Tableflow Data Plane Auditable Event Methods on Confluent Cloud
Confluent Cloud audit logs contain records of auditable events for Tableflow operations. When an auditable event occurs, a message is sent to the audit log and is stored as an audit log record.
Tableflow catalog
The following operations generate auditable event messages for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request to list namespaces. | |
A request to list tables. | |
A request to load a namespace. | |
A request to load a table. |
ListNamespaces
The ListNamespaces event is generated by a request to list Tableflow namespaces.
To view an example event message, expand the following dropdown:
Success
{
"datacontenttype": "application/json",
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "TableflowListNamespaces",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
]
},
"resource": {
"type": "ENVIRONMENT",
"resourceId": "a-79899"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-devckydz56"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de/identity-provider=Confluent/identity=u-devckydz56"
},
"requestMetadata": {
"requestId": [
"4124c8eee8d17a174cf0e819e55b7bf6"
],
"clientAddress": [
{
"ip": "66.159.203.134"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "a-79899",
"org_resource_id": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
}
},
"result": {
"status": "SUCCESS"
},
"resourceName": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
},
"subject": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de",
"specversion": "1.0",
"id": "f1cc1ac1-1e42-4a73-bfc3-a9adc8161fec",
"source": "crn://confluent.cloud/",
"time": "2024-03-08T09:20:44.507402335Z",
"type": "io.confluent.cloud/request"
}
ListTables
The ListTables event is generated by a request to list Tableflow tables.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=namespace",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowListTables",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS"
}
}
}
LoadNamespace
The LoadNamespace event is generated by a request to load a Tableflow namespace.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadNamespace",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"name": "namespace"
}
}
}
}
LoadTable
The LoadTable event is generated by a request to load a Tableflow table.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=table1",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadTable",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
]
},
"resource": {
"type": "ICEBERG_TABLE",
"resourceId": "table1"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"table": "table1"
}
},
"result": {
"status": "SUCCESS",
"data": {
"metadata": {
"location": "s3://confluent-tableflow-devel-lkc-devc078j62/v1/85c8edf5-0925-416a-81b4-cd36220a03ef"
}
}
}
}
}
Tableflow OAuth
The following operations authenticate for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request for OAuth tokens, which includes OAuth client credentials. | |
A request to refresh a JWT token. | |
A request to refresh a table OAuth token. |
OAuthTokens (client credentials request)
The OAuthTokens (client credentials request) event is generated by a request for OAuth tokens, which includes OAuth client credentials.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "client_credentials",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": ""
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (JWT token refresh)
The OAuthTokens (JWT token refresh) event is generated by a request to refresh a JWT token.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (table token refresh)
The OAuthTokens (table token refresh) event is generated by a request for a table token refresh.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "sign",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
Tableflow signer
The following operations generate auditable event messages for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request to sign a table. |
SignRequest
The SignRequest event is generated by a request to sign a table.
To view an example event message, expand the following dropdown:
Success
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=healthcheck-topic/iceberg-signer=s3%3A%2F%2Fcc-flink-cts-soak%2Fv1%2F207e617c-6edf-4ec5-b79e-fcb7f9495c32%2Fmetadata%2F00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowSignRequest",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_TABLE",
"resourceId": "healthcheck-topic"
}
]
},
"resource": {
"type": "ICEBERG_SIGNER",
"resourceId": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"s_3_sign_request": {
"method": "GET",
"region": "us-west-2",
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
}
}
