AuditLog

JSON representation
Status
- JSON representation
AuthenticationInfo
- JSON representation
AuthorizationInfo
- JSON representation
RequestMetadata
- JSON representation

Common audit log format for Google Cloud Platform API operations.

JSON representation

JSON representation
{ "serviceName": string, "methodName": string, "resourceName": string, "numResponseItems": string, "status": { object (`Status`) }, "authenticationInfo": { object (`AuthenticationInfo`) }, "authorizationInfo": [ { object (`AuthorizationInfo`) } ], "requestMetadata": { object (`RequestMetadata`) }, "request": { object }, "response": { object }, "metadata": { object }, "serviceData": { "@type": string, field1: ..., ... } }

{
  "serviceName": string,
  "methodName": string,
  "resourceName": string,
  "numResponseItems": string,
  "status": {
    object (Status)
  },
  "authenticationInfo": {
    object (AuthenticationInfo)
  },
  "authorizationInfo": [
    {
      object (AuthorizationInfo)
    }
  ],
  "requestMetadata": {
    object (RequestMetadata)
  },
  "request": {
    object
  },
  "response": {
    object
  },
  "metadata": {
    object
  },
  "serviceData": {
    "@type": string,
    field1: ...,
    ...
  }
}

Fields
`serviceName`	`string` The name of the API service performing the operation. For example, `"compute.googleapis.com"`.
`methodName`	`string` The name of the service method or operation. For API calls, this should be the name of the API method. For example, `"google.cloud.bigquery.v2.TableService.InsertTable" "google.logging.v2.ConfigServiceV2.CreateSink"`
`resourceName`	`string` The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example: `"projects/PROJECT_ID/zones/us-central1-a/instances" "projects/PROJECT_ID/datasets/DATASET_ID"`
`numResponseItems`	`string (int64 format)` The number of items returned from a List or Query API method, if applicable.
`status`	`object (Status)` The status of the overall operation.
`authenticationInfo`	`object (AuthenticationInfo)` Authentication information.
`authorizationInfo[]`	`object (AuthorizationInfo)` Authorization information. If there are multiple resources or permissions involved, then there is one AuthorizationInfo element for each {resource, permission} tuple.
`requestMetadata`	`object (RequestMetadata)` Metadata about the operation.
`request`	`object (Struct format)` The operation request. This may not include all request parameters, such as those that are too large, privacy-sensitive, or duplicated elsewhere in the log record. It should never include user-generated data, such as file contents. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the `@type` property.
`response`	`object (Struct format)` The operation response. This may not include all response elements, such as those that are too large, privacy-sensitive, or duplicated elsewhere in the log record. It should never include user-generated data, such as file contents. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the `@type` property.
`metadata`	`object (Struct format)` Other service-specific data about the request, response, and other information associated with the current audited event.
`serviceData (deprecated)`	`object` This item is deprecated! Deprecated. Use the `metadata` field instead. Other service-specific data about the request, response, and other activities. An object containing fields of an arbitrary type. An additional field `"@type"` contains a URI identifying the type. Example: `{ "id": 1234, "@type": "types.example.com/standard/id" }`.

Status

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details.

You can find out more about this error model and how to work with it in the API Design Guide.

JSON representation
{ "code": integer, "message": string, "details": [ { "@type": string, field1: ..., ... } ] }

Fields

Fields
`code`	`integer` The status code, which should be an enum value of `google.rpc.Code`.
`message`	`string` A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the `google.rpc.Status.details` field, or localized by the client.
`details[]`	`object` A list of messages that carry the error details. There is a common set of message types for APIs to use. An object containing fields of an arbitrary type. An additional field `"@type"` contains a URI identifying the type. Example: `{ "id": 1234, "@type": "types.example.com/standard/id" }`.

code

integer

The status code, which should be an enum value of google.rpc.Code.

message

string

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.

details[]

object

A list of messages that carry the error details. There is a common set of message types for APIs to use.

An object containing fields of an arbitrary type. An additional field "@type" contains a URI identifying the type. Example: { "id": 1234, "@type": "types.example.com/standard/id" }.

AuthenticationInfo

Authentication information for the operation.

JSON representation
{ "principalEmail": string, "authoritySelector": string, "principalSubject": string }

Fields

Fields
`principalEmail`	`string` The email address of the authenticated user (or service account on behalf of third party principal) making the request. For third party identity callers, the `principalSubject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs.
`authoritySelector`	`string` The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority.
`principalSubject`	`string` String representation of identity of requesting party. Populated for both first and third party identities. Only present for APIs that support third-party identities.

principalEmail

string

The email address of the authenticated user (or service account on behalf of third party principal) making the request. For third party identity callers, the principalSubject field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs.

authoritySelector

string

The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority.

principalSubject

string

String representation of identity of requesting party. Populated for both first and third party identities. Only present for APIs that support third-party identities.

AuthorizationInfo

Authorization information for the operation.

JSON representation
{ "resource": string, "permission": string, "granted": boolean }

Fields

Fields
`resource`	`string` The resource being accessed, as a REST-style string. For example: `bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID`
`permission`	`string` The required IAM permission.
`granted`	`boolean` Whether or not authorization for `resource` and `permission` was granted.

resource

string

The resource being accessed, as a REST-style string. For example:

bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID

permission

string

The required IAM permission.

granted

boolean

Whether or not authorization for resource and permission was granted.

RequestMetadata

Metadata about the request.

JSON representation
{ "callerIp": string, "callerSuppliedUserAgent": string }

Fields

callerIp

string

The IP address of the caller. For caller from internet, this will be public IPv4 or IPv6 address. For caller from a Compute Engine VM with external IP address, this will be the VM's external IP address. For caller from a Compute Engine VM without external IP address, if the VM is in the same organization (or project) as the accessed resource, callerIp will be the VM's internal IPv4 address, otherwise the callerIp will be redacted to "gce-internal-ip". See https://cloud.google.com/compute/docs/vpc/ for more information.

callerSuppliedUserAgent

string

The user agent of the caller. This information is not authenticated and should be treated accordingly. For example:

google-api-python-client/1.4.0: The request was made by the Google API client for Python.
Cloud SDK Command Line Tool apitools-client/1.0 gcloud/0.9.62: The request was made by the Google Cloud SDK CLI (gcloud).
AppEngine-Google; (+http://code.google.com/appengine; appid: s~my-project: The request was made from the my-project App Engine app. NOLINT