Auditing events for Code Engine

You can view, manage, and audit user-initiated activities made in your IBM Cloud® Code Engine service instance by using the IBM Cloud Activity Tracker service.

As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.

IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to follow regulatory audit requirements. You can also be alerted about actions as they happen. The events that are collected follow the Cloud Auditing Data Federation (CADF) standard. For more information, see the Getting Started tutorial for IBM Cloud Activity Tracker.

You can also start auditing from your Code Engine dashboard by selecting Add auditing.

List of events from IBM Cloud console and CLI actions

The following events are generated when an initiator interacts with the IBM Cloud Code Engine console and CLI or with the kubectl and kn commands. These events are sent to IBM Cloud Activity Tracker.

Project events

These actions generate project events.

Actions that generate project events
Action	Description
`codeengine.project.create`	Create a project.
`codeengine.project.read`	Get information about or list projects.
`codeengine.project.update`	Update a project.
`codeengine.project.delete`	Delete a project.
`codeengine.projectconfig.read`	Get a project `kubeconfig` file.

Application events

These actions generate application events.

Actions that generate application events
Action	Description
`codeengine.application.create`	Create an application in a project.
`codeengine.application.read`	Get information about an application.
`codeengine.application.list`	List applications.
`codeengine.application.update`	Update an application.
`codeengine.application.delete`	Delete one or more applications.

Configmap events

These actions generate configmap events.

Actions that generate configmap events
Action	Description
`codeengine.configmap.create`	Create a configmap in a project.
`codeengine.configmap.read`	Get information about a configmap.
`codeengine.configmap.list`	List configmaps.
`codeengine.configmap.update`	Update a configmap.
`codeengine.configmap.delete`	Delete one or more configmaps.

Secret events

These actions generate secret events.

Actions that generate secret events
Action	Description
`codeengine.secret.create`	Create a secret in a project.
`codeengine.secret.read`	Get information about a secret.
`codeengine.secret.list`	List secrets.
`codeengine.secret.update`	Update a secret.
`codeengine.secret.delete`	Delete one or more secrets.

Build and build run events

These actions generate build and build run events.

Actions that generate build and build run events
Action	Description
`codeengine.build.create`	Create a build in a project.
`codeengine.build.read`	Get information about a build.
`codeengine.build.list`	List builds.
`codeengine.build.update`	Update a build.
`codeengine.build.delete`	Delete one or more builds.
`codeengine.buildrun.create`	Submit a build run in a project.
`codeengine.buildrun.read`	Get information about a build run.
`codeengine.buildrun.list`	List build runs.
`codeengine.buildrun.delete`	Delete one or more build runs.

Job and job run events

These actions generate job and job run events.

Actions that generate job and job run events
Action	Description
`codeengine.job.create`	Create a job in a project.
`codeengine.job.read`	Get information about a job.
`codeengine.job.list`	List jobs.
`codeengine.job.update`	Update a job.
`codeengine.job.delete`	Delete one or more jobs.
`codeengine.jobrun.create`	Submit a job run.
`codeengine.jobrun.read`	Get information about a job run.
`codeengine.jobrun.list`	List job runs.
`codeengine.jobrun.delete`	Delete one or more job runs.

Subscription events

These actions generate subscription events.

Actions that generate subscription events
Action	Description
`codeengine.subscription.create`	Create subscription in a project.
`codeengine.subscription.read`	Get information about a subscription.
`codeengine.subscription.list`	List subscriptions.
`codeengine.subscription.update`	Update a subscription.
`codeengine.subscription.delete`	Delete one or more subscriptions.

List of events from `kubectl` and `kn` commands

The following events are generated when an initiator interacts with the kubectl and kn commands. These events are sent to IBM Cloud Activity Tracker.

Pod events

These actions generate pod events.

Actions that generate pod events
Action	Description
`codeengine.pods.create`	Create a pod in a project.
`codeengine.pods.read`	Get information about a pod.
`codeengine.pods.list`	List pods.
`codeengine.pods.update`	Update a pod.
`codeengine.pods.delete`	Delete a pod.

Service account events

These actions generate service account events.

Actions that generate service account events
Action	Description
`codeengine.serviceaccounts.read`	Get information about a service account.
`codeengine.serviceaccounts.list`	List service accounts.

Event events

These actions generate event-type events.

Actions that generate event-type events
Action	Description
`codeengine.events.read`	Get information about an event.
`codeengine.events.list`	List events.

Resource quota events

These actions generate resource quota events.

Actions that generate resource quota events
Action	Description
`codeengine.resourcequotas.read`	Get information about a resource quota.
`codeengine.resourcequotas.list`	List resource quotas.

Limit range events

These actions generate limit range events.

Actions that generate limit range events
Action	Description
`codeengine.limitranges.read`	Get information about a limit range.
`codeengine.limitranges.list`	List limit ranges.

Deployment events

These actions generate deployment events.

Actions that generate deployment events
Action	Description
`codeengine.deployments.read`	Get information about a deployment.
`codeengine.deployments.list`	List deployments.

Service binding events

These actions generate service bind events.

Actions that generate service bind events
Action	Description
`codeengine.servicebindings.create`	Create a service binding in a project.
`codeengine.servicebindings.read`	Get information about a service binding.
`codeengine.servicebindings.list`	List service bindings.
`codeengine.servicebindings.update`	Update a service binding.
`codeengine.servicebindings.delete`	Delete a service binding.

Note:

The update event does not include the original value; it includes only the new value that is provided in request body. To find the original value, you can run read action before you run the update action.
The requestData field includes request body and verb of action.
The responseData field includes response body of action.
For some actions, for example codeengine.pods.list or codeengine.pods.get actions, the event length might exceed 16 K. If this event length occurs, the responseData field is set to Information about the action is not included for performance and size reasons.

Viewing events

IBM Cloud Code Engine sends audit logs to the IBM Cloud Activity Tracker service in the same region as the IBM Cloud Code Engine project. For example, audit logs in an IBM Cloud Code Engine project in us-south are sent to a logging instance in us-south. For more information about setting up IBM Cloud Activity Tracker, see Provisioning an instance.

Analyzing events

After you view events that are captured by IBM Cloud Activity Tracker, you can then analyze the events.

Identifying the Code Engine project that generates the event: To identify the project for which the event was generated, look at the target.id field. You can use this field to filter events in Log Analysis, for example, showing events for only a specific project.; You can use the CLI to find details about your project.
Getting the unique ID of a request: Each action that you perform on a Code Engine project resource has a unique ID.; To find the unique ID of a request, look at the correlationId value that is set in the correlationId field.
Getting information for failures: All events that are issued for failed actions display failure in the outcome field, and in addition provide more details as part of the reason field. Note that the reason.reasonForFailure field might be especially helpful, as it contains details of the failure.
Custom views: For more information about generating custom views by using event fields, see Creating custom views in IBM Cloud Log Analysis.

Auditing events for Code Engine

List of events from IBM Cloud console and CLI actions

Project events

Application events

Configmap events

Secret events

Build and build run events

Job and job run events

Subscription events

List of events from kubectl and kn commands

Pod events

Service account events

Event events

Resource quota events

Limit range events

Deployment events

Service binding events

Viewing events

Analyzing events

List of events from `kubectl` and `kn` commands