Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google-api-services-cloudresourcemanager: SetIamPolicy on a project level does not update IAM Audit Logs #7988

Open
LCvijovic09 opened this issue May 12, 2021 · 0 comments
Open

google-api-services-cloudresourcemanager: SetIamPolicy on a project level does not update IAM Audit Logs #7988

LCvijovic09 opened this issue May 12, 2021 · 0 comments
Labels
priority: p4 type: question Request for information or clarification. Not an issue.

Comments

@LCvijovic09
Copy link

LCvijovic09 commented May 12, 2021
edited by Neenu1995

Hi,
I am using Java client of Cloud Resource Manager to update policy bindings and set audit logs for my project. But for some reason my audit logs seem to be unchanged (when I go to IAM -> Audit Log I can only see that Admin Read is enabled, witch is a default config). Policy bindings change properly when I send a request.

Below is the sample code I am using to update this:

cloudResourceApi
          .projects()
          .setIamPolicy(
            "projects/my-project",
            new SetIamPolicyRequest()
              .setPolicy(
                policy.setVersion(3)
              )
          )
          .execute()

Also, in Log Explorer I found the request:

"request": {
      "policy": {
        "bindings": [
          {
            "role": "roles/containerregistry.ServiceAgent",
            "members": [
              "serviceAccount:my-service@containerregistry.iam.gserviceaccount.com"
            ]
          }
        ],
        "auditConfigs": [
          {
            "auditLogConfigs": [
              {
                "logType": "DATA_READ"
              },
              {
                "logType": "DATA_WRITE"
              },
              {
                "logType": "ADMIN_READ"
              }
            ],
            "service": "allServices"
          }
        ],
        "etag": "someETag="
      },
      "resource": "my-project",
      "@type": "type.googleapis.com/google.iam.v1.SetIamPolicyRequest"
    }

Am I doing something wrong here? Am I missing somthing? Why are my audit logs not changing?
When I send the request all changes get applied to Policy Binding, but none seem to apply for audit log. Also, I am not receiving any errors.

Thanks.. :)
@yoshi-automation yoshi-automation added the triage me I really want to be triaged. label May 14, 2021
@Neenu1995 Neenu1995 added type: question Request for information or clarification. Not an issue. and removed triage me I really want to be triaged. labels May 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p4 type: question Request for information or clarification. Not an issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@LCvijovic09 @Neenu1995 @meltsufin @yoshi-automation