Audit log descriptions and metadata

HCP Packer audit logs contain two main components. The first is description, which briefly explains the event, and the second is metadata which includes information of other associated resources, including the organization, project, and actor.

Note: Audit Logs are only available for HCP Plus tier registries. Learn more about HCP Plus.

Shared metadata fields

The metadata in each audit log is a JSON object. The following metadata fields are in all HCP Packer audit logs.

Unless the description notes otherwise, all metadata fields return the string type.

Field	Description
`status`	The state OR outcome of the event for which the audit log is being sent. Returns either "OK" or "FAILED".
`action`	The type of the event. Returns "create", "update", "delete", or "read".
`description`	A short explanation about the event. Each resource sections covers which description to expect in different scenarios.
`organization_id`	The HCP organization ID.
`project_id`	The HCP Packer project ID.
`timestamp`	The UTC datetime when the event took place. In ISO 8601 format. For example, `2023-07-12T15:50:02Z`
`actor`	The entity (user, service, or internal operator) who initiated the event. This field returns a `JSON` object.
`actor.principal_id`	The ID of the actor.
`actor.type`	The type of actor. This field returns "TYPE_UNSET", "TYPE_USER", "TYPE_SERVICE", "TYPE_INTERNAL_OPERATOR", or "TYPE_ANONYMOUS".
`actor.user.email`	This field is present if the `actor` is "TYPE_USER".
`actor.user.name`	This field is present if the `actor` is "TYPE_USER".
`actor.user.id`	This field is present if the `actor` is "TYPE_USER".
`actor.service.id`	This field is present if the `actor` is "TYPE_SERVICE".
`actor.service.name`	This field is present if the `actor` is "TYPE_SERVICE".
`actor.service.user_managed`	This field is present if the `actor` is "TYPE_SERVICE" and returns the `bool` data type.
`actor.internal_operator.id`	This field is present if the `actor` is "TYPE_INTERNAL_OPERATOR".
`error`	If an event fails, this field is available and describes the error. If this field is present, the audit log metadata only returns the fields listed in the table above.

Bucket events and metadata fields

HCP Packer sends audit logs for the following events on Bucket and Bucket Labels resources.

Event	Description
Created	Created bucket
Deleted	Deleted bucket
Updated	Updated bucket
Created labels	Added bucket labels
Updated labels	Updated bucket labels

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.name`	User-given name of the Bucket.
`bucket.labels`	All labels given to the Bucket while create or update. Data type: `JSON Object`
`bucket.new_labels`	Newly added labels while updating the bucket. Data type: `JSON Object`. Present for bucket update event only.
`bucket.updated_labels`	Updated existing labels while updating the bucket. Data type: `JSON Object`. Present for bucket update event only.

Example Metadata (Click to expand)

{
   "action":"create",
   "actor":{
      "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
      "service":{
         "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
         "name":"test-auditlogs",
         "user_managed":true
      },
      "type":"TYPE_SERVICE"
   },
   "bucket":{
      "id":"01H5APVEP375TRT23HGH10YTXR",
      "labels":{
         "test":"test label"
      },
      "name":"bucket-test-2"
   },
   "description":"Added bucket labels",
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"OK",
   "timestamp":"2023-07-14T17:23:21Z"
}

Version events and metadata fields

HCP Packer sends audit logs for the following events on Version resource.

Event	Description
Started	Created version
Finished	Completed version
Revoked	Revoked version
Restored	Restored version
Deleted	Deleted version
Revocation Scheduled	Scheduled version revocation
Revocation Cancelled	Cancelled version revocation

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.name`	User-given name of the Bucket.
`version.id`	ID of the Version.
`version.fingerprint`	User-given version identifier.
`version.name`	Human-readable name of the version incrementally set when all builds are successful.
`version.revoke_at`	Date and time the version was revoked or is scheduled to be revoked.
`version.revocation_message`	Message provided by the user when revoking the version or scheduling the version to be revoked.
`version.revocation_author`	The actor who revoked the version or scheduled the version to be revoked.
`version.status`	Current state of the Version. Possible values: `RUNNING`, `CANCELLED`, `REVOKED`, `REVOCATION_SCHEDULED`, `ACTIVE`
`builds`	List of builds built in the version.
`builds.id`	ID of the build.
`builds.platform`	Plaftorm of the build. For example, `aws` or `azure`.
`builds.component_type`	Builder or post-processor used on the build. For example, `amazon-ebs.ubuntu`.
`builds.labels`	Labels of the build. Data type: `JSON Object`
`builds.artifacts`	The list (array) of artifacts in the build.
`builds.artifacts.region`	Region of the artifact. For example, `eu-west-1`.
`builds.artifacts.external_identifier`	External identifier of the artifact. For example, `ami-13245456`.

Example Metadata (Click to expand)

{
   "action":"update",
   "actor":{
      "principal_id":"6f212631-5bcc-48a2-9082-37d752904032",
      "type":"TYPE_USER",
      "user":{
         "email":"test.user@hashicorp.com",
         "id":"6f212631-5bcc-48a2-9082-37d752904032",
         "name":"test.user@hashicorp.com"
      }
   },
   "bucket":{
      "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX",
      "name":"bucket-test"
   },
   "description":"Revoked version",
   "version":{
      "fingerprint":"f2",
      "id":"01GXXGWAF8ZKF151591R6YXWEM",
      "revocation_author":"test.user@hashicorp.com",
      "revocation_message":"test",
      "revoke_at":"2023-07-14 17:34:31.196808811 +0000 UTC",
      "status":"VERSION_REVOKED",
      "name":"v3"
   },
  "builds":[
     {
           "platform":"aws",
           "component_type":"amazon-ebs.ubuntu",
           "id":"01H5APPBYYF4D0NMVZCRKR85E7",
           "artifacts":[
              {
                 "external_identifier":"ami-f2",
                 "region":"us-west-2"
              }
           ],
           "labels":{
              "os":"ubuntu"
           }
     }
  ],
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "skip_descendants_revocation":true,
   "status":"OK",
   "timestamp":"2023-07-14T17:34:31Z"
}

Build events and metadata fields

HCP Packer sends audit logs for the following events on Build resource.

Event	Description
Build Started	Created build
Build finished successfully OR with an error, timed out	Updated build

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.name`	User-given name of the Bucket.
`version.id`	ID of the Version.
`version.fingerprint`	User-given version identifier.
`version.name`	Human-readable name of the version incrementally set when all builds are successful.
`version.revoke_at`	Date and time the version was revoked or is scheduled to be revoked.
`version.revocation_message`	Message provided by the user when revoking the version or scheduling the version to be revoked.
`version.revocation_author`	The actor who revoked the version or scheduled the version to be revoked.
`build.id`	ID of the Build.
`build.source_external_identifier`	The external identifier of the base layer. For example, `ami-13245456`.
`build.source_version_id`	The parent version ID.
`build.source_build_id`	The parent build ID.
`build.source_channel_id`	The base channel ID if created from the channel.
`build.source_channel_name`	The user readable name if the source channel.
`build.source_channel_managed`	If the source channel is managed by HCP Packer. For example, the `latest` channel. Data type: `bool`
`build.platform`	Plaftorm of the build. For example, `aws` or `azure`.
`build.component_type`	Builder or post-processor used on the build. For example, `amazon-ebs.ubuntu`.
`build.status`	The current state of the Build. Possible values: `UNSET`, `RUNNING`, `DONE`, `CANCELLED`, `FAILED`
`build.labels`	Labels of the build. Data type: `JSON Object`
`build.artifacts`	The list (array) of artifacts in the build.
`build.artifacts.region`	Region of the artifact. For example, `eu-west-1`.
`build.artifacts.external_identifier`	External identifier of the artifact. For example, `ami-13245456`.
`build.metadata`	Metadata relating to Packer, its plugins, and the state of the build environment.

Example Metadata (Click to expand)

{
   "action":"update",
   "actor":{
      "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
      "service":{
         "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
         "name":"test-auditlogs",
         "user_managed":true
      },
      "type":"TYPE_SERVICE"
   },
   "bucket":{
      "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX",
      "name":"bucket-test"
   },
   "build":{
      "platform":"aws",
      "component_type":"aws",
      "id":"01H5APPBYYF4D0NMVZCRKR85E7",
      "artifacts":[
         {
            "external_identifier":"ami-f2",
            "region":"us-west-2"
         }
      ],
      "metadata": {
        “packer” : {
          “version”: “1.10.2”,
          “plugins”: [
            {
                Name: “Azure”,
                Version: “2.1.4”
            }
          ]
        }
      },
      "labels":{
         "os":"ubuntu"
      },
      "status":"DONE"
   },
   "description":"Updated build",
   "version":{
      "fingerprint":"f14",
      "id":"01H5APNAK1BNEVMK3HPS7KZANV",
      "name":"v5"
   },
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"OK",
   "timestamp":"2023-07-14T17:21:09Z"
}

Example Metadata with an error (Click to expand)

{
   "action":"create",
   "actor":{
      "principal_id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
      "service":{
         "id":"test-auditlogs-911479@77f447d4-def0-46f2-bf09-6850d36745ed",
         "name":"test-auditlogs",
         "user_managed":true
      },
      "type":"TYPE_SERVICE"
   },
   "bucket":{
      "id":"01GXXGSNEE1EMJEZ0TEH7KCQVX",
      "name":"bucket-test"
   },
   "description":"Created build",
   "error":"rpc error: code = FailedPrecondition desc = This version is complete. If you wish to add a new build a new version must be created by changing the build fingerprint.",
   "version":{
      "fingerprint":"f14",
      "id":"01H5APNAK1BNEVMK3HPS7KZANV",
      "name":"v5"
   },
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"FAILED",
   "timestamp":"2023-07-14T17:31:11Z"
}

Channel events and metadata fields

HCP Packer sends audit logs for the following events on Channel resource.

Event	Description
Created	Created channel
Deleted	Deleted channel
Updated settings	Updated channel
Version Assigned	Assigned version to channel

Depending on your event's status, the following fields are available in your audit log's metadata.

Field	Description
`registry.id`	The ID of the HCP Packer registry.
`bucket.id`	The ID of the bucket.
`bucket.name`	User-given name of the Bucket.
`version.id`	ID of the Version. If a version is assigned to the channel.
`version.fingerprint`	User-given version identifier. If a version is assigned to the channel.
`version.name`	Human-readable name of the version incrementally set when all builds are successful. If a version is assigned to the channel.
`version.revoke_at`	Date and time the version was revoked or is scheduled to be revoked. If a version is assigned to the channel.
`version.revocation_message`	Message provided by the user when revoking the version or scheduling the version to be revoked. If a version is assigned to the channel.
`version.revocation_author`	The actor who revoked the version or scheduled the version to be revoked. If a version is assigned to the channel.
`builds`	List of builds built in the version.
`builds.id`	ID of the build.
`builds.platform`	Plaftorm of the build. For example, `aws` or `azure`.
`builds.component_type`	Builder or post-processor used on the build. For example, `amazon-ebs.ubuntu`.
`builds.labels`	Labels of the build. Data type: `JSON Object`
`builds.artifacts`	The list (array) of artifacts in the build.
`builds.artifacts.region`	Region of the artifact. For example, `eu-west-1`.
`builds.artifacts.external_identifier`	External identifier of the artifact. For example, `ami-13245456`.
`previous_version.id`	ID of the Version. If a version was previously assigned to the channel.
`previous_version.fingerprint`	User-given version identifier. If a version was previously assigned to the channel.
`previous_version.name`	Human-readable name of the version incrementally set when all builds are successful. If a version was previously assigned to the channel.
`previous_builds`	List of builds built in the version previously assigned to the channel. Present only in the case of a previously assigned version.
`previous_builds.id`	ID of the build.
`previous_builds.platform`	Plaftorm of the build. For example, `aws` or `azure`.
`previous_builds.component_type`	Builder or post-processor used on the build. For example, `amazon-ebs.ubuntu`.
`previous_builds.labels`	Labels of the build. Data type: `JSON Object`
`previous_builds.artifacts`	The list (array) of artifacts in the build.
`previous_builds.artifacts.region`	Region of the artifact. For example, `eu-west-1`.
`previous_builds.artifacts.external_identifier`	External identifier of the artifact. For example, `ami-13245456`.
`channel.id`	ID of the Channel.
`channel.name`	The user readable name of the channel.
`channel.author_id`	ID of the actor who create the channel.
`channel.managed`	Indicates whether the channel is managed by HCP Packer. HCP Packer-managed channels are also identified as the `latest` channel. Data type: `bool`
`channel.restricted`	Indicates whether the channel is restricted. Data type: `bool`

Example Metadata (Click to expand)

{
   "action":"update",
   "actor":{
      "principal_id":"6f212631-5bcc-48a2-9082-37d752904032",
      "type":"TYPE_USER",
      "user":{
         "email":"test.user@hashicorp.com",
         "id":"6f212631-5bcc-48a2-9082-37d752904032",
         "name":"test.user@hashicorp.com"
      }
   },
   "bucket":{
      "id":"01GTCW6AAS494Z8NYJATA5AM5Z",
      "name":"test-channel-history"
   },
   "channel":{
      "author_id":"test.user@hashicorp.com",
      "id":"01H3FM869DP6WTFF826VTKGZCM",
      "managed":false,
      "restricted":false,
      "name":"fgtj"
   },
   "description":"Assigned version to channel",
   "version":{
      "fingerprint":"test-fingerprint-0",
      "id":"01GTCW6QPQ01BEDZZJ6W66YWG8",
      "name":"v1"
   },
   "builds":[
     {
           "platform":"aws",
           "component_type":"amazon-ebs.ubuntu",
           "id":"01HP1XWZ1EADV8VVKV6J4VHM6S",
           "artifacts":[
              {
                 "external_identifier":"ami-f3",
                 "region":"us-west-2"
              }
           ],
           "labels":{
              "os":"ubuntu"
           }
     }
   ],
   "organization_id":"77f447d4-def0-46f2-bf09-6850d36745ed",
   "previous_version":{
      "fingerprint":"test-fingerprint-1",
      "id":"01GTCWC4GD3THGE8A029Y5H5XK",
      "name":"v2"
   },
   "previous_builds":[
        {
            "platform":"aws",
            "component_type":"amazon-ebs.ubuntu",
            "id":"01H5APPBYYF4D0NMVZCRKR85E7",
            "artifacts":[
                {
                    "external_identifier":"ami-f2",
                    "region":"us-west-2"
                }
            ],
            "labels":{
                "os":"ubuntu"
            }
        }
   ],
   "project_id":"a98c3c31-5760-4db1-b62b-0988080a66ad",
   "registry":{
      "id":"01GNZQS84K3PTGVVB2YY9R81BC"
   },
   "status":"OK",
   "timestamp":"2023-07-14T15:48:36Z"
}