IBM Cloud Docs
Auditing events for Code Engine

Auditing events for Code Engine

You can view, manage, and audit user-initiated activities made in your IBM Cloud® Code Engine service instance by using the IBM Cloud Activity Tracker service.

IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to follow regulatory audit requirements. You can also be alerted about actions as they happen. The events that are collected follow the Cloud Auditing Data Federation (CADF) standard. For more information, see the Getting Started tutorial for IBM Cloud Activity Tracker.

You can also start auditing from your Code Engine dashboard by selecting Add auditing.

List of events from IBM Cloud console and CLI actions

The following events are generated when an initiator interacts with the IBM Cloud Code Engine console and CLI or with the kubectl and kn commands. These events are sent to IBM Cloud Activity Tracker.

Project events

These actions generate project events.

Table 1. Actions that generate project events
Action Description
codeengine.project.create Create a project.
codeengine.project.read Get information about or list projects.
codeengine.project.update Update a project.
codeengine.project.delete Delete a project.
codeengine.projectconfig.read Get a project kubeconfig file.

Application events

These actions generate application events.

Table 2. Actions that generate application events
Action Description
codeengine.application.create Create an application in a project.
codeengine.application.read Get information about an application.
codeengine.application.list List applications.
codeengine.application.update Update an application.
codeengine.application.delete Delete one or more applications.

Configmap events

These actions generate configmap events.

Table 3. Actions that generate configmap events
Action Description
codeengine.configmap.create Create a configmap in a project.
codeengine.configmap.read Get information about a configmap.
codeengine.configmap.list List configmaps.
codeengine.configmap.update Update a configmap.
codeengine.configmap.delete Delete one or more configmaps.

Secret events

These actions generate secret events.

Table 4. Actions that generate secret events
Action Description
codeengine.secret.create Create a secret in a project.
codeengine.secret.read Get information about a secret.
codeengine.secret.list List secrets.
codeengine.secret.update Update a secret.
codeengine.secret.delete Delete one or more secrets.

Build and build run events

These actions generate build and build run events.

Table 5. Actions that generate build and build run events
Action Description
codeengine.build.create Create a build in a project.
codeengine.build.read Get information about a build.
codeengine.build.list List builds.
codeengine.build.update Update a build.
codeengine.build.delete Delete one or more builds.
codeengine.buildrun.create Submit a build run in a project.
codeengine.buildrun.read Get information about a build run.
codeengine.buildrun.list List build runs.
codeengine.buildrun.delete Delete one or more build runs.

Job and job run events

These actions generate job and job run events.

Table 6. Actions that generate job and job run events
Action Description
codeengine.job.create Create a job in a project.
codeengine.job.read Get information about a job.
codeengine.job.list List jobs.
codeengine.job.update Update a job.
codeengine.job.delete Delete one or more jobs.
codeengine.jobrun.create Submit a job run.
codeengine.jobrun.read Get information about a job run.
codeengine.jobrun.list List job runs.
codeengine.jobrun.delete Delete one or more job runs.

Subscription events

These actions generate subscription events.

Table 7. Actions that generate subscription events
Action Description
codeengine.subscription.create Create subscription in a project.
codeengine.subscription.read Get information about a subscription.
codeengine.subscription.list List subscriptions.
codeengine.subscription.update Update a subscription.
codeengine.subscription.delete Delete one or more subscriptions.

List of events from kubectl and kn commands

The following events are generated when an initiator interacts with the kubectl and kn commands. These events are sent to IBM Cloud Activity Tracker.

Pod events

These actions generate pod events.

Table 8. Actions that generate pod events
Action Description
codeengine.pods.create Create a pod in a project.
codeengine.pods.read Get information about a pod.
codeengine.pods.list List pods.
codeengine.pods.update Update a pod.
codeengine.pods.delete Delete a pod.

Service account events

These actions generate service account events.

Table 9. Actions that generate service account events
Action Description
codeengine.serviceaccounts.read Get information about a service account.
codeengine.serviceaccounts.list List service accounts.

Event events

These actions generate event-type events.

Table 10. Actions that generate event-type events
Action Description
codeengine.events.read Get information about an event.
codeengine.events.list List events.

Resource quota events

These actions generate resource quota events.

Table 11. Actions that generate resource quota events
Action Description
codeengine.resourcequotas.read Get information about a resource quota.
codeengine.resourcequotas.list List resource quotas.

Limit range events

These actions generate limit range events.

Table 12. Actions that generate limit range events
Action Description
codeengine.limitranges.read Get information about a limit range.
codeengine.limitranges.list List limit ranges.

Deployment events

These actions generate deployment events.

Table 13. Actions that generate deployment events
Action Description
codeengine.deployments.read Get information about a deployment.
codeengine.deployments.list List deployments.

Service binding events

These actions generate service bind events.

Table 14. Actions that generate service bind events
Action Description
codeengine.servicebindings.create Create a service binding in a project.
codeengine.servicebindings.read Get information about a service binding.
codeengine.servicebindings.list List service bindings.
codeengine.servicebindings.update Update a service binding.
codeengine.servicebindings.delete Delete a service binding.

Note:

  • The update event does not include the original value; it includes only the new value that is provided in request body. To find the original value, you can run read action before you run the update action.
  • The requestData field includes request body and verb of action.
  • The responseData field includes response body of action.
  • For some actions, for example codeengine.pods.list or codeengine.pods.get actions, the event length might exceed 16 K. If this event length occurs, the responseData field is set to Information about the action is not included for performance and size reasons.

Viewing events

IBM Cloud Code Engine sends audit logs to the IBM Cloud Activity Tracker service in the same region as the IBM Cloud Code Engine project. For example, audit logs in an IBM Cloud Code Engine project in us-south are sent to a logging instance in us-south. For more information about setting up IBM Cloud Activity Tracker, see Provisioning an instance.

Analyzing events

After you view events that are captured by IBM Cloud Activity Tracker, you can then analyze the events.

Identifying the Code Engine project that generates the event
To identify the project for which the event was generated, look at the target.id field. You can use this field to filter events in Log Analysis, for example, showing events for only a specific project.
You can use the CLI to find details about your project.
Getting the unique ID of a request
Each action that you perform on a Code Engine project resource has a unique ID.
To find the unique ID of a request, look at the correlationId value that is set in the correlationId field.
Getting information for failures
All events that are issued for failed actions display failure in the outcome field, and in addition provide more details as part of the reason field. Note that the reason.reasonForFailure field might be especially helpful, as it contains details of the failure.
Custom views
For more information about generating custom views by using event fields, see Creating custom views in IBM Cloud Log Analysis.