Tableflow Data Plane Auditable Event Methods on Confluent Cloud¶
Expand all examples | Collapse all examples
Confluent Cloud audit logs contain records of auditable events for Tableflow operations. When an auditable event occurs, a message is sent to the audit log and is stored as an audit log record.
Tableflow Catalog Auditable Event Methods¶
Included here are operations that generate auditable event messages for the
io.confluent.tableflow.server/catalog event type.
| Method name | Operation triggering an auditable event message |
|---|---|
| ListNamespaces | A request to list namespaces. |
| ListTables | A request to list tables. |
| LoadNamespaces | A request to load namespaces. |
| LoadTable | A request to load a table. |
Examples¶
ListNamespaces¶
The ListNamespaces event method is triggered by a request to list Tableflow
namespaces.
SUCCESS
{
"datacontenttype": "application/json",
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "TableflowListNamespaces",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
]
},
"resource": {
"type": "ENVIRONMENT",
"resourceId": "a-79899"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-devckydz56"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de/identity-provider=Confluent/identity=u-devckydz56"
},
"requestMetadata": {
"requestId": [
"4124c8eee8d17a174cf0e819e55b7bf6"
],
"clientAddress": [
{
"ip": "66.159.203.134"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "a-79899",
"org_resource_id": "ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
}
}
},
"result": {
"status": "SUCCESS"
},
"resourceName": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de"
},
"subject": "crn://confluent.cloud/organization=ae7468e2-81a5-46bb-a75d-ae3f6770d3de",
"specversion": "1.0",
"id": "f1cc1ac1-1e42-4a73-bfc3-a9adc8161fec",
"source": "crn://confluent.cloud/",
"time": "2024-03-08T09:20:44.507402335Z",
"type": "io.confluent.cloud/request"
}
ListTables¶
The ListTables event method is triggered by a request to list Tableflow tables.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=namespace",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowListTables",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS"
}
}
}
LoadNamespaces¶
The LoadNamespace event method is triggered by a request to load a Tableflow
namespace.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadNamespace",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
}
]
},
"resource": {
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"name": "namespace"
}
}
}
}
LoadTable¶
The LoadTable event method is triggered by a request to load a Tableflow
table.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=table1",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowLoadTable",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_NAMESPACE",
"resourceId": "namespace"
}
]
},
"resource": {
"type": "ICEBERG_TABLE",
"resourceId": "table1"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-123"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=u-123"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"cluster": "namespace",
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"table": "table1"
}
},
"result": {
"status": "SUCCESS",
"data": {
"metadata": {
"location": "s3://confluent-tableflow-devel-lkc-devc078j62/v1/85c8edf5-0925-416a-81b4-cd36220a03ef"
}
}
}
}
}
Tableflow OAuth auditable event methods¶
Included here are operations authenticating for the io.confluent.cloud/request
event type.
| Method name | Action triggering an auditable event message |
|---|---|
| OAuthTokens (client credentials request) | A request for OAuth tokens, which includes OAuth client credentials. |
| OAuthTokens (JWT token refresh) | A request to refresh a JWT token. |
| OAuthTokens (table token refresh) | A request to refresh a table OAuth token. |
Examples¶
OAuthTokens (client credentials request)¶
The OAuthTokens (client credentials request) event method is triggered by a request
for OAuth tokens, which includes OAuth client credentials.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "client_credentials",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": ""
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (JWT token refresh)¶
The OAuthTokens (JWT token refresh) event method is triggered by a request
to refresh a JWT token.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "catalog",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
OAuthTokens (table token refresh)¶
The OAuthTokens (table token refresh) event method is triggered by a request
for a table token refresh.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowOauthTokens",
"cloudResources": [
{
"resource": {
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"client_id": "apikey",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd",
"scope": "sign",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
},
"result": {
"status": "SUCCESS"
}
}
}
TableFlow Signer Auditable Event Methods¶
Included here are operations authenticating to a Flink region that generate
auditable event messages for the io.confluent.tableflow.server/authentication
event type.
| Method name | Action triggering an auditable event message |
|---|---|
| SignRequest | A request to sign a table. |
Examples¶
SignRequest¶
The SignRequest event method is triggered by a request to sign a table.
SUCCESS
{
"specversion": "1.0",
"id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"subject": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/environment=env-123/flink-region=aws.us-east-2/iceberg-table=healthcheck-topic/iceberg-signer=s3%3A%2F%2Fcc-flink-cts-soak%2Fv1%2F207e617c-6edf-4ec5-b79e-fcb7f9495c32%2Fmetadata%2F00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json",
"datacontenttype": "application/json",
"dataschema": "https://confluent.io/internal/events/AuditLog.v2",
"data": {
"serviceName": "crn://confluent.cloud/service=cc-flink-gateway-service-v2",
"methodName": "TableflowSignRequest",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-123"
},
{
"type": "ICEBERG_TABLE",
"resourceId": "healthcheck-topic"
}
]
},
"resource": {
"type": "ICEBERG_SIGNER",
"resourceId": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
],
"authenticationInfo": {
"principal": {
"confluent_service_account": {
"resourceId": "sa-111"
}
},
"result": "SUCCESS",
"identity": "crn://confluent.cloud/organization=1250271b-2d3e-4061-9514-dbaf91cffbbd/identity-provider=Confluent/identity=sa-111"
},
"requestMetadata": {
"requestId": [
"74726163656964303132333435363738"
],
"clientAddress": [
{
"ip": "127.0.0.1"
}
]
},
"request": {
"accessType": "READ_ONLY",
"data": {
"metadata": {
"environment_id": "env-123",
"org_resource_id": "1250271b-2d3e-4061-9514-dbaf91cffbbd"
},
"s_3_sign_request": {
"method": "GET",
"region": "us-west-2",
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
},
"result": {
"status": "SUCCESS",
"data": {
"uri": "s3://cc-flink-cts-soak/v1/207e617c-6edf-4ec5-b79e-fcb7f9495c32/metadata/00001-8e81867c-bfee-4ea7-be32-b6f29114b0b8.metadata.json"
}
}
}
}