Supported endpoints for Audit Trail

IAM supported endpointsLink to this anchor

The following IAM endpoints are supported and will be logged in Audit Trail:

• CreateSSHKey (POST /iam/v1alpha1/ssh-keys)
• UpdateSSHKey (PATCH /iam/v1alpha1/ssh-keys/{ssh_key_id})
• DeleteSSHKey (DELETE /iam/v1alpha1/ssh-keys/{ssh_key_id})
• CreateGroup (POST /iam/v1alpha1/groups)
• UpdateGroup (PATCH /iam/v1alpha1/groups/{group_id})
• DeleteGroup (DELETE /iam/v1alpha1/groups/{group_id})
• AddGroupMember (POST /iam/v1alpha1/groups/{group_id}/add-member)
• AddGroupMembers (POST /iam/v1alpha1/groups/{group_id}/add-members)
• SetGroupMembers (PUT /iam/v1alpha1/groups/{group_id}/members)
• RemoveGroupMember (POST /iam/v1alpha1/groups/{group_id}/remove-member)
• CreateAPIKey (POST /iam/v1alpha1/api-keys)
• UpdateAPIKey (PATCH /iam/v1alpha1/api-keys/{access_key})
• DeleteAPIKey (DELETE /iam/v1alpha1/api-keys/{access_key})
• CreateUser (POST /iam/v1alpha1/users)
• UpdateUser (PATCH /iam/v1alpha1/users/{user_id})
• DeleteUser (DELETE /iam/v1alpha1/users/{user_id})
• LockMember (POST /iam/v1alpha1/users/{user_id}/lock)
• CreateMFAOTP (POST /iam/v1alpha1/users/{user_id}/mfa-otp)
• DeleteMFAOTP (DELETE /iam/v1alpha1/users/{user_id}/mfa-otp)
• UnlockMember (POST /iam/v1alpha1/users/{user_id}/unlock)
• UpdateUserPassword (POST /iam/v1alpha1/users/{user_id}/update-password)
• UpdateUserUsername (POST /iam/v1alpha1/users/{user_id}/update-username)
• ValidateMFAOTP (POST /iam/v1alpha1/users/{user_id}/validate-mfa-otp)
• CreateApplication (POST /iam/v1alpha1/applications)
• UpdateApplication (PATCH /iam/v1alpha1/applications/{application_id})
• DeleteApplication (DELETE /iam/v1alpha1/applications/{application_id})
• CreatePolicy (POST /iam/v1alpha1/policies)
• UpdatePolicy (PATCH /iam/v1alpha1/policies/{policy_id})
• DeletePolicy (DELETE /iam/v1alpha1/policies/{policy_id})
• ClonePolicy (POST /iam/v1alpha1/policies/{policy_id}/clone)
• SetRules (PUT /iam/v1alpha1/rules)

Key Manager supported endpointsLink to this anchor

The following Key Manager endpoints are supported and will be logged in Audit Trail:

• CreateKey (POST /key-manager/v1alpha1/regions/{region}/keys)
• UpdateKey (PATCH /key-manager/v1alpha1/regions/{region}/keys/{key_id})
• DeleteKey (DELETE /key-manager/v1alpha1/regions/{region}/keys/{key_id})
• ProtectKey (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/protect)
• UnprotectKey (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/unprotect)
• RotateKey (Manual rotation) (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/rotate)
• DisableKey (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/disable)
• EnableKey (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/enable)
• ImportKeyMaterial (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/import-key-material)
• DeleteKeyMaterial (POST /key-manager/v1alpha1/regions/{region}/keys/{key_id}/delete-key-material)

Kubernetes supported endpointsLink to this anchor

The following Kubernetes endpoints are supported and will be logged in Audit Trail:

• Create a new cluster (POST /k8s/v1/regions/{region}/clusters)
• Update a cluster (PATCH /k8s/v1/regions/{region}/clusters/{cluster_id})
• Delete a cluster (DELETE /k8s/v1/regions/{region}/clusters/{cluster_id})
• Migrate a cluster to SBS CSI (POST /k8s/v1/regions/{region}/clusters/{cluster_id}/migrate-to-sbs-csi)
• Reset the admin token of a cluster (POST /k8s/v1/regions/{region}/clusters/{cluster_id}/reset-admin-token)
• Change the cluster type (POST /k8s/v1/regions/{region}/clusters/{cluster_id}/set-type)
• Upgrade a cluster (POST /k8s/v1/regions/{region}/clusters/{cluster_id}/upgrade)
• Create a new pool in a cluster (POST /k8s/v1/regions/{region}/clusters/{cluster_id}/pools)
• Update a pool in a cluster (PATCH /k8s/v1/regions/{region}/pools/{pool_id})
• Delete a pool in a cluster (DELETE /k8s/v1/regions/{region}/pools/{pool_id})
• Upgrade a pool in a cluster (POST /k8s/v1/regions/{region}/pools/{pool_id}/upgrade)
• Delete a node in a cluster (DELETE /k8s/v1/regions/{region}/nodes/{node_id})
• Reboot a node in a cluster (POST /k8s/v1/regions/{region}/nodes/{node_id}/reboot)
• Create a Kosmos node (POST /k8s/v1/regions/{region}/pools/{pool_id}/external-nodes)
• Delete an existing ACL (DELETE /k8s/v1/regions/{region}/acls/{acl_id})
• Add new ACLs (POST /k8s/v1/regions/{region}/clusters/{cluster_id}/acls)
• Set new ACLs (PUT /k8s/v1/regions/{region}/clusters/{cluster_id}/acls)

Additional informationLink to this anchor

IP addresses are not logged in Audit Trail for Kubernetes events due to security considerations.

Secret Manager supported endpointsLink to this anchor

The following Secret Manager endpoints are supported and will be logged in Audit Trail:

• Create a secret (POST /secret-manager/v1beta1/regions/{region}/secrets)
• Update metadata of a secret (PATCH /secret-manager/v1beta1/regions/{region}/secrets/{secret_id})
• Delete a secret (DELETE /secret-manager/v1beta1/regions/{region}/secrets/{secret_id})
• Allow a product to use the secret (POST /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner)
• Enable secret protection (POST /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect)
• Disable secret protection (POST /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect)
• Create a version (/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions)
• Update metadata of a version (PATCH /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision})
• Delete a version (DELETE /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision})
• Disable a version (POST /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable)
• Enable a version (POST /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable)