forked from GoogleCloudPlatform/professional-services
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathorg-policy-deny-service-account-creation.log
71 lines (71 loc) · 2.34 KB
/
org-policy-deny-service-account-creation.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Query: protoPayload.methodName: "google.iam.admin.v1.CreateServiceAccount"
Service account creation denial:
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 9,
"message": "Service account creation is not allowed on this project.",
"details": [
{
"@type": "type.googleapis.com/google.rpc.PreconditionFailure",
"violations": [
{
"type": "constraints/iam.disableServiceAccountCreation",
"subject": "projects/customer-monitoring-prod/serviceAccounts/?configvalue=",
"description": "Service account creation is not allowed on this project."
}
]
}
]
},
"authenticationInfo": {
"principalEmail": "[email protected]",
"principalSubject": "user:[email protected]"
},
"requestMetadata": {
"callerIp": "8.8.8.8",
"callerSuppliedUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36,gzip(gfe)",
"requestAttributes": {
"time": "2021-09-13T03:14:16.111151030Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "iam.googleapis.com",
"methodName": "google.iam.admin.v1.CreateServiceAccount",
"authorizationInfo": [
{
"resource": "projects/customer-monitoring-prod",
"permission": "iam.serviceAccounts.create",
"granted": true,
"resourceAttributes": {}
}
],
"resourceName": "projects/customer-monitoring-prod",
"request": {
"service_account": {
"display_name": "t53w5"
},
"account_id": "t53w5-647",
"name": "projects/customer-monitoring-prod",
"@type": "type.googleapis.com/google.iam.admin.v1.CreateServiceAccountRequest"
},
"response": {
"@type": "type.googleapis.com/google.iam.admin.v1.ServiceAccount"
}
},
"insertId": "1lq3ka9eoo46p",
"resource": {
"type": "service_account",
"labels": {
"project_id": "customer-monitoring-prod",
"email_id": "",
"unique_id": ""
}
},
"timestamp": "2021-09-13T03:14:16.099727577Z",
"severity": "ERROR",
"logName": "projects/customer-monitoring-prod/logs/cloudaudit.googleapis.com%2Factivity",
"receiveTimestamp": "2021-09-13T03:14:17.060142118Z"
}