HCP Terraform retains 14 days of audit log information. The audit trails API exposes a stream of audit events, which describe changes to the application entities (workspaces, runs, etc.) that belong to an HCP Terraform organization. Unlike other APIs, the Audit Trails API does not use the JSON API specification.
Note: Audit trails are available in HCP Terraform Plus and Premium editions. Refer to HCP Terraform pricing for details. The Audit Trails API is not available for Terraform Enterprise.
GET /organization/audit-trail
Note: This endpoint cannot be accessed with a user token or team token. You must access it with an organization token or an audit trail token.
Query ParametersThese are standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs.
since Optional. Returns only audit trails created after this date (UTC and in ISO8601 Format - YYYY-MM-DDTHH:MM:SS.SSSZ) page[number] Optional. If omitted, the endpoint will return the first page. page[size] Optional. If omitted, the endpoint will return 1000 audit events per page. Sample Request
$ curl \
--header "Authorization: Bearer $TOKEN" \
--request GET \
"https://app.terraform.io/api/v2/organization/audit-trail?page[number]=1&since=2020-05-30T17:52:46.000Z"
{
"data": [
{
"id": "ae66e491-db59-457c-8445-9c908ee726ae",
"version": "0",
"type": "Resource",
"timestamp": "2020-06-30T17:52:46.000Z",
"auth": {
"accessor_id": "user-MaPuLxAXvtq2PWTH",
"description": "pveverka",
"type": "Client",
"impersonator_id": null,
"organization_id": "org-AGLwRmx1snv34Yts"
},
"request": {
"id": "4df584d4-7e2a-01e6-6cc0-4adbefa020e6"
},
"resource": {
"id": "at-sjt83qTw3GZatuPm",
"type": "authentication_token",
"action": "create",
"meta": null
}
}
],
"pagination": {
"current_page": 1,
"prev_page": null,
"next_page": 2,
"total_pages": 8,
"total_count": 778
}
}
Every audit log event in the response array includes the following standard fields:
Key Data Type or format Descriptionid UUID The ID of this audit trail version number The audit trail schema version type string The type of audit trail (defaults to Resource) timestamp string UTC ISO8601 DateTime (for example,2020-06-16T20:26:58.000Z) auth.accessor_id string The ID of audited actor (for example, user-V3R563qtJNcExAkN) auth.description string Username of audited actor auth.type string Authentication type, is either Client, Impersonated, or System. auth.impersonator_id string The ID of impersonating actor (if available) auth.organization_id string The ID of organization (for example, org-QpXoEnULx3r2r1CA) request.id UUID The ID for request (if available) resource.id string The ID of resource (for example,run-FwnENkvDnrpyFC7M) resource.type string Type of resource (for example, run) resource.action string Action audited (for example, applied) resource.meta map Key-value metadata about this audited event (defaults to null)
The following audit trail events only contain these standard fields:
Event Action Descriptionagent destroy Logged when an agent is destroyed. authentication_token create, show, destroy Events related to authentication tokens. configuration_version show, download Events related to configuration versions. notification_configuration create, update, destroy, enable Events related to notification configurations. oauth_client create, update, destroy Events related to OAuth clients. oauth_token index, show, update, destroy Events related to OAuth tokens. organization create, update, destroy Events related to organizations. organization_user create, update, destroy Events related to organization users. policy update, destroy Events related to policies. policy_check override Events related to policy checks. policy_config create Events related to policy configurations. policy_set destroy Events related to policy sets. policy_version create Events related to policy versions. project create, update, destroy Events related to projects. registry_module destroy, update Events related to registry modules. registry_provider create, destroy Events related to registry providers. registry_provider_platform create, destroy Events related to registry provider platforms. registry_provider_version create, destroy Events related to registry provider versions. run apply, cancel, force_cancel, discard, force_execute, create Events related to runs. run_trigger create, destroy Events related to run triggers. saml_configuration create, update, destroy, enable, disable Events related to SAML configurations. ssh_key index, show, create, update, destroy Events related to SSH keys. stack create Events related to creating stacks. state_version index, show, create, soft_delete_backing_data, restore_backing_data, permanently_delete_backing_data Events related to state versions. task_stage override Events related to an overridden task stage. user index Events related to indexing users. var index, show, create, update, destroy Events related to variables. vcs_repo create Events related to creating a connection to a VCS repo.
The following sections list the audit log events containing both the standard response schema and a specific payload for each action.
You can define data retention policies to help reduce object storage consumption.
DestroyAn HCP Terraform organization emits this event when it destroys a data retention policy(data_retention_policy). Alongside the standard audit trail fields, this event response includes the following fields:
delete_older_than_n_days integer The number of days to retain data before deletion. Must be greater than 0. organization string The organization associated with the data retention policy. organization_id string The ID of the organization associated with the data retention policy.
Projects let you organize your workspaces and scope access to workspace resources.
Add TeamAn HCP Terraform organization emits this event when someone in your organization adds a team(add_team) to a project. Alongside the standard audit trail fields, this event response includes the following fields:
team string The name or identifier of the team. permissions string The permissions granted to the team. Update Team Permissions
An HCP Terraform organization emits this event when someone in your organization updates the permissions(update_team_permissions) of a team on a project. Alongside the standard audit trail fields, this event response includes the following fields:
team string The name or identifier of the team. permissions string The updated permissions for the team. Remove Team
An HCP Terraform organization emits this event when someone in your organization removes a team(remove_team) from a project. Alongside the standard audit trail fields, this event response includes the following fields:
team string The name or identifier of the team.
Policy checks run Sentinel policies. Policy checks have a lifecycle that includes the following events:
Every policy check event in the response array includes the following standard fields:
Key Data Type Descriptioncomment null or string The comment associated with the policy check. run.id string The ID of the associated run. run.message string The message associated with the run. workspace.id string The ID of the associated workspace. workspace.name string The name of the associated workspace. Passed, soft failed, hard failed, and errored
Alongside the standard audit trail fields and standard policy check fields, certain policy check events include a result (includes_result) and return the following fields:
result [Policy Result] An array of policy results. passed integer Number of policy checks passed. total_failed integer Total number of failed policy checks. hard_failed integer Number of policy checks with hard failures. soft_failed integer Number of policy checks with soft failures. advisory_failed integer Number of policy checks with advisory failures. duration_ms integer Duration of the policy check in milliseconds. sentinel string The Sentinel policy associated with the check. Overridden, canceled, and force canceled
Alongside the standard audit trail fields and standard policy check fields, certain event responses include the following fields:
Key Data Type Descriptionactor string The user who performed the action.
Policy evaluations run in the HCP Terraform agent in HCP Terraform's infrastructure. Policy evaluations have a lifecycle that includes the following events:
Every policy evaluation event in the response array includes the following standard fields:
Key Data Type Descriptioncomment null or string The comment associated with policy evaluation. payload.workspace.id string The ID of the associated workspace. payload.workspace.name string The name of the associated workspace. payload.run.id string The ID of the associated run. payload.run.message string The message associated with the run. actor string The policy owner.
Policy checks and policy evaluations serve the same purpose, but have different workflows for enforcing policies. For more information, refer to Differences between policy checks and policy evaluations.
HCP Terraform's private registry lets you share Terraform providers and Terraform modules across your organization.
Destroy versionAn HCP Terraform organization emits this event when someone in your organization destroys a specific version of a registry module(destroy_version). Alongside the standard audit trail fields, this event response includes the following fields:
version integer The version number of the registry module to destroy.
You can create HCP Terraform run tasks at an organization level to directly integrate third-party tools and services at certain stages in the HCP Terraform run lifecycle. You can use run tasks to validate Terraform configuration files, analyze execution plans before applying them, scan for security vulnerabilities, or perform other custom actions.
CreateAn HCP Terraform organization emits this event when someone in your organization creates a task. Alongside the standard audit trail fields, this event response includes the following fields:
Key Data Type Descriptiontask_name string The name of the task. task_category string The task's category task_url string The task's URL. task_enabled boolean Indicates whether the task is enabled or not. task_hmac_key_present boolean Specifies if an HMAC key is present for the task. Destroy
An HCP Terraform organization emits this event when someone in your organization destroys a task. Alongside the standard audit trail fields, this event response includes the following fields:
Key Data Type Descriptiontask_name string The name of the task to be destroyed. task_category string The category of the task to be destroyed. task_url string The URL associated with the task to be destroyed. task_enabled boolean Indicates whether the task to be destroyed is enabled. task_hmac_key_present boolean Specifies if an HMAC key is present for the task to be destroyed. Update
An HCP Terraform organization emits this event when someone in your organization updates a task. Alongside the standard audit trail fields, this event response includes the following fields:
Key Data Type Descriptiontask_name string The name of the task to be updated. task_category string The updated category of the task. task_url string The updated URL associated with the task. task_enabled boolean Indicates whether the task is enabled after the update. task_hmac_key_present boolean Specifies if an HMAC key is present for the updated task. task_hmac_key_changed boolean Indicates whether the HMAC key for the task has changed during the update. Callback
An HCP Terraform organization emits this event when a run task result's (task_result) callback action occurs. Alongside the standard audit trail fields, this event response includes the following fields:
task_result_status string The status of the task result. task_result_url string The URL associated with the task result. task_result_message string A message associated with the task result. workspace string The workspace related to the task result. workspace_id string The ID of the workspace related to the task result. run_id string The ID of the run associated with the task result. run_created_at date (iso8601) The timestamp when the run was created. run_created_by string The user who created the run. run_message string The message associated with the run. run_is_speculative boolean Indicates whether the run is speculative or not. workspace_task_id string The ID of the workspace task associated with the result. workspace_task_stage string The stage of the workspace task. workspace_task_enforcement string The enforcement level of the workspace task. organization_task string The organization task related to the task result. organization_task_id string The ID of the organization task related to the result. organization_task_url string The URL associated with the organization task. Create a workspace's run task
An HCP Terraform organization emits this event when someone in your organization associates a new run task with a workspace (workspace_task). Alongside the standard audit trail fields, this event response includes the following fields:
task_enforcement_level string The task's enforcement level. task_stage string The stage of the task. workspace string The workspace associated with the task. workspace_id string The ID of the workspace. organization_task string The organization's task. organization_task_id string The ID of the organization's task. Update a workspace's run task
An HCP Terraform organization emits this event when someone in your organization updates a workspace's associated run task (workspace_task). Alongside the standard audit trail fields, this event response includes the following fields:
task_enforcement_level string The task's enforcement level. task_stage string The stage of the task. workspace string The workspace associated with the task. workspace_id string The ID of the workspace. organization_task string The organization's task. organization_task_id string The ID of the organization's task. Destroy a workspace's run task
An HCP Terraform organization emits this event when someone in your organization destroys a workspace's associated run task (workspace_task). Alongside the standard audit trail fields, this event response includes the following fields:
task_enforcement_level string The task's enforcement level. task_stage string The stage of the task. workspace string The workspace associated with the task. workspace_id string The ID of the workspace. organization_task string The organization's task. organization_task_id string The ID of the organization's task.
Teams are groups of HCP Terraform users within an organization.
Add MemberAn HCP Terraform organization emits this event when someone in your organization adds a member(add_member) to a team. Alongside the standard audit trail fields, this event response includes the following fields:
user string The user being added to the team. Remove Member
An HCP Terraform organization emits this event when someone in your organization removes a member(remove_member) from a team. Alongside the standard audit trail fields, this event response includes the following fields:
user string The user being removed from the team.
Workspace comments allow users to leave feedback or record decisions about a run.
CreateAn HCP Terraform organization emits this event when someone in your organization creates a comment on a workspace(workspace_comment). Alongside the standard audit trail fields, this event response includes the following fields:
resource string The resource associated with the comment.
HCP Terraform manages infrastructure collections with workspaces.
Add TeamAn HCP Terraform organization emits this event when someone in your organization adds a team(add_team) to a workspace. Alongside the standard audit trail fields, this event response includes the following fields:
team string The name or identifier of the team. permissions string The permissions granted to the team. Update Team Permissions
An HCP Terraform organization emits this event when someone in your organization updates the permissions(update_team_permissions) of a team on a workspace. Alongside the standard audit trail fields, this event response includes the following fields:
team string The name or identifier of the team. permissions string The updated permissions for the team. Remove Team
An HCP Terraform organization emits this event when someone in your organization removes a team(remove_team) from a workspace. Alongside the standard audit trail fields, this event response includes the following fields:
team string The name or identifier of the team.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4