GKE Identity Service (AIS)

工作负载位置

根工作负载和组织工作负载
审核日志源

GKE Identity Service
接受审核的操作

创建 STS 令牌

创建 STS 令牌

包含审核信息的日志条目中的字段
审核元数据 审核字段名称
用户或服务身份 identity

例如,

"identity":"fop-shengjiang"

目标

(调用 API 的字段和值)

 resource "resource":"AIS STS token"

操作

(包含所执行操作的字段)

 action "action":"Create"
活动时间戳 time

例如,

"time":"2022-11-22T18:31:37.084205362+00:00"
操作来源 userAgent

例如,

"userAgent":"Go-http-client/2.0"
结果 response

例如,

"response":"Success"
其他字段 不适用 不适用

日志示例

{
  "action":"Create",
  "auditID":"vwWq8fQ-o9RTopgcZtAC_psm1aYyMKxkv47GOkdU",
  "description":"An AIS STS token is minted for fop-shengjiang (from fake-oidc-provider) and will be valid for 11h59m49.438314611s",
  "resource":"AIS STS token",
  "response":"Success",
  "time":"2022-11-22T18:31:37.084205362+00:00",
  "user":{
    "groups":[
      "group-claim-1",
      "group-claim-2"
      ],
    "identity":"fop-shengjiang",
    "issuer":"fake-oidc-provider"
    },
  "userAgent":"Go-http-client/2.0"
}