forked from GoogleCloudPlatform/professional-services
-
Notifications
You must be signed in to change notification settings - Fork 0
/
org-policy-deny-service-account-key-creation.log
70 lines (70 loc) · 2.55 KB
/
org-policy-deny-service-account-key-creation.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
Query: protoPayload.methodName: "google.iam.admin.v1.CreateServiceAccountKey"
Service account key creation denial:
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 9,
"message": "Key creation is not allowed on this service account.",
"details": [
{
"@type": "type.googleapis.com/google.rpc.PreconditionFailure",
"violations": [
{
"type": "constraints/iam.disableServiceAccountKeyCreation",
"subject": "projects/customer-monitoring-prod/serviceAccounts/106627732878159666173?configvalue=106627732878159666173",
"description": "Key creation is not allowed on this service account."
}
]
}
]
},
"authenticationInfo": {
"principalEmail": "[email protected]",
"principalSubject": "user:[email protected]"
},
"requestMetadata": {
"callerIp": "8.8.8.8",
"callerSuppliedUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36,gzip(gfe)",
"requestAttributes": {
"time": "2021-09-13T03:14:32.392272964Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "iam.googleapis.com",
"methodName": "google.iam.admin.v1.CreateServiceAccountKey",
"authorizationInfo": [
{
"resource": "projects/-/serviceAccounts/106627732878159666173",
"permission": "iam.serviceAccountKeys.create",
"granted": true,
"resourceAttributes": {
"name": "projects/-/serviceAccounts/106627732878159666173"
}
}
],
"resourceName": "projects/-/serviceAccounts/106627732878159666173",
"request": {
"name": "projects/customer-monitoring-prod/serviceAccounts/106627732878159666173",
"@type": "type.googleapis.com/google.iam.admin.v1.CreateServiceAccountKeyRequest",
"private_key_type": 2
},
"response": {
"@type": "type.googleapis.com/google.iam.admin.v1.ServiceAccountKey"
}
},
"insertId": "1kmaz5nf159nie",
"resource": {
"type": "service_account",
"labels": {
"project_id": "customer-monitoring-prod",
"unique_id": "106627732878159666173",
"email_id": "[email protected]"
}
},
"timestamp": "2021-09-13T03:14:32.382833870Z",
"severity": "ERROR",
"logName": "projects/customer-monitoring-prod/logs/cloudaudit.googleapis.com%2Factivity",
"receiveTimestamp": "2021-09-13T03:14:33.269115331Z"
}