GKE Identity Service (GIS)

Workload location

Root and organization workloads

Audit log source

GKE Identity Service

Audited operations

Revoke or create a login token

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity payload.user

For example,

"payload":{
"user":"fop-infrastructure-operator@example.com"
}

Target

(Fields and values that call the API)

 resource "resource":"login_token"

Action

(Fields containing the performed operation)

 operation "operation":"revoke"
Event timestamp metadata.timestamp

For example,

"metadata":{
"timestamp":"2023-01-13T20:04:30.529916149+00:00"
}
Source of action payload.issuer

For example,

"payload":{
"issuer":"fake-oidc-provider"
}
Outcome description "description":"Revoked Login Token '84518e03-396a-425d-93ac-5ff1e1c993f8' which was previously issued to user 'fop-infrastructure-operator@example.com' due to a web logout"
Other fields Not applicable Not applicable

Example log

{
"description":"Revoked Login Token '84518e03-396a-425d-93ac-5ff1e1c993f8' which was previously issued to user 'fop-infrastructure-operator@example.com' due to a web logout",
"id":"55f2ae33-d229-4057-aa1f-d62349281e9c",
"_gdch_service_tenant":"platform-obs",
"resource":"login_token",
"_gdch_tenant_id":"platform-obs",
"payload":{
"id":"84518e03-396a-425d-93ac-5ff1e1c993f8",
"expirationTime":"2023-01-14T08:03:33.413710266+00:00",
"user":"fop-infrastructure-operator@example.com",
"groups":[""],
"issuer":"fake-oidc-provider"
},
"_gdch_service_name":"ais",
"_gdch_namespace":"anthos-identity-service",
"operation":"revoke",
"metadata":{
"userAgent":"",
"timestamp":"2023-01-13T20:04:30.529916149+00:00"
},
"_gdch_org_name":"UNKNOWN",
"_gdch_org_id":"UNKNOWN",
"_gdch_cluster":"org-1-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-nhbwb"
}

Create an STS token

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity identity

For example,

"identity":"fop-shengjiang"

Target

(Fields and values that call the API)

 resource "resource":"AIS STS token"

Action

(Fields containing the performed operation)

 action "action":"Create"
Event timestamp time

For example,

"time":"2022-11-22T18:31:37.084205362+00:00"
Source of action userAgent

For example,

"userAgent":"Go-http-client/2.0"
Outcome response

For example,

"response":"Success"
Other fields Not applicable Not applicable

Example log

{
"action":"Create",
"auditID":"vwWq8fQ-o9RTopgcZtAC_psm1aYyMKxkv47GOkdU",
"description":"An AIS STS token is minted for fop-shengjiang (from fake-oidc-provider) and will be valid for 11h59m49.438314611s",
"resource":"AIS STS token",
"response":"Success",
"time":"2022-11-22T18:31:37.084205362+00:00",
"user":{
"groups":[
"group-claim-1",
"group-claim-2"
],
"identity":"fop-shengjiang",
"issuer":"fake-oidc-provider"
},
"userAgent":"Go-http-client/2.0"
}

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年10月16日 UTC.