Identity and Access Management Audit Trails Events: RevokeLeakedCredential
Event JSON schema
{
"eventId": "string",
"eventSource": "string",
"eventType": "string",
"eventTime": "string",
"authentication": {
"authenticated": "boolean",
// Includes only one of the fields `subjectType`
"subjectType": "string",
// end of the list of possible fields
// Includes only one of the fields `subjectId`
"subjectId": "string",
// end of the list of possible fields
// Includes only one of the fields `subjectName`
"subjectName": "string",
// end of the list of possible fields
// Includes only one of the fields `federationId`
"federationId": "string",
// end of the list of possible fields
// Includes only one of the fields `federationName`
"federationName": "string",
// end of the list of possible fields
// Includes only one of the fields `federationType`
"federationType": "string",
// end of the list of possible fields
"tokenInfo": {
"maskedIamToken": "string",
// Includes only one of the fields `iamTokenId`
"iamTokenId": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorId`
"impersonatorId": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorType`
"impersonatorType": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorName`
"impersonatorName": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorFederationId`
"impersonatorFederationId": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorFederationName`
"impersonatorFederationName": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorFederationType`
"impersonatorFederationType": "string"
// end of the list of possible fields
}
},
"authorization": {
"authorized": "boolean"
},
"resourceMetadata": {
"path": [
{
"resourceType": "string",
"resourceId": "string",
// Includes only one of the fields `resourceName`
"resourceName": "string"
// end of the list of possible fields
}
]
},
"requestMetadata": {
"remoteAddress": "string",
"userAgent": "string",
"requestId": "string",
// Includes only one of the fields `remotePort`
"remotePort": "string"
// end of the list of possible fields
},
"eventStatus": "string",
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"details": {
"url": "string",
// Includes only one of the fields `yandexCloudIamToken`, `yandexCloudIamCookie`, `yandexCloudIamApiKey`, `yandexCloudPassportOauthToken`, `yandexCloudIamAccessKey`, `yandexCloudIamKey`, `yandexCloudSmartcaptchaServerKey`, `yandexCloudLockboxSecret`, `yandexCloudIamRefreshToken`, `yandexCloudIamOauthClientSecret`
"yandexCloudIamToken": {
"iamTokenPart": "string",
"iamTokenHash": "string",
"expired": "boolean",
// Includes only one of the fields `userAccount`, `serviceAccount`
"userAccount": {
"userAccountId": "string",
"federationId": "string"
},
"serviceAccount": {
"serviceAccountId": "string"
}
// end of the list of possible fields
},
"yandexCloudIamCookie": {
"iamCookiePart": "string",
"iamCookieHash": "string",
"expired": "boolean",
// Includes only one of the fields `userAccount`
"userAccount": {
"userAccountId": "string",
"federationId": "string"
}
// end of the list of possible fields
},
"yandexCloudIamApiKey": {
"iamApiKeyPart": "string",
"keyId": "string",
// Includes only one of the fields `serviceAccount`
"serviceAccount": {
"serviceAccountId": "string"
}
// end of the list of possible fields
},
"yandexCloudPassportOauthToken": {
"passportOauthTokenPart": "string",
// Includes only one of the fields `userAccount`
"userAccount": {
"userAccountId": "string",
"federationId": "string"
}
// end of the list of possible fields
},
"yandexCloudIamAccessKey": {
"keyId": "string",
// Includes only one of the fields `serviceAccount`
"serviceAccount": {
"serviceAccountId": "string"
}
// end of the list of possible fields
},
"yandexCloudIamKey": {
"keyId": "string",
// Includes only one of the fields `serviceAccount`, `userAccount`
"serviceAccount": {
"serviceAccountId": "string"
},
"userAccount": {
"userAccountId": "string",
"federationId": "string"
}
// end of the list of possible fields
},
"yandexCloudSmartcaptchaServerKey": {
"folderId": "string",
"captchaId": "string",
"clientKey": "string",
"serverKeyPart": "string"
},
"yandexCloudLockboxSecret": {
"secretId": "string",
"versionId": "string",
"keyId": "string"
},
"yandexCloudIamRefreshToken": {
"iamRefreshTokenPart": "string",
"iamRefreshTokenHash": "string",
"keyId": "string",
// Includes only one of the fields `userAccount`
"userAccount": {
"userAccountId": "string",
"federationId": "string"
}
// end of the list of possible fields
},
"yandexCloudIamOauthClientSecret": {
"folderId": "string",
"secretId": "string",
"clientId": "string"
},
// end of the list of possible fields
"subject": {
"subjectType": "string",
"subjectId": "string",
"subjectName": "string"
}
},
"requestParameters": "object",
"response": "object"
}
Field description
|
Field |
Description |
|
eventId |
string |
|
eventSource |
string |
|
eventType |
string |
|
eventTime |
string (date-time) String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
authentication |
|
|
authorization |
|
|
resourceMetadata |
|
|
requestMetadata |
|
|
eventStatus |
enum (EventStatus)
|
|
error |
The error result of the operation in case of failure or cancellation. |
|
details |
|
|
requestParameters |
object |
|
response |
object |
IamAuthentication
|
Field |
Description |
|
authenticated |
boolean |
|
subjectType |
enum (IamSubjectType) Includes only one of the fields
|
|
subjectId |
string Includes only one of the fields |
|
subjectName |
string Includes only one of the fields |
|
federationId |
string Includes only one of the fields |
|
federationName |
string Includes only one of the fields |
|
federationType |
enum (FederationType) Includes only one of the fields
|
|
tokenInfo |
IamTokenInfo
|
Field |
Description |
|
maskedIamToken |
string |
|
iamTokenId |
string Includes only one of the fields |
|
impersonatorId |
string Includes only one of the fields |
|
impersonatorType |
enum (IamSubjectType) Includes only one of the fields
|
|
impersonatorName |
string Includes only one of the fields |
|
impersonatorFederationId |
string Includes only one of the fields |
|
impersonatorFederationName |
string Includes only one of the fields |
|
impersonatorFederationType |
enum (FederationType) Includes only one of the fields
|
Authorization
|
Field |
Description |
|
authorized |
boolean |
ResourceMetadata
|
Field |
Description |
|
path[] |
Resource
|
Field |
Description |
|
resourceType |
string |
|
resourceId |
string |
|
resourceName |
string Includes only one of the fields |
RequestMetadata
|
Field |
Description |
|
remoteAddress |
string |
|
userAgent |
string |
|
requestId |
string |
|
remotePort |
string (int64) Includes only one of the fields |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |
EventDetails
|
Field |
Description |
|
url |
string |
|
yandexCloudIamToken |
Includes only one of the fields |
|
yandexCloudIamCookie |
Includes only one of the fields |
|
yandexCloudIamApiKey |
Includes only one of the fields |
|
yandexCloudPassportOauthToken |
Includes only one of the fields |
|
yandexCloudIamAccessKey |
Includes only one of the fields |
|
yandexCloudIamKey |
Includes only one of the fields |
|
yandexCloudSmartcaptchaServerKey |
Includes only one of the fields |
|
yandexCloudLockboxSecret |
Includes only one of the fields |
|
yandexCloudIamRefreshToken |
Includes only one of the fields |
|
yandexCloudIamOauthClientSecret |
Includes only one of the fields |
|
subject |
IamToken
|
Field |
Description |
|
iamTokenPart |
string |
|
iamTokenHash |
string |
|
expired |
boolean |
|
userAccount |
Includes only one of the fields |
|
serviceAccount |
Includes only one of the fields |
UserAccount
|
Field |
Description |
|
userAccountId |
string |
|
federationId |
string |
ServiceAccount
|
Field |
Description |
|
serviceAccountId |
string |
IamCookie
|
Field |
Description |
|
iamCookiePart |
string |
|
iamCookieHash |
string |
|
expired |
boolean |
|
userAccount |
Includes only one of the fields |
IamApiKey
|
Field |
Description |
|
iamApiKeyPart |
string |
|
keyId |
string |
|
serviceAccount |
Includes only one of the fields |
PassportOauthToken
|
Field |
Description |
|
passportOauthTokenPart |
string |
|
userAccount |
Includes only one of the fields |
IamAccessKey
|
Field |
Description |
|
keyId |
string |
|
serviceAccount |
Includes only one of the fields |
IamKey
|
Field |
Description |
|
keyId |
string |
|
serviceAccount |
Includes only one of the fields |
|
userAccount |
Includes only one of the fields |
SmartCaptchaServerKey
|
Field |
Description |
|
folderId |
string |
|
captchaId |
string |
|
clientKey |
string |
|
serverKeyPart |
string |
LockboxSecret
|
Field |
Description |
|
secretId |
string |
|
versionId |
string |
|
keyId |
string |
IamRefreshToken
|
Field |
Description |
|
iamRefreshTokenPart |
string |
|
iamRefreshTokenHash |
string |
|
keyId |
string |
|
userAccount |
Includes only one of the fields |
IamOAuthClientSecret
|
Field |
Description |
|
folderId |
string |
|
secretId |
string |
|
clientId |
string |
Subject
|
Field |
Description |
|
subjectType |
enum (SubjectType)
|
|
subjectId |
string The maximum string length in characters is 50. |
|
subjectName |
string |