Audit Trails API, gRPC: TrailService
- Calls TrailService
- Get
- List
- Create
- CreateTrailRequest
- Operation
- CreateTrailMetadata
- Trail
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- PathFilterElementSome
- Resource
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- DataEventsFiltering
- EventTypes
- ManagementEventsFiltering
- FilteringPolicy
- Update
- UpdateTrailRequest
- Operation
- UpdateTrailMetadata
- Trail
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- PathFilterElementSome
- Resource
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- DataEventsFiltering
- EventTypes
- ManagementEventsFiltering
- FilteringPolicy
- Delete
- ListOperations
- ListAccessBindings
- SetAccessBindings
- UpdateAccessBindings
A set of methods for managing trails.
Call | Description |
---|---|
Get | Returns the specified trail. |
List | Retrieves the list of trails in the specified folder. |
Create | Creates a trail in the specified folder. |
Update | Updates the specified trail. |
Delete | Deletes the specified trail. |
ListOperations | Lists operations for the specified trail. |
ListAccessBindings | Lists existing access bindings for the specified trail. |
SetAccessBindings | Sets access bindings for the trail. |
UpdateAccessBindings | Updates access bindings for the trail. |
Calls TrailService
Get
Returns the specified trail.
To get the list of all available trails, make a List request.
rpc Get (GetTrailRequest) returns (Trail)
GetTrailRequest
Field | Description |
---|---|
trail_id | string Required. ID of the trail to return. To get a trail ID make a List request. The maximum string length in characters is 50. |
Trail
Field | Description |
---|---|
id | string ID of the trail |
folder_id | string Required. ID of the folder that the trail belongs to The maximum string length in characters is 50. |
created_at | google.protobuf.Timestamp Required. The timestamp for the creation operation |
updated_at | google.protobuf.Timestamp Required. The timestamp of the last update operation |
name | string Name of the trail Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])? . |
description | string Description of the trail The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels of the trail as key:value pairs. Maximum 64 per key No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
destination | Destination Required. Destination configuration of the trail |
service_account_id | string Service account ID of the trail The maximum string length in characters is 50. |
status | enum Status Required. Status of the trail
|
filter | Filter Filtering configuration of the trail deprecated: use filtering_policy instead |
status_error_message | string Current error message of the trail. Empty in case if the trail is active |
cloud_id | string Required. ID of the cloud that the trail belongs to The maximum string length in characters is 50. |
filtering_policy | FilteringPolicy Event filtering policy Describes which groups of events will be sent and which resources will be monitored |
Destination
Field | Description |
---|---|
destination | oneof: object_storage , cloud_logging or data_stream |
object_storage | ObjectStorage Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default |
cloud_logging | CloudLogging Configuration for event delivery to Cloud Logging |
data_stream | DataStream Configuration for event delivery to YDS |
ObjectStorage
Field | Description |
---|---|
bucket_id | string Name of the destination bucket The string length in characters must be 3-63. |
object_prefix | string Prefix for exported objects. Optional If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/ |
CloudLogging
Field | Description |
---|---|
destination | oneof: log_group_id Placeholder for folder_id |
log_group_id | string ID of the Cloud Logging destination group The maximum string length in characters is 64. |
DataStream
Field | Description |
---|---|
database_id | string ID of the database hosting the destination YDS |
stream_name | string Name of the destination YDS |
Filter
Field | Description |
---|---|
path_filter | PathFilter Configuration of default events gathering for the trail If not specified, default events won't be gathered for the trail |
event_filter | EventFilter Required. Configuration of additional events gathering from specific services |
PathFilter
Field | Description |
---|---|
root | PathFilterElement Required. Root element of the resource path filter for the trail Resource described in that filter node must contain the trail itself |
PathFilterElement
Field | Description |
---|---|
element | oneof: any_filter or some_filter |
any_filter | PathFilterElementAny Filter element with ANY type. If used, configures the trail to gather any events from the resource |
some_filter | PathFilterElementSome Filter element with SOME type. If used, configures the trail to gather some of the events from the resource |
PathFilterElementAny
Field | Description |
---|---|
resource | Resource Required. Resource definition |
PathFilterElementSome
Field | Description |
---|---|
resource | Resource Required. Definition of the resource that contains nested resources |
filters[] | PathFilterElement Filters for the resources contained in the parent resource The number of elements must be greater than 0. |
Resource
Field | Description |
---|---|
id | string Required. ID of the resource The maximum string length in characters is 64. |
type | string Required. Type of the resource The maximum string length in characters is 50. |
EventFilter
Field | Description |
---|---|
filters[] | EventFilterElement List of filters for services The minimum number of elements is 0. |
EventFilterElement
Field | Description |
---|---|
service | string Required. Service ID of the gathered events |
categories[] | EventFilterElementCategory List of the event categories gathered for a specified service The number of elements must be greater than 0. |
path_filter | PathFilter Required. Resource path filter for a specified service |
EventFilterElementCategory
Field | Description |
---|---|
plane | enum EventCategoryFilter Required. Plane of the gathered category
|
type | enum EventAccessTypeFilter Required. Type of the gathered category
|
DataEventsFiltering
Field | Description |
---|---|
service | string Required. Name of the service whose events will be delivered |
additional_rules | oneof: included_events or excluded_events |
included_events | EventTypes Explicitly included events of specified service New events of the service won't be delivered by default |
excluded_events | EventTypes Explicitly excluded events of specified service New events of the service will be delivered by default |
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
EventTypes
Field | Description |
---|---|
event_types[] | string The number of elements must be in the range 1-1024. |
ManagementEventsFiltering
Field | Description |
---|---|
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
FilteringPolicy
Field | Description |
---|---|
management_events_filter | ManagementEventsFiltering Singular filter describing gathering management events |
data_events_filters[] | DataEventsFiltering List of filters describing gathering data events The number of elements must be less than 128. |
List
Retrieves the list of trails in the specified folder.
rpc List (ListTrailsRequest) returns (ListTrailsResponse)
ListTrailsRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder to list trails in. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page to return. If the number of available results is larger than page_size , the service returns a ListTrailsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListTrailsRequest.next_page_token returned by a previous list request. The maximum string length in characters is 100. |
filter | string A filter expression that filters subscription locks listed in the response. The expression must specify:
name="my-name" . |
order_by | string By which column the listing should be ordered and in which direction. format is " |
ListTrailsResponse
Field | Description |
---|---|
trails[] | Trail List of trails in the specified folder. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListTrailsRequest.page_size, use the next_page_token as the value for the ListTrailsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
Trail
Field | Description |
---|---|
id | string ID of the trail |
folder_id | string Required. ID of the folder that the trail belongs to The maximum string length in characters is 50. |
created_at | google.protobuf.Timestamp Required. The timestamp for the creation operation |
updated_at | google.protobuf.Timestamp Required. The timestamp of the last update operation |
name | string Name of the trail Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])? . |
description | string Description of the trail The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels of the trail as key:value pairs. Maximum 64 per key No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
destination | Destination Required. Destination configuration of the trail |
service_account_id | string Service account ID of the trail The maximum string length in characters is 50. |
status | enum Status Required. Status of the trail
|
filter | Filter Filtering configuration of the trail deprecated: use filtering_policy instead |
status_error_message | string Current error message of the trail. Empty in case if the trail is active |
cloud_id | string Required. ID of the cloud that the trail belongs to The maximum string length in characters is 50. |
filtering_policy | FilteringPolicy Event filtering policy Describes which groups of events will be sent and which resources will be monitored |
Destination
Field | Description |
---|---|
destination | oneof: object_storage , cloud_logging or data_stream |
object_storage | ObjectStorage Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default |
cloud_logging | CloudLogging Configuration for event delivery to Cloud Logging |
data_stream | DataStream Configuration for event delivery to YDS |
ObjectStorage
Field | Description |
---|---|
bucket_id | string Name of the destination bucket The string length in characters must be 3-63. |
object_prefix | string Prefix for exported objects. Optional If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/ |
CloudLogging
Field | Description |
---|---|
destination | oneof: log_group_id Placeholder for folder_id |
log_group_id | string ID of the Cloud Logging destination group The maximum string length in characters is 64. |
DataStream
Field | Description |
---|---|
database_id | string ID of the database hosting the destination YDS |
stream_name | string Name of the destination YDS |
Filter
Field | Description |
---|---|
path_filter | PathFilter Configuration of default events gathering for the trail If not specified, default events won't be gathered for the trail |
event_filter | EventFilter Required. Configuration of additional events gathering from specific services |
PathFilter
Field | Description |
---|---|
root | PathFilterElement Required. Root element of the resource path filter for the trail Resource described in that filter node must contain the trail itself |
PathFilterElement
Field | Description |
---|---|
element | oneof: any_filter or some_filter |
any_filter | PathFilterElementAny Filter element with ANY type. If used, configures the trail to gather any events from the resource |
some_filter | PathFilterElementSome Filter element with SOME type. If used, configures the trail to gather some of the events from the resource |
PathFilterElementAny
Field | Description |
---|---|
resource | Resource Required. Resource definition |
PathFilterElementSome
Field | Description |
---|---|
resource | Resource Required. Definition of the resource that contains nested resources |
filters[] | PathFilterElement Filters for the resources contained in the parent resource The number of elements must be greater than 0. |
Resource
Field | Description |
---|---|
id | string Required. ID of the resource The maximum string length in characters is 64. |
type | string Required. Type of the resource The maximum string length in characters is 50. |
EventFilter
Field | Description |
---|---|
filters[] | EventFilterElement List of filters for services The minimum number of elements is 0. |
EventFilterElement
Field | Description |
---|---|
service | string Required. Service ID of the gathered events |
categories[] | EventFilterElementCategory List of the event categories gathered for a specified service The number of elements must be greater than 0. |
path_filter | PathFilter Required. Resource path filter for a specified service |
EventFilterElementCategory
Field | Description |
---|---|
plane | enum EventCategoryFilter Required. Plane of the gathered category
|
type | enum EventAccessTypeFilter Required. Type of the gathered category
|
DataEventsFiltering
Field | Description |
---|---|
service | string Required. Name of the service whose events will be delivered |
additional_rules | oneof: included_events or excluded_events |
included_events | EventTypes Explicitly included events of specified service New events of the service won't be delivered by default |
excluded_events | EventTypes Explicitly excluded events of specified service New events of the service will be delivered by default |
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
EventTypes
Field | Description |
---|---|
event_types[] | string The number of elements must be in the range 1-1024. |
ManagementEventsFiltering
Field | Description |
---|---|
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
FilteringPolicy
Field | Description |
---|---|
management_events_filter | ManagementEventsFiltering Singular filter describing gathering management events |
data_events_filters[] | DataEventsFiltering List of filters describing gathering data events The number of elements must be less than 128. |
Create
Creates a trail in the specified folder.
rpc Create (CreateTrailRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:CreateTrailMetadata
Operation.response:Trail
CreateTrailRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder to create a trail in. The maximum string length in characters is 50. |
name | string Name of the trail. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])? . |
description | string Description of the trail. The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. For example, "type": "critical" or "source": "dictionary" . No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
destination | Trail.Destination Required. Destination configuration for the trail |
service_account_id | string Required. Service account ID of the trail The maximum string length in characters is 50. |
filter | Trail.Filter Event filtering configuration of the trail deprecated: use filtering_policy instead |
filtering_policy | Trail.FilteringPolicy Event filtering policy of the trail |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
CreateTrailMetadata
Field | Description |
---|---|
trail_id | string ID of the trail that is being created |
Trail
Field | Description |
---|---|
id | string ID of the trail |
folder_id | string Required. ID of the folder that the trail belongs to The maximum string length in characters is 50. |
created_at | google.protobuf.Timestamp Required. The timestamp for the creation operation |
updated_at | google.protobuf.Timestamp Required. The timestamp of the last update operation |
name | string Name of the trail Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])? . |
description | string Description of the trail The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels of the trail as key:value pairs. Maximum 64 per key No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
destination | Destination Required. Destination configuration of the trail |
service_account_id | string Service account ID of the trail The maximum string length in characters is 50. |
status | enum Status Required. Status of the trail
|
filter | Filter Filtering configuration of the trail deprecated: use filtering_policy instead |
status_error_message | string Current error message of the trail. Empty in case if the trail is active |
cloud_id | string Required. ID of the cloud that the trail belongs to The maximum string length in characters is 50. |
filtering_policy | FilteringPolicy Event filtering policy Describes which groups of events will be sent and which resources will be monitored |
Destination
Field | Description |
---|---|
destination | oneof: object_storage , cloud_logging or data_stream |
object_storage | ObjectStorage Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default |
cloud_logging | CloudLogging Configuration for event delivery to Cloud Logging |
data_stream | DataStream Configuration for event delivery to YDS |
ObjectStorage
Field | Description |
---|---|
bucket_id | string Name of the destination bucket The string length in characters must be 3-63. |
object_prefix | string Prefix for exported objects. Optional If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/ |
CloudLogging
Field | Description |
---|---|
destination | oneof: log_group_id Placeholder for folder_id |
log_group_id | string ID of the Cloud Logging destination group The maximum string length in characters is 64. |
DataStream
Field | Description |
---|---|
database_id | string ID of the database hosting the destination YDS |
stream_name | string Name of the destination YDS |
Filter
Field | Description |
---|---|
path_filter | PathFilter Configuration of default events gathering for the trail If not specified, default events won't be gathered for the trail |
event_filter | EventFilter Required. Configuration of additional events gathering from specific services |
PathFilter
Field | Description |
---|---|
root | PathFilterElement Required. Root element of the resource path filter for the trail Resource described in that filter node must contain the trail itself |
PathFilterElement
Field | Description |
---|---|
element | oneof: any_filter or some_filter |
any_filter | PathFilterElementAny Filter element with ANY type. If used, configures the trail to gather any events from the resource |
some_filter | PathFilterElementSome Filter element with SOME type. If used, configures the trail to gather some of the events from the resource |
PathFilterElementAny
Field | Description |
---|---|
resource | Resource Required. Resource definition |
PathFilterElementSome
Field | Description |
---|---|
resource | Resource Required. Definition of the resource that contains nested resources |
filters[] | PathFilterElement Filters for the resources contained in the parent resource The number of elements must be greater than 0. |
Resource
Field | Description |
---|---|
id | string Required. ID of the resource The maximum string length in characters is 64. |
type | string Required. Type of the resource The maximum string length in characters is 50. |
EventFilter
Field | Description |
---|---|
filters[] | EventFilterElement List of filters for services The minimum number of elements is 0. |
EventFilterElement
Field | Description |
---|---|
service | string Required. Service ID of the gathered events |
categories[] | EventFilterElementCategory List of the event categories gathered for a specified service The number of elements must be greater than 0. |
path_filter | PathFilter Required. Resource path filter for a specified service |
EventFilterElementCategory
Field | Description |
---|---|
plane | enum EventCategoryFilter Required. Plane of the gathered category
|
type | enum EventAccessTypeFilter Required. Type of the gathered category
|
DataEventsFiltering
Field | Description |
---|---|
service | string Required. Name of the service whose events will be delivered |
additional_rules | oneof: included_events or excluded_events |
included_events | EventTypes Explicitly included events of specified service New events of the service won't be delivered by default |
excluded_events | EventTypes Explicitly excluded events of specified service New events of the service will be delivered by default |
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
EventTypes
Field | Description |
---|---|
event_types[] | string The number of elements must be in the range 1-1024. |
ManagementEventsFiltering
Field | Description |
---|---|
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
FilteringPolicy
Field | Description |
---|---|
management_events_filter | ManagementEventsFiltering Singular filter describing gathering management events |
data_events_filters[] | DataEventsFiltering List of filters describing gathering data events The number of elements must be less than 128. |
Update
Updates the specified trail.
rpc Update (UpdateTrailRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateTrailMetadata
Operation.response:Trail
UpdateTrailRequest
Field | Description |
---|---|
trail_id | string Required. ID of the trail to update. The maximum string length in characters is 50. |
update_mask | google.protobuf.FieldMask Field mask that specifies which attributes of the trail are going to be updated. |
name | string New name of the trail. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])? . |
description | string New description of the trail. The maximum string length in characters is 1024. |
labels | map<string,string> New custom labels for the secret as key:value pairs. Maximum 64 per key. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
destination | Trail.Destination New destination configuration for the trail |
service_account_id | string New service account ID of the trail The maximum string length in characters is 50. |
filter | Trail.Filter Updated filtering configuration of the trail deprecated: use filtering_policy instead |
filtering_policy | Trail.FilteringPolicy Updated event filtering policy |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
UpdateTrailMetadata
Field | Description |
---|---|
trail_id | string ID of the trail that is being updated |
Trail
Field | Description |
---|---|
id | string ID of the trail |
folder_id | string Required. ID of the folder that the trail belongs to The maximum string length in characters is 50. |
created_at | google.protobuf.Timestamp Required. The timestamp for the creation operation |
updated_at | google.protobuf.Timestamp Required. The timestamp of the last update operation |
name | string Name of the trail Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])? . |
description | string Description of the trail The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels of the trail as key:value pairs. Maximum 64 per key No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
destination | Destination Required. Destination configuration of the trail |
service_account_id | string Service account ID of the trail The maximum string length in characters is 50. |
status | enum Status Required. Status of the trail
|
filter | Filter Filtering configuration of the trail deprecated: use filtering_policy instead |
status_error_message | string Current error message of the trail. Empty in case if the trail is active |
cloud_id | string Required. ID of the cloud that the trail belongs to The maximum string length in characters is 50. |
filtering_policy | FilteringPolicy Event filtering policy Describes which groups of events will be sent and which resources will be monitored |
Destination
Field | Description |
---|---|
destination | oneof: object_storage , cloud_logging or data_stream |
object_storage | ObjectStorage Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default |
cloud_logging | CloudLogging Configuration for event delivery to Cloud Logging |
data_stream | DataStream Configuration for event delivery to YDS |
ObjectStorage
Field | Description |
---|---|
bucket_id | string Name of the destination bucket The string length in characters must be 3-63. |
object_prefix | string Prefix for exported objects. Optional If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/ |
CloudLogging
Field | Description |
---|---|
destination | oneof: log_group_id Placeholder for folder_id |
log_group_id | string ID of the Cloud Logging destination group The maximum string length in characters is 64. |
DataStream
Field | Description |
---|---|
database_id | string ID of the database hosting the destination YDS |
stream_name | string Name of the destination YDS |
Filter
Field | Description |
---|---|
path_filter | PathFilter Configuration of default events gathering for the trail If not specified, default events won't be gathered for the trail |
event_filter | EventFilter Required. Configuration of additional events gathering from specific services |
PathFilter
Field | Description |
---|---|
root | PathFilterElement Required. Root element of the resource path filter for the trail Resource described in that filter node must contain the trail itself |
PathFilterElement
Field | Description |
---|---|
element | oneof: any_filter or some_filter |
any_filter | PathFilterElementAny Filter element with ANY type. If used, configures the trail to gather any events from the resource |
some_filter | PathFilterElementSome Filter element with SOME type. If used, configures the trail to gather some of the events from the resource |
PathFilterElementAny
Field | Description |
---|---|
resource | Resource Required. Resource definition |
PathFilterElementSome
Field | Description |
---|---|
resource | Resource Required. Definition of the resource that contains nested resources |
filters[] | PathFilterElement Filters for the resources contained in the parent resource The number of elements must be greater than 0. |
Resource
Field | Description |
---|---|
id | string Required. ID of the resource The maximum string length in characters is 64. |
type | string Required. Type of the resource The maximum string length in characters is 50. |
EventFilter
Field | Description |
---|---|
filters[] | EventFilterElement List of filters for services The minimum number of elements is 0. |
EventFilterElement
Field | Description |
---|---|
service | string Required. Service ID of the gathered events |
categories[] | EventFilterElementCategory List of the event categories gathered for a specified service The number of elements must be greater than 0. |
path_filter | PathFilter Required. Resource path filter for a specified service |
EventFilterElementCategory
Field | Description |
---|---|
plane | enum EventCategoryFilter Required. Plane of the gathered category
|
type | enum EventAccessTypeFilter Required. Type of the gathered category
|
DataEventsFiltering
Field | Description |
---|---|
service | string Required. Name of the service whose events will be delivered |
additional_rules | oneof: included_events or excluded_events |
included_events | EventTypes Explicitly included events of specified service New events of the service won't be delivered by default |
excluded_events | EventTypes Explicitly excluded events of specified service New events of the service will be delivered by default |
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
EventTypes
Field | Description |
---|---|
event_types[] | string The number of elements must be in the range 1-1024. |
ManagementEventsFiltering
Field | Description |
---|---|
resource_scopes[] | Resource A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
FilteringPolicy
Field | Description |
---|---|
management_events_filter | ManagementEventsFiltering Singular filter describing gathering management events |
data_events_filters[] | DataEventsFiltering List of filters describing gathering data events The number of elements must be less than 128. |
Delete
Deletes the specified trail.
rpc Delete (DeleteTrailRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:DeleteTrailMetadata
Operation.response:google.protobuf.Empty
DeleteTrailRequest
Field | Description |
---|---|
trail_id | string Required. ID of the trail to be deleted. The maximum string length in characters is 50. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
DeleteTrailMetadata
Field | Description |
---|---|
trail_id | string ID of the trail that is being deleted |
ListOperations
Lists operations for the specified trail.
rpc ListOperations (ListTrailOperationsRequest) returns (ListTrailOperationsResponse)
ListTrailOperationsRequest
Field | Description |
---|---|
trail_id | string Required. ID of the trail to get operations for. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page that should be returned. If the number of available results is larger than page_size , the service returns a ListTrailOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListTrailOperationsRequest.next_page_token returned by a previous list request. The maximum string length in characters is 100. |
ListTrailOperationsResponse
Field | Description |
---|---|
operations[] | operation.Operation List of operations for the specified trail. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListTrailOperationsResponse.page_size, use the next_page_token as the value for the ListTrailOperationsResponse.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty |
ListAccessBindings
Lists existing access bindings for the specified trail.
rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)
ListAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource to list access bindings for. To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page that should be returned. If the number of available results is larger than page_size , the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. Set page_token to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100. |
ListAccessBindingsResponse
Field | Description |
---|---|
access_bindings[] | AccessBinding List of access bindings for the specified resource. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the next_page_token as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
SetAccessBindings
Sets access bindings for the trail.
rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:SetAccessBindingsMetadata
Operation.response:google.protobuf.Empty
SetAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource for which access bindings are being set. To get the resource ID, use a corresponding List request. The maximum string length in characters is 50. |
access_bindings[] | AccessBinding Required. Access bindings to be set. For more information, see Access Bindings. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
SetAccessBindingsMetadata
Field | Description |
---|---|
resource_id | string ID of the resource for which access bindings are being set. |
UpdateAccessBindings
Updates access bindings for the trail.
rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateAccessBindingsMetadata
Operation.response:google.protobuf.Empty
UpdateAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource for which access bindings are being updated. The maximum string length in characters is 50. |
access_binding_deltas[] | AccessBindingDelta Required. Updates to access bindings. The number of elements must be greater than 0. |
AccessBindingDelta
Field | Description |
---|---|
action | enum AccessBindingAction Required. The action that is being performed on an access binding.
|
access_binding | AccessBinding Required. Access binding. For more information, see Access Bindings. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
UpdateAccessBindingsMetadata
Field | Description |
---|---|
resource_id | string ID of the resource for which access bindings are being updated. |