Tableflow Data Plane Auditable Event Methods on Confluent Cloud
Expand all examples | Collapse all examples
Confluent Cloud audit logs contain records of auditable events for Tableflow operations. When an auditable event occurs, a message is sent to the audit log and is stored as an audit log record.
Tableflow Catalog Auditable Event Methods
Included here are operations that generate auditable event messages for the io.confluent.cloud/request event type.
Method name | Operation triggering an auditable event message |
|---|---|
A request to list namespaces. | |
A request to list tables. | |
A request to load namespaces. | |
A request to load a table. |
Examples
ListNamespaces
The ListNamespaces event method is triggered by a request to list Tableflow namespaces.
SUCCESS
{
"datacontenttype": "application/json",
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "TableflowListNamespaces",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
]
},
"resource": {
"type": "ENVIRONMENT",
"resourceId": "a-79899"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-devckydz56"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de/identity-provider=Confluent/identity=u-devckydz56"
},
"requestMetadata": {
"requestId": [
"4124c8eee8d17a174cf0e819e55b7bf6"
],
"clientAddress": [
{
"ip": "66.159.203.134"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "a-79899",
"org_resource_id": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
}
},
"result": {
"status": "SUCCESS"
},
"resourceName": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
},
"subject": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de",
"specversion": "1.0",
"id": "f1cc1ac1-1e42-4a73-bfc3-a9adc8161fec",
"source": "crn://confluent.cloud/",
"time": "2024-03-08T09:20:44.507402335Z",
"type": "io.confluent.cloud/request"
}
ListTables
The ListTables event method is triggered by a request to list Tableflow tables.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=namespace",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowListTables",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS"
}
}
}
LoadNamespaces
The LoadNamespace event method is triggered by a request to load a Tableflow namespace.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadNamespace",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"name": "namespace"
}
}
}
}
LoadTable
The LoadTable event method is triggered by a request to load a Tableflow table.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=table1",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadTable",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
]
},
"resource": {
"type": "ICEBERG_TABLE",
"resourceId": "table1"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"table": "table1"
}
},
"result": {
"status": "SUCCESS",
"data": {
"metadata": {
"location": "s3://confluent-tableflow-devel-lkc-devc078j62/v1/85c8edf5-0925-416a-81b4-cd36220a03ef"
}
}
}
}
}
Tableflow OAuth auditable event methods
Included here are operations authenticating for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request for OAuth tokens, which includes OAuth client credentials. | |
A request to refresh a JWT token. | |
A request to refresh a table OAuth token. |
Examples
OAuthTokens (client credentials request)
The OAuthTokens (client credentials request) event method is triggered by a request for OAuth tokens, which includes OAuth client credentials.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "client_credentials",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": ""
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (JWT token refresh)
The OAuthTokens (JWT token refresh) event method is triggered by a request to refresh a JWT token.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (table token refresh)
The OAuthTokens (table token refresh) event method is triggered by a request for a table token refresh.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "sign",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
Tableflow Signer Auditable Event Methods
Included here are operations that generate auditable event messages for the io.confluent.cloud/request event type.
Method name | Action triggering an auditable event message |
|---|---|
A request to sign a table. |
Examples
SignRequest
The SignRequest event method is triggered by a request to sign a table.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=healthcheck-topic/iceberg-signer=s3%3A%2F%2Fcc-flink-cts-soak%2Fv1%2F207e617c-6edf-4ec5-b79e-fcb7f9495c32%2Fmetadata%2F00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowSignRequest",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_TABLE",
"resourceId": "healthcheck-topic"
}
]
},
"resource": {
"type": "ICEBERG_SIGNER",
"resourceId": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"s_3_sign_request": {
"method": "GET",
"region": "us-west-2",
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
}
}