Tableflow Data Plane Auditable Event Methods on Confluent Cloudï
Confluent Cloud audit logs contain records of auditable events for Tableflow operations. When an auditable event occurs, a message is sent to the audit log and is stored as an audit log record.
Tableflow Catalog Auditable Event Methodsï
Included here are operations that generate auditable event messages for the io.confluent.cloud/request event type.
Method name | Operation triggering an auditable event message |
|---|---|
A request to list namespaces. | |
A request to list tables. | |
A request to load namespaces. | |
A request to load a table. |
Examplesï
Expand all examples | Collapse all examples
ListNamespacesï
The ListNamespaces event method is triggered by a request to list Tableflow namespaces.
SUCCESS
{
"datacontenttype": "application/json",
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "TableflowListNamespaces",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
]
},
"resource": {
"type": "ENVIRONMENT",
"resourceId": "a-79899"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-devckydz56"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de/identity-provider=Confluent/identity=u-devckydz56"
},
"requestMetadata": {
"requestId": [
"4124c8eee8d17a174cf0e819e55b7bf6"
],
"clientAddress": [
{
"ip": "66.159.203.134"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "a-79899",
"org_resource_id": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
}
},
"result": {
"status": "SUCCESS"
},
"resourceName": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
},
"subject": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de",
"specversion": "1.0",
"id": "f1cc1ac1-1e42-4a73-bfc3-a9adc8161fec",
"source": "crn://confluent.cloud/",
"time": "2024-03-08T09:20:44.507402335Z",
"type": "io.confluent.cloud/request"
}
ListTablesï
The ListTables event method is triggered by a request to list Tableflow tables.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=namespace",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowListTables",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS"
}
}
}
LoadNamespacesï
The LoadNamespace event method is triggered by a request to load a Tableflow namespace.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadNamespace",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"name": "namespace"
}
}
}
}
LoadTableï
The LoadTable event method is triggered by a request to load a Tableflow table.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=table1",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadTable",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
]
},
"resource": {
"type": "ICEBERG_TABLE",
"resourceId": "table1"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"table": "table1"
}
},
"result": {
"status": "SUCCESS",
"data": {
"metadata": {
"location": "s3://confluent-tableflow-devel-lkc-devc078j62/v1/85c8edf5-0925-416a-81b4-cd36220a03ef"
}
}
}
}
}
Tableflow OAuth auditable event methodsï
Included here are operations authenticating for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request for OAuth tokens, which includes OAuth client credentials. | |
A request to refresh a JWT token. | |
A request to refresh a table OAuth token. |
Examplesï
OAuthTokens (client credentials request)ï
The OAuthTokens (client credentials request) event method is triggered by a request for OAuth tokens, which includes OAuth client credentials.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "client_credentials",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": ""
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (JWT token refresh)ï
The OAuthTokens (JWT token refresh) event method is triggered by a request to refresh a JWT token.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (table token refresh)ï
The OAuthTokens (table token refresh) event method is triggered by a request for a table token refresh.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "sign",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
Tableflow Signer Auditable Event Methodsï
Included here are operations that generate auditable event messages for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request to sign a table. |
Examplesï
SignRequestï
The SignRequest event method is triggered by a request to sign a table.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=healthcheck-topic/iceberg-signer=s3%3A%2F%2Fcc-flink-cts-soak%2Fv1%2F207e617c-6edf-4ec5-b79e-fcb7f9495c32%2Fmetadata%2F00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowSignRequest",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_TABLE",
"resourceId": "healthcheck-topic"
}
]
},
"resource": {
"type": "ICEBERG_SIGNER",
"resourceId": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"s_3_sign_request": {
"method": "GET",
"region": "us-west-2",
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
}
}