Created
November 7, 2024 13:41
-
-
Save NitriKx/ea4aebb9bea765c7fe4004c0ecfd4015 to your computer and use it in GitHub Desktop.
BigQuery schema for the Vault JSON audit logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "name": "auth", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "accessor", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "client_token", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "display_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "entity_created", | |
| "type": "BOOLEAN", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "entity_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "identity_policies", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "metadata", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "account_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "auth_type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "role", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "role_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "role_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_namespace", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_secret_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_uid", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "policies", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "policy_results", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "allowed", | |
| "type": "BOOLEAN", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "granting_policies", | |
| "type": "RECORD", | |
| "mode": "REPEATED", | |
| "fields": [ | |
| { | |
| "name": "name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "namespace_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "token_policies", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "token_issue_time", | |
| "type": "TIMESTAMP", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "token_ttl", | |
| "type": "INTEGER", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "token_type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "error", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "warnings", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "request", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "client_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "client_token", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "client_token_accessor", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "data", | |
| "type": "JSON", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "headers", | |
| "type": "JSON", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_accessor", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_class", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_point", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_running_version", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "namespace", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "operation", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "path", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "remote_address", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "remote_port", | |
| "type": "INTEGER", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "request_uri", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "wrap_ttl", | |
| "type": "INTEGER", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "response", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "auth", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "accessor", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "client_token", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "display_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "entity_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "identity_policies", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "metadata", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "account_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "auth_type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "role", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "role_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "role_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_namespace", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_secret_name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "service_account_uid", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "policies", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "policy_results", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "allowed", | |
| "type": "BOOLEAN", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "granting_policies", | |
| "type": "RECORD", | |
| "mode": "REPEATED", | |
| "fields": [ | |
| { | |
| "name": "name", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "namespace_id", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "token_policies", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "token_issue_time", | |
| "type": "TIMESTAMP", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "token_ttl", | |
| "type": "INTEGER", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "token_type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "data", | |
| "type": "JSON", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_running_plugin_version", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_accessor", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_point", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_class", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "mount_type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "secret", | |
| "type": "JSON", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "warnings", | |
| "type": "STRING", | |
| "mode": "REPEATED" | |
| }, | |
| { | |
| "name": "wrap_info", | |
| "type": "RECORD", | |
| "mode": "NULLABLE", | |
| "fields": [ | |
| { | |
| "name": "accessor", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "creation_path", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "creation_time", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "token", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "ttl", | |
| "type": "INTEGER", | |
| "mode": "NULLABLE" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "type", | |
| "type": "STRING", | |
| "mode": "NULLABLE" | |
| }, | |
| { | |
| "name": "time", | |
| "type": "TIMESTAMP", | |
| "mode": "NULLABLE" | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment