This document describes audit logging for GKE On-Prem API, which methods generate audit logs, details about the audit logs each method produces, and which methods do not produce audit logs, if any. Google Cloud generates audit logs that record administrative and access activities within your Google Cloud resources. For more information, see Cloud Audit Logs overview.
Service name
GKE On-Prem API audit logs use the service name gkeonprem.googleapis.com
.
Methods by permission type
Methods that check DATA_READ
, DATA_WRITE
, and
ADMIN_READ
permissions generate logs categorized as
Data Access audit logs.
Methods that check ADMIN_WRITE
permissions generate logs
categorized as
Admin Activity audit logs.
Permission type | Methods |
---|---|
ADMIN_READ |
google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalCluster google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalNodePool google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareCluster google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareNodePool google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalAdminClusters google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalClusters google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalNodePools google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareAdminClusters google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareClusters google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareNodePools google.cloud.gkeonprem.v1.GkeOnPrem.QueryBareMetalAdminVersionConfig google.cloud.gkeonprem.v1.GkeOnPrem.QueryBareMetalVersionConfig google.cloud.gkeonprem.v1.GkeOnPrem.QueryVmwareVersionConfig |
ADMIN_WRITE |
google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalCluster google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalNodePool google.cloud.gkeonprem.v1.GkeOnPrem.CreateVmwareCluster google.cloud.gkeonprem.v1.GkeOnPrem.CreateVmwareNodePool google.cloud.gkeonprem.v1.GkeOnPrem.DeleteBareMetalCluster google.cloud.gkeonprem.v1.GkeOnPrem.DeleteBareMetalNodePool google.cloud.gkeonprem.v1.GkeOnPrem.DeleteVmwareCluster google.cloud.gkeonprem.v1.GkeOnPrem.DeleteVmwareNodePool google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalCluster google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalNodePool google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareCluster google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareNodePool google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalCluster google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalNodePool google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareCluster google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareNodePool google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalCluster google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalNodePool google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareAdminCluster google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareCluster google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareNodePool google.longrunning.Operations.CancelOperation google.longrunning.Operations.DeleteOperation |
Audit logs for each API interface
For information about how and which permissions are evaluated, for each method, see the Identity and Access Management documentation for GKE On-Prem API.
google.cloud.gkeonprem.v1.GkeOnPrem
The following section contains details about audit logs associated with
methods belonging to google.cloud.gkeonprem.v1.GkeOnPrem
.
CreateBareMetalAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalAdminClusters.create - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalAdminCluster"
CreateBareMetalCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalClusters.create - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalCluster"
CreateBareMetalNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalNodePools.create - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.CreateBareMetalNodePool"
CreateVmwareCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.CreateVmwareCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareClusters.create - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.CreateVmwareCluster"
CreateVmwareNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.CreateVmwareNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareNodePools.create - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.CreateVmwareNodePool"
DeleteBareMetalCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.DeleteBareMetalCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalClusters.delete - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.DeleteBareMetalCluster"
DeleteBareMetalNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.DeleteBareMetalNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalNodePools.delete - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.DeleteBareMetalNodePool"
DeleteVmwareCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.DeleteVmwareCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareClusters.delete - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.DeleteVmwareCluster"
DeleteVmwareNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.DeleteVmwareNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareNodePools.delete - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.DeleteVmwareNodePool"
EnrollBareMetalAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalAdminClusters.enroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalAdminCluster"
EnrollBareMetalCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalClusters.enroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalCluster"
EnrollBareMetalNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalNodePools.enroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.EnrollBareMetalNodePool"
EnrollVmwareAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareAdminClusters.enroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareAdminCluster"
EnrollVmwareCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareClusters.enroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareCluster"
EnrollVmwareNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareNodePools.enroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.EnrollVmwareNodePool"
GetBareMetalAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalAdminCluster
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalAdminClusters.get - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalAdminCluster"
GetBareMetalCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalCluster
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalClusters.get - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalCluster"
GetBareMetalNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalNodePool
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalNodePools.get - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.GetBareMetalNodePool"
GetVmwareAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareAdminCluster
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareAdminClusters.get - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareAdminCluster"
GetVmwareCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareCluster
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareClusters.get - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareCluster"
GetVmwareNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareNodePool
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareNodePools.get - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.GetVmwareNodePool"
ListBareMetalAdminClusters
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalAdminClusters
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalAdminClusters.list - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalAdminClusters"
ListBareMetalClusters
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalClusters
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalClusters.list - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalClusters"
ListBareMetalNodePools
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalNodePools
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalNodePools.list - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.ListBareMetalNodePools"
ListVmwareAdminClusters
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareAdminClusters
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareAdminClusters.list - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareAdminClusters"
ListVmwareClusters
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareClusters
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareClusters.list - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareClusters"
ListVmwareNodePools
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareNodePools
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareNodePools.list - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.ListVmwareNodePools"
QueryBareMetalAdminVersionConfig
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.QueryBareMetalAdminVersionConfig
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalAdminClusters.queryVersionConfig - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.QueryBareMetalAdminVersionConfig"
QueryBareMetalVersionConfig
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.QueryBareMetalVersionConfig
- Audit log type: Data access
- Permissions:
gkeonprem.bareMetalClusters.queryVersionConfig - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.QueryBareMetalVersionConfig"
QueryVmwareVersionConfig
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.QueryVmwareVersionConfig
- Audit log type: Data access
- Permissions:
gkeonprem.vmwareClusters.queryVersionConfig - ADMIN_READ
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.QueryVmwareVersionConfig"
UnenrollBareMetalAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalAdminClusters.unenroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalAdminCluster"
UnenrollBareMetalCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalClusters.unenroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalCluster"
UnenrollBareMetalNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalNodePools.unenroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollBareMetalNodePool"
UnenrollVmwareAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareAdminClusters.unenroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareAdminCluster"
UnenrollVmwareCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareClusters.unenroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareCluster"
UnenrollVmwareNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareNodePools.unenroll - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UnenrollVmwareNodePool"
UpdateBareMetalAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalAdminClusters.update - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalAdminCluster"
UpdateBareMetalCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalClusters.update - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalCluster"
UpdateBareMetalNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.bareMetalNodePools.update - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UpdateBareMetalNodePool"
UpdateVmwareAdminCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareAdminCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareAdminClusters.update - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareAdminCluster"
UpdateVmwareCluster
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareCluster
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareClusters.update - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareCluster"
UpdateVmwareNodePool
- Method:
google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareNodePool
- Audit log type: Admin activity
- Permissions:
gkeonprem.vmwareNodePools.update - ADMIN_WRITE
- Method is a long-running or streaming operation:
Long-running operation
- Filter for this method:
protoPayload.methodName="google.cloud.gkeonprem.v1.GkeOnPrem.UpdateVmwareNodePool"
google.longrunning.Operations
The following section contains details about audit logs associated with
methods belonging to google.longrunning.Operations
.
CancelOperation
- Method:
google.longrunning.Operations.CancelOperation
- Audit log type: Admin activity
- Permissions:
gkeonprem.operations.cancel - ADMIN_WRITE
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.longrunning.Operations.CancelOperation"
DeleteOperation
- Method:
google.longrunning.Operations.DeleteOperation
- Audit log type: Admin activity
- Permissions:
gkeonprem.operations.delete - ADMIN_WRITE
- Method is a long-running or streaming operation:
No.
- Filter for this method:
protoPayload.methodName="google.longrunning.Operations.DeleteOperation"