Marketplace (MKT)

Workload location	Organization only workloads
Audit log source	KRM API
Audited operations	Creating a Marketplace service Updating a Marketplace service Revoking or granting access to a Marketplace service

Creating a Marketplace service

Fields in the log entry that contain audit information
Audit metadata	Audit field name	Value
User or service identity	`username`	For example, `"username": "system:serviceaccount:gpc-system:mkt-controller"`
Target (Fields and values that call the API)	`apiGroup`	For example, `"apiGroup": "marketplace.gdc.goog"`
Action (Fields containing the performed operation)	`verb`	For example, `"verb": "create"`
Event timestamp	`requestReceivedTimestamp`	For example, `"requestReceivedTimestamp":"2022-12-04T03:07:21.657328Z"`
Source of action	`userAgent`	For example, `"userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format"`
Outcome	`response_code`	For example, `"response_code":"200"`
Other fields	Not applicable	Not applicable

Example log

{  "_gdch_cluster": "org-1-admin",  "apiVersion": "audit.k8s.io/v1",  "auditID": "c142325e-8dee-4f36-b392-6d4dfe33947f",  "kind": "Event",  "level": "Metadata",  "objectRef": {  "name": "dataproc-service",  "namespace": "gpc-system",  "resource": "marketplaceservices",  "apiGroup": "marketplace.gdc.goog",  "apiVersion": "v1alpha1"  },  "requestReceivedTimestamp": "2022-12-04T03:07:21.657328Z",  "requestURI": "/apis/marketplace.gdc.goog/v1alpha1/namespaces/gpc-system/marketplaceservices"  "responseStatus": {  "code": 201,  "metadata": {},  }  "sourceIPs": [  "10.53.166.199"  ],  "stage": "ResponseComplete",  "stageTimestamp": "2022-12-04T03:07:21.657328Z",  "user": {  "extra": {  "authentication.kubernetes.io/pod-name": [  "fleet-admin-controller-59cc779bfd-vtx96"  ],  "authentication.kubernetes.io/pod-uid": [  "3f656979-43ea-4012-892c-a595cf94a17b"  ]  }  "username": "system:serviceaccount:gpc-system:mkt-controller",  "uid": "884009bb-d50c-46a1-a68c-8fa1b91da675"  "groups": [  "system:serviceaccounts",  "system:serviceaccounts:gpc-system",  "system:authenticated"  ]  },  "userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",  "verb": "create" }

Updating a Marketplace service

Fields in the log entry that contain audit information
Audit metadata	Audit field name	Value
User or service identity	`username`	For example, `"username": "kubernetes-admin"`
Target (Fields and values that call the API)	`apiGroup`	For example, `"apiGroup": "marketplace.gdc.goog"`
Action (Fields containing the performed operation)	`verb`	For example, `"verb": "patch"`
Event timestamp	`requestReceivedTimestamp`	For example, `"requestReceivedTimestamp":"2022-12-03T01:09:47.451242Z"`
Source of action	`userAgent`	For example, `"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78"`
Outcome	`response_code`	For example, `"response_code":"200"`
Other fields	Not applicable	Not applicable

Example log

{  "cluster": "org-1-admin",  "apiVersion": "audit.k8s.io/v1",  "auditID": "c142325e-8dee-4f36-b392-6d4dfe33947f",  "kind": "Event",  "level": "Metadata",  "objectRef": {  "name": "dataproc-service",  "namespace": "gpc-system",  "resource": "marketplaceservices",  "apiGroup": "marketplace.gdc.goog",  "apiVersion": "v1alpha1"  },  "requestReceivedTimestamp": "2022-12-04T03:07:21.657328Z",  "requestURI": "/apis/marketplace.gdc.goog/v1alpha1/namespaces/gpc-system/marketplaceservices/dataproc-service?fieldManager=kubectl-edit"  "responseStatus": {  "code": 201,  "metadata": {},  }  "sourceIPs": [  "10.200.0.6"  ],  "stage": "ResponseComplete",  "stageTimestamp": "2022-12-04T03:07:21.657328Z",  "user": {  "groups": [  "system:masters",  "system:authenticated"  ],  "username": "kubernetes-admin"  },  "userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",  "verb": "patch" }

Revoking or granting access to a Marketplace service

Fields in the log entry that contain audit information
Audit metadata	Audit field name	Value
User or service identity	`username`	For example, `"username": "fop-platform-admin@example.com"`
Target (Fields and values that call the API)	`apiGroup`	For example, `"apiGroup": "rbac.authorization.k8s.io"`
Action (Fields containing the performed operation)	`verb`	For example, `"verb": "create"`
Event timestamp	`time`	For example, `"time":"2022-12-04T02:00:17.475634Z"`
Source of action	`username`	For example, `"username": "fop-platform-admin@example.com"`
Outcome	`response_code`	For example, `"response_code":"201"`
Other fields	Not applicable	Not applicable

Example log

{  "cluster": "org-1-admin",  "apiVersion": "audit.k8s.io/v1",  "auditID": "c142325e-8dee-4f36-b392-6d4dfe33947f",  "impersonatedUser": {  "groups": [  "system:authenticated"  "username": "fop-platform-admin@example.com"  }  "kind": "Event",  "level": "Metadata",  "objectRef": {  "apiVersion": "v1"  "name": "user-fop-platform-admin--example--com-marketplace-viewer",  "resource": "clusterrolebindings",  "apiGroup": "rbac.authorization.k8s.io",  },  "requestReceivedTimestamp": "2022-12-04T03:07:21.657328Z",  "requestURI": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings"  "responseStatus": {  "code": 201,  "metadata": {},  }  "sourceIPs": [  "10.253.164.220"  ],  "stage": "ResponseComplete",  "stageTimestamp": "2022-12-04T03:07:21.657328Z",  "user": {  "extra": {  "authentication.kubernetes.io/pod-name": [  "fleet-admin-gateway-server-c8b7f879c-zwchc"  ],  "authentication.kubernetes.io/pod-uid": [  "f0ec7e0-a604-4b70-a5fc-793e0c158349"  ]  }  "username": "system:serviceaccount:gpc-system:fleet-admin-gateway-server-sa",  "uid": "72904c96-d59a-4344-8408-5751f42ffdd88"  "groups": [  "system:serviceaccounts",  "system:serviceaccounts:gpc-system",  "system:authenticated"  },  "userAgent": "ui-gateway-server/v0.0.0 (linux/amd64) kubernetes/$Format",  "verb": "create" }

Marketplace (MKT) Stay organized with collections Save and categorize content based on your preferences.

Creating a Marketplace service

Updating a Marketplace service

Revoking or granting access to a Marketplace service

Marketplace (MKT)