diff --git a/config/services/activity/policies/iam/group-policy.yaml b/config/services/activity/policies/iam/group-policy.yaml index 7d5a124c..37a14ce8 100644 --- a/config/services/activity/policies/iam/group-policy.yaml +++ b/config/services/activity/policies/iam/group-policy.yaml @@ -25,7 +25,7 @@ spec: auditRules: - name: create match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created group {{ link(audit.responseObject.metadata.name, audit.objectRef) }}" + summary: "{{ actor }} created group {{ has(audit.responseObject.metadata.name) ? link(audit.responseObject.metadata.name, audit.objectRef) : has(audit.objectRef.name) ? link(audit.objectRef.name, audit.objectRef) : (has(audit.responseObject.details) && has(audit.responseObject.details.name)) ? link(audit.responseObject.details.name, audit.objectRef) : link('a group', audit.objectRef) }}" - name: delete match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" diff --git a/config/services/activity/policies/iam/role-policy.yaml b/config/services/activity/policies/iam/role-policy.yaml index 79eff0bc..53b210a8 100644 --- a/config/services/activity/policies/iam/role-policy.yaml +++ b/config/services/activity/policies/iam/role-policy.yaml @@ -12,7 +12,7 @@ spec: auditRules: - name: create match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created role {{ link(audit.responseObject.metadata.name, audit.objectRef) }}" + summary: "{{ actor }} created role {{ has(audit.responseObject.metadata.name) ? link(audit.responseObject.metadata.name, audit.objectRef) : has(audit.objectRef.name) ? link(audit.objectRef.name, audit.objectRef) : (has(audit.responseObject.details) && has(audit.responseObject.details.name)) ? link(audit.responseObject.details.name, audit.objectRef) : link('a role', audit.objectRef) }}" - name: delete match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" diff --git a/config/services/activity/policies/iam/serviceaccount-policy.yaml b/config/services/activity/policies/iam/serviceaccount-policy.yaml index 3c281705..c212d369 100644 --- a/config/services/activity/policies/iam/serviceaccount-policy.yaml +++ b/config/services/activity/policies/iam/serviceaccount-policy.yaml @@ -26,7 +26,7 @@ spec: auditRules: - name: create match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created service account {{ link(audit.responseObject.metadata.name, audit.objectRef) }}" + summary: "{{ actor }} created service account {{ has(audit.responseObject.metadata.name) ? link(audit.responseObject.metadata.name, audit.objectRef) : has(audit.objectRef.name) ? link(audit.objectRef.name, audit.objectRef) : (has(audit.responseObject.details) && has(audit.responseObject.details.name)) ? link(audit.responseObject.details.name, audit.objectRef) : link('a service account', audit.objectRef) }}" - name: delete match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" diff --git a/config/services/activity/policies/resourcemanager/organization-policy.yaml b/config/services/activity/policies/resourcemanager/organization-policy.yaml index eb4ac89c..ae51dbd3 100644 --- a/config/services/activity/policies/resourcemanager/organization-policy.yaml +++ b/config/services/activity/policies/resourcemanager/organization-policy.yaml @@ -26,7 +26,7 @@ spec: auditRules: - name: create match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created organization {{ link(audit.responseObject.metadata.name, audit.objectRef) }}" + summary: "{{ actor }} created organization {{ has(audit.responseObject.metadata.name) ? link(audit.responseObject.metadata.name, audit.objectRef) : has(audit.objectRef.name) ? link(audit.objectRef.name, audit.objectRef) : (has(audit.responseObject.details) && has(audit.responseObject.details.name)) ? link(audit.responseObject.details.name, audit.objectRef) : link('an organization', audit.objectRef) }}" - name: delete match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" diff --git a/config/services/activity/policies/resourcemanager/project-policy.yaml b/config/services/activity/policies/resourcemanager/project-policy.yaml index a2696494..786e50c7 100644 --- a/config/services/activity/policies/resourcemanager/project-policy.yaml +++ b/config/services/activity/policies/resourcemanager/project-policy.yaml @@ -25,7 +25,7 @@ spec: auditRules: - name: create match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created project {{ link(audit.responseObject.metadata.name, audit.objectRef) }}" + summary: "{{ actor }} created project {{ has(audit.responseObject.metadata.name) ? link(audit.responseObject.metadata.name, audit.objectRef) : has(audit.objectRef.name) ? link(audit.objectRef.name, audit.objectRef) : (has(audit.responseObject.details) && has(audit.responseObject.details.name)) ? link(audit.responseObject.details.name, audit.objectRef) : link('a project', audit.objectRef) }}" - name: delete match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" diff --git a/config/services/identity/policies/serviceaccount-policy.yaml b/config/services/identity/policies/serviceaccount-policy.yaml index 3c281705..c212d369 100644 --- a/config/services/identity/policies/serviceaccount-policy.yaml +++ b/config/services/identity/policies/serviceaccount-policy.yaml @@ -26,7 +26,7 @@ spec: auditRules: - name: create match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created service account {{ link(audit.responseObject.metadata.name, audit.objectRef) }}" + summary: "{{ actor }} created service account {{ has(audit.responseObject.metadata.name) ? link(audit.responseObject.metadata.name, audit.objectRef) : has(audit.objectRef.name) ? link(audit.objectRef.name, audit.objectRef) : (has(audit.responseObject.details) && has(audit.responseObject.details.name)) ? link(audit.responseObject.details.name, audit.objectRef) : link('a service account', audit.objectRef) }}" - name: delete match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'"