遵循 GCP 提供的文档:https ://cloud.google.com/artifact-registry/docs/repositories/cleanup-policy
我在我的工件存储库上设置了清理策略,并启用了试运行选项,但无法使用该命令输出任何审计日志。
gcloud logging read 'protoPayload.serviceName="artifactregistry.googleapis.com" AND protoPayload.request.parent:"projects/gift-service-app-jm/locations/australia-southeast1/repositories/gcf-artifacts" AND protoPayload.request.validateOnly=true' \
--resource-names="projects/gift-service-app-jm" \
--project=gift-service-app-jm
我能够确认策略已设置,并且使用命令启用了试运行gcloud artifacts repositories describe gcf-artifacts选项
{
"cleanupPolicies": {
"Delete Previous Versions": {
"action": "DELETE",
"condition": {
"olderThan": "864000s",
"tagState": "UNTAGGED"
},
"id": "Delete Previous Versions"
}
},
"cleanupPolicyDryRun": true,
"createTime": "2023-09-27T05:07:31.256470Z",
"description": "This repository is created and used by Cloud Functions",
"format": "DOCKER",
"labels": {
"goog-managed-by": "cloudfunctions"
},
"mode": "STANDARD_REPOSITORY",
"name": "projects/gift-service-app-jm/locations/australia-southeast1/repositories/gcf-artifacts",
"updateTime": "2024-07-10T05:39:56.088672Z"
}
以前有人遇到过这个问题吗?我已将所有者角色应用于我的 IAM 主体,但也尝试明确添加日志查看器和私有日志查看器角色。
请查看此 Google Cloud 社区链接,其中提到 Artifact Registry 确实有清理策略。默认情况下,这些策略触发的删除事件不会记录在 Cloud Logging 中。另外,请确保您已为 Artifact Repository启用了审计日志记录。
但是,您可以在 Artifact Registry 数据访问审计日志中进一步检查其清理策略的效果。他们可以按照以下步骤启用数据访问审计日志,进一步查看这些日志:
资源类型:“Artifact Registry”
日志名称:“data_access”
注意:搜索相关关键字:“DELETE”、“清理”或清理策略的具体名称。