Audit log descriptions and metadata
HCP Packer audit logs contain two main components. The first is description, which briefly explains the event,
and the second is metadata which includes information of other associated resources, including the organization, project, and actor.
Note: Audit Logs are only available for HCP Plus tier registries. Learn more about HCP Plus.
Shared metadata fields
The metadata in each audit log is a JSON object. The following metadata fields are in all HCP Packer audit logs.
Unless the description notes otherwise, all metadata fields return the string type.
| Field | Description |
|---|---|
status | The state OR outcome of the event for which the audit log is being sent. Returns either "OK" or "FAILED". |
action | The type of the event. Returns "create", "update", "delete", or "read". |
description | A short explanation about the event. Each resource sections covers which description to expect in different scenarios. |
organization_id | The HCP organization ID. |
project_id | The HCP Packer project ID. |
timestamp | The UTC datetime when the event took place. In ISO 8601 format. For example, 2023-07-12T15:50:02Z |
actor | The entity (user, service, or internal operator) who initiated the event. This field returns a JSON object. |
actor.principal_id | The ID of the actor. |
actor.type | The type of actor. This field returns "TYPE_UNSET", "TYPE_USER", "TYPE_SERVICE", "TYPE_INTERNAL_OPERATOR", or "TYPE_ANONYMOUS". |
actor.user.email | This field is present if the actor is "TYPE_USER". |
actor.user.name | This field is present if the actor is "TYPE_USER". |
actor.user.id | This field is present if the actor is "TYPE_USER". |
actor.service.id | This field is present if the actor is "TYPE_SERVICE". |
actor.service.name | This field is present if the actor is "TYPE_SERVICE". |
actor.service.user_managed | This field is present if the actor is "TYPE_SERVICE" and returns the bool data type. |
actor.internal_operator.id | This field is present if the actor is "TYPE_INTERNAL_OPERATOR". |
error | If an event fails, this field is available and describes the error. If this field is present, the audit log metadata only returns the fields listed in the table above. |
Bucket events and metadata fields
HCP Packer sends audit logs for the following events on Bucket and Bucket Labels resources.
| Event | Description |
|---|---|
| Created | Created bucket |
| Deleted | Deleted bucket |
| Updated | Updated bucket |
| Created labels | Added bucket labels |
| Updated labels | Updated bucket labels |
Depending on your event's status, the following fields are available in your audit log's metadata.
| Field | Description |
|---|---|
registry.id | The ID of the HCP Packer registry. |
bucket.id | The ID of the bucket. |
bucket.name | User-given name of the Bucket. |
bucket.labels | All labels given to the Bucket while create or update. Data type: JSON Object |
bucket.new_labels | Newly added labels while updating the bucket. Data type: JSON Object. Present for bucket update event only. |
bucket.updated_labels | Updated existing labels while updating the bucket. Data type: JSON Object. Present for bucket update event only. |
Example Metadata (Click to expand)
{ "action":"create", "actor":{ "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed", "service":{ "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed", "name":"test-auditlogs", "user_managed":true }, "type":"TYPE_SERVICE" }, "bucket":{ "id":"01H5APVEP375TRT23HGH10YTXR", "labels":{ "test":"test label" }, "name":"bucket-test-2" }, "description":"Added bucket labels", "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed", "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad", "registry":{ "id":"01GNZQS84K3PTGVVB2YY9R81BC" }, "status":"OK", "timestamp":"2023-07-14T17:23:21Z"}Version events and metadata fields
HCP Packer sends audit logs for the following events on Version resource.
| Event | Description |
|---|---|
| Started | Created version |
| Finished | Completed version |
| Revoked | Revoked version |
| Restored | Restored version |
| Deleted | Deleted version |
| Revocation Scheduled | Scheduled version revocation |
| Revocation Cancelled | Cancelled version revocation |
Depending on your event's status, the following fields are available in your audit log's metadata.
| Field | Description |
|---|---|
registry.id | The ID of the HCP Packer registry. |
bucket.id | The ID of the bucket. |
bucket.name | User-given name of the Bucket. |
version.id | ID of the Version. |
version.fingerprint | User-given version identifier. |
version.name | Human-readable name of the version incrementally set when all builds are successful. |
version.revoke_at | Date and time the version was revoked or is scheduled to be revoked. |
version.revocation_message | Message provided by the user when revoking the version or scheduling the version to be revoked. |
version.revocation_author | The actor who revoked the version or scheduled the version to be revoked. |
version.status | Current state of the Version. Possible values: RUNNING, CANCELLED, REVOKED, REVOCATION_SCHEDULED, ACTIVE |
builds | List of builds built in the version. |
builds.id | ID of the build. |
builds.platform | Plaftorm of the build. For example, aws or azure. |
builds.component_type | Builder or post-processor used on the build. For example, amazon-ebs.ubuntu. |
builds.labels | Labels of the build. Data type: JSON Object |
builds.artifacts | The list (array) of artifacts in the build. |
builds.artifacts.region | Region of the artifact. For example, eu-west-1. |
builds.artifacts.external_identifier | External identifier of the artifact. For example, ami-13245456. |
Example Metadata (Click to expand)
{ "action":"update", "actor":{ "principal_id":"6f212631-5bcc-48a2-9082-37d752904032", "type":"TYPE_USER", "user":{ "email":"test.user@hashicorp.com", "id":"6f212631-5bcc-48a2-9082-37d752904032", "name":"test.user@hashicorp.com" } }, "bucket":{ "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX", "name":"bucket-test" }, "description":"Revoked version", "version":{ "fingerprint":"f2", "id":"01GXXGWAF8ZKF151591R6YXWEM", "revocation_author":"test.user@hashicorp.com", "revocation_message":"test", "revoke_at":"2023-07-14 17:34:31.196808811 +0000 UTC", "status":"VERSION_REVOKED", "name":"v3" }, "builds":[ { "platform":"aws", "component_type":"amazon-ebs.ubuntu", "id":"01H5APPBYYF4D0NMVZCRKR85E7", "artifacts":[ { "external_identifier":"ami-f2", "region":"us-west-2" } ], "labels":{ "os":"ubuntu" } } ], "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed", "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad", "registry":{ "id":"01GNZQS84K3PTGVVB2YY9R81BC" }, "skip_descendants_revocation":true, "status":"OK", "timestamp":"2023-07-14T17:34:31Z"}Build events and metadata fields
HCP Packer sends audit logs for the following events on Build resource.
| Event | Description |
|---|---|
| Build Started | Created build |
| Build finished successfully OR with an error, timed out | Updated build |
Depending on your event's status, the following fields are available in your audit log's metadata.
| Field | Description |
|---|---|
registry.id | The ID of the HCP Packer registry. |
bucket.id | The ID of the bucket. |
bucket.name | User-given name of the Bucket. |
version.id | ID of the Version. |
version.fingerprint | User-given version identifier. |
version.name | Human-readable name of the version incrementally set when all builds are successful. |
version.revoke_at | Date and time the version was revoked or is scheduled to be revoked. |
version.revocation_message | Message provided by the user when revoking the version or scheduling the version to be revoked. |
version.revocation_author | The actor who revoked the version or scheduled the version to be revoked. |
build.id | ID of the Build. |
build.source_external_identifier | The external identifier of the base layer. For example, ami-13245456. |
build.source_version_id | The parent version ID. |
build.source_build_id | The parent build ID. |
build.source_channel_id | The base channel ID if created from the channel. |
build.source_channel_name | The user readable name if the source channel. |
build.source_channel_managed | If the source channel is managed by HCP Packer. For example, the latest channel. Data type: bool |
build.platform | Plaftorm of the build. For example, aws or azure. |
build.component_type | Builder or post-processor used on the build. For example, amazon-ebs.ubuntu. |
build.status | The current state of the Build. Possible values: UNSET, RUNNING, DONE, CANCELLED, FAILED |
build.labels | Labels of the build. Data type: JSON Object |
build.artifacts | The list (array) of artifacts in the build. |
build.artifacts.region | Region of the artifact. For example, eu-west-1. |
build.artifacts.external_identifier | External identifier of the artifact. For example, ami-13245456. |
build.metadata | Metadata relating to Packer, its plugins, and the state of the build environment. |
Example Metadata (Click to expand)
{ "action":"update", "actor":{ "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed", "service":{ "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed", "name":"test-auditlogs", "user_managed":true }, "type":"TYPE_SERVICE" }, "bucket":{ "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX", "name":"bucket-test" }, "build":{ "platform":"aws", "component_type":"aws", "id":"01H5APPBYYF4D0NMVZCRKR85E7", "artifacts":[ { "external_identifier":"ami-f2", "region":"us-west-2" } ], "metadata": { “packer” : { “version”: “1.10.2”, “plugins”: [ { Name: “Azure”, Version: “2.1.4” } ] } }, "labels":{ "os":"ubuntu" }, "status":"DONE" }, "description":"Updated build", "version":{ "fingerprint":"f14", "id":"01H5APNAK1BNEVMK3HPS7KZANV", "name":"v5" }, "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed", "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad", "registry":{ "id":"01GNZQS84K3PTGVVB2YY9R81BC" }, "status":"OK", "timestamp":"2023-07-14T17:21:09Z"}Example Metadata with an error (Click to expand)
{ "action":"create", "actor":{ "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed", "service":{ "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed", "name":"test-auditlogs", "user_managed":true }, "type":"TYPE_SERVICE" }, "bucket":{ "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX", "name":"bucket-test" }, "description":"Created build", "error":"rpc error: code = FailedPrecondition desc = This version is complete. If you wish to add a new build a new version must be created by changing the build fingerprint.", "version":{ "fingerprint":"f14", "id":"01H5APNAK1BNEVMK3HPS7KZANV", "name":"v5" }, "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed", "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad", "registry":{ "id":"01GNZQS84K3PTGVVB2YY9R81BC" }, "status":"FAILED", "timestamp":"2023-07-14T17:31:11Z"}Channel events and metadata fields
HCP Packer sends audit logs for the following events on Channel resource.
| Event | Description |
|---|---|
| Created | Created channel |
| Deleted | Deleted channel |
| Updated settings | Updated channel |
| Version Assigned | Assigned version to channel |
Depending on your event's status, the following fields are available in your audit log's metadata.
| Field | Description |
|---|---|
registry.id | The ID of the HCP Packer registry. |
bucket.id | The ID of the bucket. |
bucket.name | User-given name of the Bucket. |
version.id | ID of the Version. If a version is assigned to the channel. |
version.fingerprint | User-given version identifier. If a version is assigned to the channel. |
version.name | Human-readable name of the version incrementally set when all builds are successful. If a version is assigned to the channel. |
version.revoke_at | Date and time the version was revoked or is scheduled to be revoked. If a version is assigned to the channel. |
version.revocation_message | Message provided by the user when revoking the version or scheduling the version to be revoked. If a version is assigned to the channel. |
version.revocation_author | The actor who revoked the version or scheduled the version to be revoked. If a version is assigned to the channel. |
builds | List of builds built in the version. |
builds.id | ID of the build. |
builds.platform | Plaftorm of the build. For example, aws or azure. |
builds.component_type | Builder or post-processor used on the build. For example, amazon-ebs.ubuntu. |
builds.labels | Labels of the build. Data type: JSON Object |
builds.artifacts | The list (array) of artifacts in the build. |
builds.artifacts.region | Region of the artifact. For example, eu-west-1. |
builds.artifacts.external_identifier | External identifier of the artifact. For example, ami-13245456. |
previous_version.id | ID of the Version. If a version was previously assigned to the channel. |
previous_version.fingerprint | User-given version identifier. If a version was previously assigned to the channel. |
previous_version.name | Human-readable name of the version incrementally set when all builds are successful. If a version was previously assigned to the channel. |
previous_builds | List of builds built in the version previously assigned to the channel. Present only in the case of a previously assigned version. |
previous_builds.id | ID of the build. |
previous_builds.platform | Plaftorm of the build. For example, aws or azure. |
previous_builds.component_type | Builder or post-processor used on the build. For example, amazon-ebs.ubuntu. |
previous_builds.labels | Labels of the build. Data type: JSON Object |
previous_builds.artifacts | The list (array) of artifacts in the build. |
previous_builds.artifacts.region | Region of the artifact. For example, eu-west-1. |
previous_builds.artifacts.external_identifier | External identifier of the artifact. For example, ami-13245456. |
channel.id | ID of the Channel. |
channel.name | The user readable name of the channel. |
channel.author_id | ID of the actor who create the channel. |
channel.managed | Indicates whether the channel is managed by HCP Packer. HCP Packer-managed channels are also identified as the latest channel. Data type: bool |
channel.restricted | Indicates whether the channel is restricted. Data type: bool |
Example Metadata (Click to expand)
{ "action":"update", "actor":{ "principal_id":"6f212631-5bcc-48a2-9082-37d752904032", "type":"TYPE_USER", "user":{ "email":"test.user@hashicorp.com", "id":"6f212631-5bcc-48a2-9082-37d752904032", "name":"test.user@hashicorp.com" } }, "bucket":{ "id":"01GTCW6AAS494Z8NYJATA5AM5Z", "name":"test-channel-history" }, "channel":{ "author_id":"test.user@hashicorp.com", "id":"01H3FM869DP6WTFF826VTKGZCM", "managed":false, "restricted":false, "name":"fgtj" }, "description":"Assigned version to channel", "version":{ "fingerprint":"test-fingerprint-0", "id":"01GTCW6QPQ01BEDZZJ6W66YWG8", "name":"v1" }, "builds":[ { "platform":"aws", "component_type":"amazon-ebs.ubuntu", "id":"01HP1XWZ1EADV8VVKV6J4VHM6S", "artifacts":[ { "external_identifier":"ami-f3", "region":"us-west-2" } ], "labels":{ "os":"ubuntu" } } ], "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed", "previous_version":{ "fingerprint":"test-fingerprint-1", "id":"01GTCWC4GD3THGE8A029Y5H5XK", "name":"v2" }, "previous_builds":[ { "platform":"aws", "component_type":"amazon-ebs.ubuntu", "id":"01H5APPBYYF4D0NMVZCRKR85E7", "artifacts":[ { "external_identifier":"ami-f2", "region":"us-west-2" } ], "labels":{ "os":"ubuntu" } } ], "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad", "registry":{ "id":"01GNZQS84K3PTGVVB2YY9R81BC" }, "status":"OK", "timestamp":"2023-07-14T15:48:36Z"}