "authorization.k8s.io/decision": "allow"
  },
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/backups/backup1",
  "kind": "Event",
  "leve 1": "Metadata",
  "verb": "update",
  "apiVersion": "audit.k8s.io/v1",
  "requestReceived Timestamp": "2022-12-03T02:10:57.714186Z",
  "stageTimestamp": "2022-12-03T02:10:57.801287Z",
  "auditID": "9b2721c8-db96-491b-90ce-4771979dceb3",
  "user": {
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:ods -fleet-system",
      "system: authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-controller-manager-659bc596c4-v6zll"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "6000181a-2050-497e-be3f-313456b88902"
      ]
    },
    "username": "system:serviceaccount:ods-fleet-system: fleet-controller-m anager",
    "uid": "66743ae3-eb0e-4608-9dea-2e6e33da24f1"
  },
  "stage": "ResponseComplete",
  "sourceIPs": [
    "10.253.165.17"
  ],
  "objectRef": {
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1",
    "resource": "backups",
    "namespace": "obs-system",
    "resourceVersion": "3189223",
    "name": "backup1",
    "ui d": "3b5f6255-9a6d-4556-94b3-9956a5e6c8c2"
  },
  "_gdch_service_name": "apiserver"
}

BackupPlan

Campos na entrada de registro que contêm informações de auditoria
Metadados de auditoria Nome do campo de auditoria Valor
Identidade do usuário user.username

Por exemplo,

"user":{"username":"kubernetes-admin", "groups":["system:masters","system:authenticated"]}
  

Objetivo

(Campos e valores que chamam a API)

objectRef

Por exemplo,

"objectRef": {
    "name": "backupplan1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1",
    "namespace": "obs-system",
    "resource": "backupplans"
  }

Ação

(Campos que contêm a operação realizada)

verb
  • "verb":"create"
  • "verb":"update"
  • "verb":"delete"
  • "verb":"list"
Carimbo de data/hora do evento requestReceivedTimestamp

Por exemplo,

"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"

Origem da ação sourceIPs

Por exemplo,

["10.200.0.7"]

Resultado responseStatus

Por exemplo,

"responseStatus":{
    "metadata":{},
    "code":200
}

Outros campos annotations

Por exemplo,

  "annotations": {
    "authorization.k8s.io/reason": "",
    "authorization.k8s.io/deci sion": "allow"
  }
    

Exemplo de registro

{
  "apiVersion": "audit.k8s.io/v1",
  "stageTimestamp": "2022-12-03T00:13:15.939390Z",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/backupplans?fieldManager-kubectl -client-side-apply&fieldValidation=Strict",
  "kind": "Event",
  "level": "Metadata",
  "auditID": "5841cc4f-74d0-44e3-b8 2b-a84fadaf492b",
  "responseStatus": {
    "metadata": {},
    "code": 201
  },
  "stage": "ResponseComplete",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd",
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044f",
  "verb": "create",
  "annotations": {
    "authorization.k8s.io/reason": "",
    "authorization.k8s.io/deci sion": "allow"
  },
  "user": {
    "groups": [
      "system:masters",
      "system: authenticated"
    ],
    "username": "kubernetes-admin"
  },
  "_gdch_cluster": "org-1-admin",
  "objectRef": {
    "name": "backupplan1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1",
    "namespace": "obs-system",
    "resource": "backupplans"
  },
  "sourceIPs": [
    "10.200.0.7"
  ],
  "requestReceivedTimestamp": "2022-12-03T00:13:15.921957Z",
  "_gdch_service_name": "apiserver"
}

Importar

Campos na entrada de registro que contêm informações de auditoria
Metadados de auditoria Nome do campo de auditoria Valor
Identidade do usuário user.username

Por exemplo,

"user":{"groups":["system: masters", "system: authenticated"], "username": "kubernetes-admin"}
  

Objetivo

(Campos e valores que chamam a API)

objectRef

Por exemplo,

  "objectRef": {
    "resource": "imports",
    "apiVersion": "v1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "name": "import-1",
    "namespace": "obs-system"
  },

Ação

(Campos que contêm a operação realizada)

verb
  • "verb":"create"
  • "verb":"delete"
  • "verb":"list"
Carimbo de data/hora do evento requestReceivedTimestamp

Por exemplo,

"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"

Origem da ação sourceIPs

Por exemplo,

["10.200.0.7"]

Resultado responseStatus

Por exemplo,

"responseStatus":{
    "metadata":{},
    "code":201
}

Outros campos annotations

Por exemplo,

"annotations": {
  "mutation.webhook.admission.k8s.io/round_@_index_26": "{\"configuration\":\"mutating-webhook-configuration\", \"webhook\":\"import.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
  "authorization.k8s.io/decision": "allow",
  "authorization.k8s.io/reason": ""
}
    

Exemplo de registro

{
  "verb": "create",
  "apiVersion": "audit.k8s.io/v1",
  "requestReceived Timestamp": "2022-12-03T02:22:14.605452Z",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/imports?fieldManager-kubectl -client-side-apply&fieldValidation=Strict",
  "stageTimestamp": "2022-12-03T 02:22:14.637697Z",
  "_gdch_cluster": "org-1-admin",
  "annotations": {
    "mutation.webhook.admission.k8s.io/round_@_index_26": "{\"configuration\":\"mutating-webhook-configuration\", \"webhook\":\"mimport.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow",
    "a uthorization.k8s.io/reason": ""
  },
  "kind": "Event",
  "level": "Metadata",
  "auditID": "d04e1c23-13fa-4d18-bec7-31d652531151",
  "stage": "ResponseComplete",
  "responseStatus": {
    "metadata": {},
    "code": 201
  },
  "objectRef": {
    "resource": "imports",
    "apiVersion": "v1",
    "apiGroup": "postgresql.dbadmin.gdc.goo g",
    "name": "import-1",
    "namespace": "obs-system"
  },
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd",
  "sourceIPs": [
    "10.200.0.7"
  ],
  "user": {
    "groups": [
      "system: masters",
      "system: authenticated"
    ],
    "username": "kubernetes-admin"
  },
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044 f",
  "_gdch_service_name": "apiserver"
}

Exportar

Campos na entrada de registro que contêm informações de auditoria
Metadados de auditoria Nome do campo de auditoria Valor
Identidade do usuário user.username

Por exemplo,

"user":{"groups":["system: masters", "system: authenticated"], "username": "kubernetes-admin"}
  

Objetivo

(Campos e valores que chamam a API)

objectRef

Por exemplo,

"objectRef": {
    "apiVersio n": "v1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "namespace": "obs-system",
    "resource": "exports",
    "name": "export1"
}

Ação

(Campos que contêm a operação realizada)

verb
  • "verb":"create"
  • "verb":"update"
  • "verb":"delete"
  • "verb":"list"
Carimbo de data/hora do evento requestReceivedTimestamp

Por exemplo,

"requestReceivedTimestamp":"2022-12-03T07:41:29.462690Z"

Origem da ação sourceIPs

Por exemplo,

["10.200.0.7"]

Resultado responseStatus

Por exemplo,

"responseStatus":{
    "metadata":{},
    "code":201
}

Outros campos annotations

Por exemplo,

"annotations": {
    "authorization.k8s.io/reason": "",
    "mutation.webhook.admission.k8s.io/round_0_index_25": "{\"configuration\":\"mutating-webhook-configuratio n\",\"webhook\":\"mexport.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow"
}
    

Exemplo de registro

{
  "apiVersion": "audit.k8s.io/v1",
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044f",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/exports?fieldManager=kubectl-client-side-apply&fieldValidation=Strict",
  "stageTimestamp": "2022-12-03T07:41:29.532729Z",
  "kind": "Event",
  "level": "Metadata",
  "_gdch_cluster": "org-1-admin",
  "stage": "ResponseComplete",
  "_gdc h_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd",
  "verb": "create",
  "requestReceivedTimestamp": "2022-12-03T07:41:29.462690Z",
  "responseStatus": {
    "code": 201,
    "metadata": {}
  },
  "objectRef": {
    "apiVersio n": "v1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "namespace": "obs-system",
    "resource": "exports",
    "name": "export1"
  },
  "user": {
    "groups": [
      "system:masters",
      "system: authenticated"
    ],
    "username": "kube rnetes-admin"
  },
  "sourceIPs": [
    "10.200.0.7"
  ],
  "annotations": {
    "authorization.k8s.io/reason": "",
    "mutation.webhook.admission.k8s.io/round_0_index_25": "{\"configuration\":\"mutating-webhook-configuratio n\",\"webhook\":\"mexport.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow"
  },
  "auditID": "2537d860-affd-420d-adec-13a270c1dcb2",
  "_gdch_service_name": "apiserver"
}

Restaurar

Campos na entrada de registro que contêm informações de auditoria
Metadados de auditoria Nome do campo de auditoria Valor
Identidade do usuário user.username

Por exemplo,

"user": {
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:ods- fleet-system",
      "system: authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-controller-manager-659bc596c4-v6z11"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "6000181a-2050-497e-be3f-313456b88902"
      ]
    },
    "username": "system:serviceaccount:ods-fleet-system: fleet-controller-manager",
    "uid": "6 6743ae3-eb0e-4608-9dea-2e6e33da24f1"
  }
  

Objetivo

(Campos e valores que chamam a API)

objectRef

Por exemplo,

"objectRef": {
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "name": "restore1",
    "subresource": "status",
    "uid": "9408379e-7c72-4052-b279-369f6457408a",
    "namespace": "obs-system",
    "apiVersion": "v1",
    "resource": "restores",
    "resourceVersion": "326530"
}

Ação

(Campos que contêm a operação realizada)

verb
  • "verb":"create"
  • "verb":"update"
  • "verb":"delete"
  • "verb":"list"
Carimbo de data/hora do evento requestReceivedTimestamp

Por exemplo,

"requestReceivedTimestamp":"2022-12-03T02:33:06.498531Z"

Origem da ação sourceIPs

Por exemplo,

["18.253.165.17"]

Resultado responseStatus

Por exemplo,

"responseStatus":{
    "metadata":{},
    "code":200
}

Outros campos annotations

Por exemplo,

"annotations": {
    "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to Service Account \"fleet-controller-manager/ods-fleet-system\"",
    "authorization.k8s.io/decision": "allow"
  }
    

Exemplo de registro

{
  "_gdch_cluster": "org-1-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-q2pvd",
  "level": "Metadata",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/restores/restore1/status",
  "kind": "Event",
  "user": {
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:ods- fleet-system",
      "system: authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-controller-manager-659bc596c4-v6z11"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "6000181a-2050-497e-be3f-313456b88902"
      ]
    },
    "username": "system:serviceaccount:ods-fleet-system: fleet-controller-manager",
    "uid": "6 6743ae3-eb0e-4608-9dea-2e6e33da24f1"
  },
  "annotations": {
    "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to Service Account \"fleet-controller-manager/ods-fleet-system\"",
    "authorization.k8s.io/decision": "allow"
  },
  "apiv ersion": "audit.k8s.io/v1",
  "responseStatus": {
    "code": 200,
    "metadata": {}
  },
  "stageTimestamp": "2022-12-03T02:33:06.504990Z",
  "verb": "update",
  "userAgent": "manager/v0.0.0 (linux/amd64) kubernetes/$Format",
  "auditID": "8cd077e4-776f-4179-933c-7e44951a59cf",
  "sourceIPs": [
    "18.253.165.17"
  ],
  "stage": "ResponseComplete",
  "requestReceivedTimestamp": "2022-12-03T02:33:06.498531Z",
  "objectRef": {
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "name": "restore1",
    "subresource": "status",
    "uid": "9408379e-7c72-4052-b279-369f6457408a",
    "namespace": "obs-system",
    "apiVersion": "v1",
    "resource": "restores",
    "resourceVersion": "326530"
  }
}```