Class: Google::Iam::V1::AuditLogConfig

Inherits:

Object

Object
Google::Iam::V1::AuditLogConfig

show all

Extended by:: Protobuf::MessageExts::ClassMethods

Includes:: Protobuf::MessageExts

Defined in:: proto_docs/google/iam/v1/policy.rb

Overview

Provides the configuration for logging a type of permissions. Example:

{
  "audit_log_configs": [
    {
      "log_type": "DATA_READ",
      "exempted_members": [
        "user:[email protected]"
      ]
    },
    {
      "log_type": "DATA_WRITE"
    }
  ]
}

This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting [email protected] from DATA_READ logging.

Defined Under Namespace

Modules: LogType

Instance Attribute Summary collapse

#exempted_members ⇒ ::Array<::String>
Specifies the identities that do not cause logging for this type of permission.
#log_type ⇒ ::Google::Iam::V1::AuditLogConfig::LogType
The log type that this config enables.

Instance Attribute Details

#exempted_members ⇒ `::Array<::String>`

Returns Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

Returns:

(::Array<::String>) —
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

# File 'proto_docs/google/iam/v1/policy.rb', line 313

class AuditLogConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The list of valid permission types for which logging can be configured.
  # Admin writes are always logged, and are not configurable.
  module LogType
    # Default case. Should never be this.
    LOG_TYPE_UNSPECIFIED = 0

    # Admin reads. Example: CloudIAM getIamPolicy
    ADMIN_READ = 1

    # Data writes. Example: CloudSQL Users create
    DATA_WRITE = 2

    # Data reads. Example: CloudSQL Users list
    DATA_READ = 3
  end
end

#log_type ⇒ `::Google::Iam::V1::AuditLogConfig::LogType`

Returns The log type that this config enables.