| Workload location | Root and organization workloads |
| Audit log source | GKE Identity Service |
| Audited operations |
|
Revoke or create a login token
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | payload.user | For example, "payload":{ "user":"fop-infrastructure-operator@example.com" } |
| Target (Fields and values that call the API) | resource | "resource":"login_token" |
| Action (Fields containing the performed operation) | operation | "operation":"revoke" |
| Event timestamp | metadata.timestamp | For example, "metadata":{ "timestamp":"2023-01-13T20:04:30.529916149+00:00" } |
| Source of action | payload.issuer | For example, "payload":{ "issuer":"fake-oidc-provider" } |
| Outcome | description | "description":"Revoked Login Token '84518e03-396a-425d-93ac-5ff1e1c993f8' which was previously issued to user 'fop-infrastructure-operator@example.com' due to a web logout" |
| Other fields | Not applicable | Not applicable |
Example log
{ "description":"Revoked Login Token '84518e03-396a-425d-93ac-5ff1e1c993f8' which was previously issued to user 'fop-infrastructure-operator@example.com' due to a web logout", "id":"55f2ae33-d229-4057-aa1f-d62349281e9c", "_gdch_service_tenant":"platform-obs", "resource":"login_token", "_gdch_tenant_id":"platform-obs", "payload":{ "id":"84518e03-396a-425d-93ac-5ff1e1c993f8", "expirationTime":"2023-01-14T08:03:33.413710266+00:00", "user":"fop-infrastructure-operator@example.com", "groups":[""], "issuer":"fake-oidc-provider" }, "_gdch_service_name":"ais", "_gdch_namespace":"anthos-identity-service", "operation":"revoke", "metadata":{ "userAgent":"", "timestamp":"2023-01-13T20:04:30.529916149+00:00" }, "_gdch_org_name":"UNKNOWN", "_gdch_org_id":"UNKNOWN", "_gdch_cluster":"org-1-admin", "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-nhbwb" } Create an STS token
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | identity | For example,
|
| Target (Fields and values that call the API) | resource | "resource":"AIS STS token" |
| Action (Fields containing the performed operation) | action | "action":"Create" |
| Event timestamp | time | For example,
|
| Source of action | userAgent | For example,
|
| Outcome | response | For example,
|
| Other fields | Not applicable | Not applicable |
Example log
{ "action":"Create", "auditID":"vwWq8fQ-o9RTopgcZtAC_psm1aYyMKxkv47GOkdU", "description":"An AIS STS token is minted for fop-shengjiang (from fake-oidc-provider) and will be valid for 11h59m49.438314611s", "resource":"AIS STS token", "response":"Success", "time":"2022-11-22T18:31:37.084205362+00:00", "user":{ "groups":[ "group-claim-1", "group-claim-2" ], "identity":"fop-shengjiang", "issuer":"fake-oidc-provider" }, "userAgent":"Go-http-client/2.0" }