Audit log descriptions and metadata

HCP Packer audit logs contain two main components. The first is description, which briefly explains the event, and the second is metadata which includes information of other associated resources, including the organization, project, and actor.

Note: Audit Logs are only available for HCP Plus tier registries. Learn more about HCP Plus.

Shared metadata fields

The metadata in each audit log is a JSON object. The following metadata fields are in all HCP Packer audit logs.

Unless the description notes otherwise, all metadata fields return the string type.

Field	Description
`status`	The state OR outcome of the event for which the audit log is being sent. Returns either "OK" or "FAILED".
`action`	The type of the event. Returns "create", "update", "delete", or "read".
`description`	A short explanation about the event. Each resource sections covers which description to expect in different scenarios.
`organization_id`	The HCP organization ID.
`project_id`	The HCP Packer project ID.
`timestamp`	The UTC datetime when the event took place. In ISO 8601 format. For example, `2023-07-12T15:50:02Z`
`actor`	The entity (user, service, or internal operator) who initiated the event. This field returns a `JSON` object.
`actor.principal_id`	The ID of the actor.
`actor.type`	The type of actor. This field returns "TYPE_UNSET", "TYPE_USER", "TYPE_SERVICE", "TYPE_INTERNAL_OPERATOR", or "TYPE_ANONYMOUS".
`actor.user.email`	This field is present if the `actor` is "TYPE_USER".
`actor.user.name`	This field is present if the `actor` is "TYPE_USER".
`actor.user.id`	This field is present if the `actor` is "TYPE_USER".
`actor.service.id`	This field is present if the `actor` is "TYPE_SERVICE".
`actor.service.name`	This field is present if the `actor` is "TYPE_SERVICE".
`actor.service.user_managed`	This field is present if the `actor` is "TYPE_SERVICE" and returns the `bool` data type.
`actor.internal_operator.id`	This field is present if the `actor` is "TYPE_INTERNAL_OPERATOR".
`error`	If an event fails, this field is available and describes the error. If this field is present, the audit log metadata only returns the fields listed in the table above.

Bucket events and metadata fields

HCP Packer sends audit logs for the following events on Bucket and Bucket Labels resources.

Event	Description
Created	Created bucket
Deleted	Deleted bucket
Updated	Updated bucket
Created labels	Added bucket labels
Updated labels	Updated bucket labels

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.slug`	User given name of the Bucket.
`bucket.labels`	All labels given to the Bucket while create or update. Data type: `JSON Object`
`bucket.new_labels`	Newly added labels while updating the bucket. Data type: `JSON Object`. Present for bucket update event only.
`bucket.updated_labels`	Updated existing labels while updating the bucket. Data type: `JSON Object`. Present for bucket update event only.

Example Metadata (Click to expand)

{
   "action":"create",
   "actor":{
      "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
      "service":{
         "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
         "name":"test-auditlogs",
         "user_managed":true
      },
      "type":"TYPE_SERVICE"
   },
   "bucket":{
      "id":"01H5APVEP375TRT23HGH10YTXR",
      "labels":{
         "test":"test label"
      },
      "slug":"bucket-test-2"
   },
   "description":"Added bucket labels",
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"OK",
   "timestamp":"2023-07-14T17:23:21Z"
}

Iteration events and metadata fields

HCP Packer sends audit logs for the following events on Iteration resource.

Event	Description
Started	Created iteration
Finished	Completed iteration
Revoked	Revoked iteration
Restored	Restored iteration
Deleted	Deleted iteration
Revocation Scheduled	Scheduled iteration revocation
Revocation Cancelled	Cancelled iteration revocation

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.slug`	User given name of the Bucket.
`iteration.id`	ID of the Iteration.
`iteration.fingerprint`	User given build identifier.
`iteration.version`	Incremental updating number when all builds are successful. Data type: `int`
`iteration.revoke_at`	Iteration revoke date time. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.revocation_message`	Iteration revoke message by the user. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.revocation_author`	The actor who revoked or scheduled the revocation of the Iteration. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.status`	Current state of the Iteration. Possible values: `RUNNING`, `CANCELLED`, `REVOKED`, `REVOCATION_SCHEDULED`, `ACTIVE`

Example Metadata (Click to expand)

{
   "action":"update",
   "actor":{
      "principal_id":"6f212631-5bcc-48a2-9082-37d752904032",
      "type":"TYPE_USER",
      "user":{
         "email":"test.user@hashicorp.com",
         "id":"6f212631-5bcc-48a2-9082-37d752904032",
         "name":"test.user@hashicorp.com"
      }
   },
   "bucket":{
      "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX",
      "slug":"bucket-test"
   },
   "description":"Revoked iteration",
   "iteration":{
      "fingerprint":"f2",
      "id":"01GXXGWAF8ZKF151591R6YXWEM",
      "revocation_author":"test.user@hashicorp.com",
      "revocation_message":"test",
      "revoke_at":"2023-07-14 17:34:31.196808811 +0000 UTC",
      "status":"ITERATION_REVOKED",
      "version":"v3"
   },
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "skip_descendants_revocation":true,
   "status":"OK",
   "timestamp":"2023-07-14T17:34:31Z"
}

Build events and metadata fields

HCP Packer sends audit logs for the following events on Build resource.

Event	Description
Build Started	Created build
Build finished successfully OR with an error, timed out	Updated build

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.slug`	User given name of the Bucket.
`iteration.id`	ID of the Iteration.
`iteration.fingerprint`	User given build identifier.
`iteration.version`	Incremental updating number when all builds are successful. Data type: `int`
`iteration.revoke_at`	Iteration revoke date time. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.revocation_message`	Iteration revoke message by the user. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.revocation_author`	The actor who revoked or scheduled the revocation of the Iteration. Present when the Iteration is revoked or scheduled to be revoked.
`build.id`	ID of the Build.
`build.source_image_id`	The cloud image-id of the base layer.
`build.source_iteration_id`	The parent iteration ID.
`build.source_build_id`	The parent build ID.
`build.source_channel_id`	The base channel ID if created from the channel.
`build.source_channel_slug`	The user readable name if the source channel.
`build.source_channel_managed`	If the source channel is managed by HCP Packer. aka. `latest` channel. Data type: `bool`
`build.cloud_provider`	Something like "aws", "azure".
`build.component_type`	Builder or post-processor used to build this.
`build.status`	The current state of the Build. Possible values: `UNSET`, `RUNNING`, `DONE`, `CANCELLED`, `FAILED`
`build.labels`	All labels given to the Build while create or update. Data type: `JSON Object`"
`build.images`	The list (array) of artifacts in the build.
`build.image.region`	Something like "eu-west-1".
`build.image.image_id`	Something like "ami-13245456".

Example Metadata (Click to expand)

{
   "action":"update",
   "actor":{
      "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
      "service":{
         "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
         "name":"test-auditlogs",
         "user_managed":true
      },
      "type":"TYPE_SERVICE"
   },
   "bucket":{
      "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX",
      "slug":"bucket-test"
   },
   "build":{
      "cloud_provider":"aws",
      "component_type":"aws",
      "id":"01H5APPBYYF4D0NMVZCRKR85E7",
      "images":[
         {
            "image_id":"ami-f2",
            "region":"us-west-2"
         }
      ],
      "labels":{
         "os":"ubuntu"
      },
      "status":"DONE"
   },
   "description":"Updated build",
   "iteration":{
      "fingerprint":"f14",
      "id":"01H5APNAK1BNEVMK3HPS7KZANV",
      "version":"v5"
   },
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"OK",
   "timestamp":"2023-07-14T17:21:09Z"
}

Example Metadata with an error (Click to expand)

{
   "action":"create",
   "actor":{
      "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
      "service":{
         "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
         "name":"test-auditlogs",
         "user_managed":true
      },
      "type":"TYPE_SERVICE"
   },
   "bucket":{
      "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX",
      "slug":"bucket-test"
   },
   "description":"Created build",
   "error":"rpc error: code = FailedPrecondition desc = This iteration is complete. If you wish to add a new build a new iteration must be created by changing the build fingerprint.",
   "iteration":{
      "fingerprint":"f14",
      "id":"01H5APNAK1BNEVMK3HPS7KZANV",
      "version":"v5"
   },
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"FAILED",
   "timestamp":"2023-07-14T17:31:11Z"
}

Channel events and metadata fields

HCP Packer sends audit logs for the following events on Channel resource.

Event	Description
Created	Created channel
Deleted	Deleted channel
Updated settings	Updated channel
Iteration Assigned	Assigned iteration to channel

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.slug`	User given name of the Bucket.
`iteration.id`	ID of the Iteration. Present only if the iteration is assigned to the channel.
`iteration.fingerprint`	User given build identifier. Present only if the iteration is assigned to the channel.
`iteration.version`	Incremental updating number when all builds are successful. Present only if the iteration is assigned to the channel. Data type: `int`
`iteration.revoke_at`	Iteration revoke date time. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.revocation_message`	Iteration revoke message by the user. Present when the Iteration is revoked or scheduled to be revoked.
`iteration.revocation_author`	The actor who revoked or scheduled the revocation of the Iteration. Present when the Iteration is revoked or scheduled to be revoked.
`previous_iteration.id`	ID of the Iteration. Present only if the iteration is assigned to the channel.
`previous_iteration.fingerprint`	User given build identifier. Present only if the iteration is assigned to the channel.
`previous_iteration.version`	Incremental updating number when all builds are successful. Present only if the iteration is assigned to the channel. Data type: `int`
`channel.id`	ID of the Channel.
`channel.slug`	The user readable name of the channel.
`channel.author_id`	ID of the actor who create the channel.
`channel.managed`	If the channel is managed by HCP Packer. aka. `latest` channel. Data type: `bool`
`channel.restricted`	If the channel is restricted. Data type: `bool`

Example Metadata (Click to expand)

{
   "action":"update",
   "actor":{
      "principal_id":"6f212631-5bcc-48a2-9082-37d752904032",
      "type":"TYPE_USER",
      "user":{
         "email":"test.user@hashicorp.com",
         "id":"6f212631-5bcc-48a2-9082-37d752904032",
         "name":"test.user@hashicorp.com"
      }
   },
   "bucket":{
      "id":"01GTCW6AAS494Z8NYJATA5AM5Z",
      "slug":"test-channel-history"
   },
   "channel":{
      "author_id":"test.user@hashicorp.com",
      "id":"01H3FM869DP6WTFF826VTKGZCM",
      "managed":false,
      "restricted":false,
      "slug":"fgtj"
   },
   "description":"Assigned iteration to channel",
   "iteration":{
      "fingerprint":"test-fingerprint-0",
      "id":"01GTCW6QPQ01BEDZZJ6W66YWG8",
      "version":"v1"
   },
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "previous_iteration":{
      "fingerprint":"test-fingerprint-1",
      "id":"01GTCWC4GD3THGE8A029Y5H5XK",
      "version":"v2"
   },
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"OK",
   "timestamp":"2023-07-14T15:48:36Z"
}