Resource Manager (RM)

Workload location

Root and organization workloads

Audit log source

Audited operations

KRM API Management Plane Audit Logs (Project)

KRM API Management Plane Audit Logs (Project)

Fields in the log entry that contain audit information
Audit metadata	Audit field name	Value
User or service identity	`username`	For example, "username":system:serviceaccount:gpc-system:fleet-admin-controller"
Target (Fields and values that call the API)	`requestURI`	`"apis/resourcemanager.gdc.goog/v1/namespaces/ gpc-system/projects/istio-system`
Action (Fields containing the performed operation)	`verb`	`"verb":"update"`
Event timestamp	`requestReceivedTimestamp`	For example, `"requestReceivedTimestamp": "2022-12-22T15:46:41.028873Z"`
Source of action	`sourceIPs`	For example, `"sourceIPs":["10.253.128.178"],`
Outcome	`stage`	For example, "stage":"ResponseComplete"
Other fields	`kind` `objectRef`	For example, "kind":"Event", "objectRef":{ "name":"istio-system", "apiVersion":"v1", "apiGroup":"resourcemanager.gdc.goog", "resourceVersion":"7812139", "resource":"projects", "uid":"7d3a3bb1-a0be-4c5c-980b-f9cd3632f6e3", "namespace":"gpc-system" },

Example log

{
"stage":"ResponseComplete",
"apiVersion":"audit.k8s.io/v1",
"objectRef":{
"name":"istio-system",
"apiVersion":"v1",
"apiGroup":"resourcemanager.gdc.goog",
"resourceVersion":"7812139",
"resource":"projects",
"uid":"7d3a3bb1-a0be-4c5c-980b-f9cd3632f6e3",
"namespace":"gpc-system"
},
"requestReceivedTimestamp":"2022-12-22T15:46:41.028873Z",
"sourceIPs":[
"10.253.128.178"
],
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"fleet-admin-common-controller\" of ClusterRole \"fleet-admin-common-controllers-role\" to ServiceAccount \"fleet-admin-controller/gpc-system\"",
"mutation.webhook.admission.k8s.io/round_0_index_5":"{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"_gdch_cluster":"root-admin",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-t4rld",
"user":{
"uid":"da8e839f-eca4-4a96-9058-94fa4202824f",
"extra":{
"authentication.kubernetes.io/pod-uid":[
"09335650-82b0-451c-83e2-f8157e9d518c"
],
"authentication.kubernetes.io/pod-name":[
"fleet-admin-controller-75dbdf7659-ccfrn"
]
},
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gpc-system",
"system:authenticated"
],
"username":"system:serviceaccount:gpc-system:fleet-admin-controller"
},
"stageTimestamp":"2022-12-22T15:46:41.119767Z",
"kind":"Event",
"verb":"update",
"requestURI":"/apis/resourcemanager.gdc.goog/v1/namespaces/gpc-system/projects/istio-system",
"responseStatus":{
"metadata":{},
"code":200
},
"userAgent":"fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"auditID":"5aeaeab6-7371-4b63-8355-b4469e1440bb",
"level":"Metadata",
"_gdch_service_name":"apiserver",
"_gdch_tenant_id":"infra-obs"
}

Resource Manager (RM) Stay organized with collections Save and categorize content based on your preferences.

KRM API Management Plane Audit Logs (Project)

Resource Manager (RM)