google-api-java-client-services
google-api-java-client-services copied to clipboard
Published
20 hours ago •
googleapis
googleapis
google-api-services-cloudresourcemanager: SetIamPolicy on a project level does not update IAM Audit Logs
Hi, I am using Java client of Cloud Resource Manager to update policy bindings and set audit logs for my project. But for some reason my audit logs seem to be unchanged (when I go to IAM -> Audit Log I can only see that Admin Read is enabled, witch is a default config). Policy bindings change properly when I send a request.
Below is the sample code I am using to update this:
cloudResourceApi
.projects()
.setIamPolicy(
"projects/my-project",
new SetIamPolicyRequest()
.setPolicy(
policy.setVersion(3)
)
)
.execute()
Also, in Log Explorer I found the request:
"request": {
"policy": {
"bindings": [
{
"role": "roles/containerregistry.ServiceAgent",
"members": [
"serviceAccount:[email protected]"
]
}
],
"auditConfigs": [
{
"auditLogConfigs": [
{
"logType": "DATA_READ"
},
{
"logType": "DATA_WRITE"
},
{
"logType": "ADMIN_READ"
}
],
"service": "allServices"
}
],
"etag": "someETag="
},
"resource": "my-project",
"@type": "type.googleapis.com/google.iam.v1.SetIamPolicyRequest"
}
Am I doing something wrong here? Am I missing somthing? Why are my audit logs not changing? When I send the request all changes get applied to Policy Binding, but none seem to apply for audit log. Also, I am not receiving any errors.
Thanks.. :)
