Common audit log format for Google Cloud Platform API operations.
JSON representation | |
---|---|
{ "serviceName": string, "methodName": string, "resourceName": string, "numResponseItems": string, "status": { object( |
Fields | |
---|---|
serviceName |
The name of the API service performing the operation. For example, |
methodName |
The name of the service method or operation. For API calls, this should be the name of the API method. For example,
|
resourceName |
The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example:
|
numResponseItems |
The number of items returned from a List or Query API method, if applicable. |
status |
The status of the overall operation. |
authenticationInfo |
Authentication information. |
authorizationInfo[] |
Authorization information. If there are multiple resources or permissions involved, then there is one AuthorizationInfo element for each {resource, permission} tuple. |
requestMetadata |
Metadata about the operation. |
request |
The operation request. This may not include all request parameters, such as those that are too large, privacy-sensitive, or duplicated elsewhere in the log record. It should never include user-generated data, such as file contents. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the |
response |
The operation response. This may not include all response elements, such as those that are too large, privacy-sensitive, or duplicated elsewhere in the log record. It should never include user-generated data, such as file contents. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the |
serviceData |
Other service-specific data about the request, response, and other activities. An object containing fields of an arbitrary type. An additional field |
Status
The Status
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. The error model is designed to be:
- Simple to use and understand for most users
- Flexible enough to meet unexpected needs
Overview
The Status
message contains three pieces of data: error code, error message, and error details. The error code should be an enum value of google.rpc.Code
, but it may accept additional error codes if needed. The error message should be a developer-facing English message that helps developers understand and resolve the error. If a localized user-facing error message is needed, put the localized message in the error details or localize it in the client. The optional error details may contain arbitrary information about the error. There is a predefined set of error detail types in the package google.rpc
which can be used for common error conditions.
Language mapping
The Status
message is the logical representation of the error model, but it is not necessarily the actual wire format. When the Status
message is exposed in different client libraries and different wire protocols, it can be mapped differently. For example, it will likely be mapped to some exceptions in Java, but more likely mapped to some error codes in C.
Other uses
The error model and the Status
message can be used in a variety of environments, either with or without APIs, to provide a consistent developer experience across different environments.
Example uses of this error model include:
Partial errors. If a service needs to return partial errors to the client, it may embed the
Status
in the normal response to indicate the partial errors.Workflow errors. A typical workflow has multiple steps. Each step may have a
Status
message for error reporting purpose.Batch operations. If a client uses batch request and batch response, the
Status
message should be used directly inside batch response, one for each error sub-response.Asynchronous operations. If an API call embeds asynchronous operation results in its response, the status of those operations should be represented directly using the
Status
message.Logging. If some API errors are stored in logs, the message
Status
could be used directly after any stripping needed for security/privacy reasons.
JSON representation | |
---|---|
{ "code": number, "message": string, "details": [ { "@type": string, field1: ..., ... } ], } |
Fields | |
---|---|
code |
The status code, which should be an enum value of |
message |
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the |
details[] |
A list of messages that carry the error details. There will be a common set of message types for APIs to use. An object containing fields of an arbitrary type. An additional field |
AuthenticationInfo
Authentication information for the operation.
JSON representation | |
---|---|
{ "principalEmail": string, "authoritySelector": string, } |
Fields | |
---|---|
principalEmail |
The email address of the authenticated user making the request. |
authoritySelector |
The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. |
AuthorizationInfo
Authorization information for the operation.
JSON representation | |
---|---|
{ "resource": string, "permission": string, "granted": boolean, } |
Fields | |
---|---|
resource |
The resource being accessed, as a REST-style string. For example:
|
permission |
The required IAM permission. |
granted |
Whether or not authorization for |
RequestMetadata
Metadata about the request.
JSON representation | |
---|---|
{ "callerIp": string, "callerSuppliedUserAgent": string, } |
Fields | |
---|---|
callerIp |
The IP address of the caller. |
callerSuppliedUserAgent |
The user agent of the caller. This information is not authenticated and should be treated accordingly. For example:
|