Chainguard Enforce Events
On this page
- Introduction
- Service: Admission - Namespace
- Service: Enforce - Admission
- Service: Policy - Validation
- Service: auth - Auth
- Service: events - Subscriptions
- Service: iam - GroupAccountAssociations
- Service: iam - GroupInvites
- Service: iam - Groups
- Service: iam - Policies
- Service: iam - RoleBindings
- Service: tenant - Clusters
Introduction
Chainguard Enforce generates and emits CloudEvents based on actions that occur within a Chainguard account, such as registering a Kubernetes cluster or creating an IAM invitation. Enforce also emits events when workloads or policies are changed in a cluster.
See the chainguard-dev/enforce-events GitHub repository for two sample applications that demonstrate how to create Slack notifications, as well as how to open a GitHub issue from received events.
To subscribe to Enforce events for your account, use the chainctl
command like this:
chainctl events subscriptions create –group $YOUR_GROUP https://<Your webhook URL>
Once you are subscribed to Chainguard Enforce events, you will start receiving HTTP POST requests. Each request has a common set of CloudEvent header fields, denoted by the Ce-
prefix. The event body is encoded using JSON and will have two top-level keys, actor
and body
.
The actor
field is the identity of the actor in your Enforce account that triggered the event, such as a team member or a Kubernetes cluster. The body
field contains the specific data about the event, for example the response status for an invite creation request, or a cluster delete request.
The following list of services and methods show example HTTP headers and bodies for public facing Enforce events.
Service: Admission - Namespace
Method: Created
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: k8s://namespace-UID
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.421912Z
Ce-Type: dev.chainguard.admission.namespace.v1
Content-Length: 282
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"change": "created",
"enforcer_state": "state that policy enforcement is in for the namespace",
"id": "UIDP of the Namespace (whose parent is the Cluster UIDP)",
"name": "name of the namespace as it appears in the cluster"
}
}
Method: Updated
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: k8s://namespace-UID
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.422019Z
Ce-Type: dev.chainguard.admission.namespace.v1
Content-Length: 282
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"change": "updated",
"enforcer_state": "state that policy enforcement is in for the namespace",
"id": "UIDP of the namespace (whose parent is the cluster UIDP)",
"name": "name of the namespace as it appears in the cluster"
}
}
Service: Enforce - Admission
Method: Review
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: k8s://cluster-id
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.421794Z
Ce-Type: dev.chainguard.admission.v1
Content-Length: 220
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"request": "see https://pkg.go.dev/k8s.io/api/admission/v1#AdmissionRequest",
"response": "see https://pkg.go.dev/k8s.io/api/admission/v1#AdmissionResponse"
}
}
Service: Policy - Validation
Method: Changed
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: k8s://cluster-id
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.420808Z
Ce-Type: dev.chainguard.policy.validation.changed.v1
Content-Length: 419
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"cluster_id": "cluster identifier",
"image_id": "image identifier",
"last_seen": "2023-01-31T22:36:41.420599Z",
"policies": {
"name of the evaluated policy": {
"change": "Can be [Empty, \"new\", \"degraded\", \"improved\"]",
"diagnostic": "holds any diagnostic messages surfaced during policy evaluation",
"last_checked": "2023-01-31T22:36:41.420782Z",
"valid": false
}
}
}
}
Service: auth - Auth
Method: Register
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/auth/v1/register
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.425214Z
Ce-Type: dev.chainguard.api.auth.registered.v1
Content-Length: 155
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"group": "the group this identity has joined by invitation",
"identity": "session identity"
}
}
Service: events - Subscriptions
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/events/v1/subscriptions
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.42658Z
Ce-Type: dev.chainguard.api.events.subscription.created.v1
Content-Length: 147
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "identifier of the subscription",
"sink": "Webhook endpoint (http/https URL)"
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/events/v1/subscriptions
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.426711Z
Ce-Type: dev.chainguard.api.events.subscription.deleted.v1
Content-Length: 114
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "identifier of the subscription to delete"
}
}
Service: iam - GroupAccountAssociations
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/account_associations
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424789Z
Ce-Type: dev.chainguard.api.iam.account_associations.created.v1
Content-Length: 386
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"amazon": {
"account": "Amazon account ID (if applicable)"
},
"description": "description of this association",
"google": {
"project_id": "Google Cloud Project ID (if applicable)",
"project_number": "Google Cloud Project Number (if applicable)"
},
"group": "group with which this account information is associated",
"name": "group name"
}
}
Method: Update
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/account_associations
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424914Z
Ce-Type: dev.chainguard.api.iam.account_associations.updated.v1
Content-Length: 337
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"amazon": {
"account": "amazon account if applicable"
},
"description": "group description",
"google": {
"project_id": "project id if applicable",
"project_number": "project number if applicable"
},
"group": "group with which this account information is associated",
"name": "group name"
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/account_associations
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.425089Z
Ce-Type: dev.chainguard.api.iam.account_associations.deleted.v1
Content-Length: 129
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"group": "UIDP of the group whose associations will be deleted"
}
}
Service: iam - GroupInvites
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/group_invites
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.423601Z
Ce-Type: dev.chainguard.api.iam.group_invite.created.v1
Content-Length: 145
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"expiration": {
"seconds": 100
},
"id": "group UIDP under which this invite resides"
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/group_invites
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.423728Z
Ce-Type: dev.chainguard.api.iam.group_invite.deleted.v1
Content-Length: 92
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "UIDP of the record"
}
}
Service: iam - Groups
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/groups
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.42243Z
Ce-Type: dev.chainguard.api.iam.group.created.v1
Content-Length: 169
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"description": "group description",
"id": "group UIDP under which this group resides",
"name": "group name"
}
}
Method: Update
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/groups
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.4226Z
Ce-Type: dev.chainguard.api.iam.group.updated.v1
Content-Length: 169
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"description": "group description",
"id": "group UIDP under which this group resides",
"name": "group name"
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/groups
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.423076Z
Ce-Type: dev.chainguard.api.iam.group.deleted.v1
Content-Length: 92
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "UIDP of the record"
}
}
Service: iam - Policies
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/policies
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.423885Z
Ce-Type: dev.chainguard.api.iam.policy.created.v1
Content-Length: 284
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"parent_id": "Group UIDP path under which the new policy is associated",
"policy": {
"description": "description of the policy",
"document": "YAML encoded policy document",
"id": "ID of the policy",
"name": "name of the policy"
}
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/policies
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424028Z
Ce-Type: dev.chainguard.api.iam.policy.deleted.v1
Content-Length: 90
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "ID of the policy"
}
}
Method: Update
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/policies
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424184Z
Ce-Type: dev.chainguard.api.iam.policy.updated.v1
Content-Length: 202
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"description": "description of the policy",
"document": "YAML encoded policy document",
"id": "ID of the policy",
"name": "name of the policy"
}
}
Method: ActivateVersion
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/policyVersions
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424268Z
Ce-Type: dev.chainguard.api.iam.policy.version.activated.v1
Content-Length: 106
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"version_id": "ID of the policy version"
}
}
Service: iam - RoleBindings
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424425Z
Ce-Type: dev.chainguard.api.iam.rolebindings.created.v1
Content-Length: 297
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"parent": "The Group UIDP path under which the new RoleBinding resides",
"role_binding": {
"group": "UIDP of the group to bind",
"id": "UID of this role binding",
"identity": "UID of the Identity to bind",
"role": "UIDP of the Role to bind"
}
}
}
Method: Update
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.424555Z
Ce-Type: dev.chainguard.api.iam.rolebindings.updated.v1
Content-Length: 209
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"group": "UIDP of the group to bind",
"id": "UID of this role binding",
"identity": "UID of the Identity to bind",
"role": "UIDP of the Role to bind"
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.42463Z
Ce-Type: dev.chainguard.api.iam.rolebindings.deleted.v1
Content-Length: 91
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "UID of the record"
}
}
Service: tenant - Clusters
Method: Create
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/tenant/v1/clusters
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.425404Z
Ce-Type: dev.chainguard.api.tenant.cluster.created.v1
Content-Length: 1700
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"cluster": {
"activity": {
"example activity": {
"controller_name": "the name of the Controller CRD which was the source of this activity on the tenant cluster",
"last_seen": {
"nanos": 420599000,
"seconds": 1675204601
},
"namespace": "the namespace in which the source of this cluster activity lives",
"spec_hash": "the hash of the Controller or Webhook CRD's spec",
"webhook_name": "the name of the Webhook CRD which was the source of this activity on the tenant cluster"
}
},
"agent_version": "the version of the Chainguard agent last reported by the cluster",
"auth_info": {
"client_certificate_data": "Y29udGFpbnMgUEVNLWVuY29kZWQgZGF0YSBmcm9tIGEgY2xpZW50IGNlcnQgZmlsZSBmb3IgVExT",
"client_key_data": "Y29udGFpbnMgUEVNLWVuY29kZWQgZGF0YSBmcm9tIGEgY2xpZW50IGtleSBmaWxlIGZvciBUTFM="
},
"description": "a short description of this cluster",
"group": {
"description": "human readable description of group",
"id": "group UIDP under which this group resides",
"name": "human readable name of group"
},
"id": "cluster id",
"info": {
"CertificateAuthorityData": "Y29udGFpbnMgUEVNLWVuY29kZWQgY2VydGlmaWNhdGUgYXV0aG9yaXR5IGNlcnRpZmljYXRlcw==",
"server": "address of the kubernetes cluster (https://hostname:port)"
},
"issuer": "the identity issuer tied to this cluster",
"last_seen": {
"nanos": 420598000,
"seconds": 1675204601
},
"managed_name": "unique name assigned to this cluster's managed agent",
"name": "name of the cluster",
"registered": {
"nanos": 420598000,
"seconds": 1675204601
},
"remote_id": "the remote ID of this cluster",
"status": {
"message": "message",
"reason": "reason"
},
"version": "the Kubernetes version last reported by the cluster"
},
"parent_id": "Parent group under which this cluster resides"
}
}
Method: Delete
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/tenant/v1/clusters
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.425627Z
Ce-Type: dev.chainguard.api.tenant.cluster.deleted.v1
Content-Length: 108
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"id": "id is the exact UIDP of the record"
}
}
Method: Update
Example HTTP Headers
POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/tenant/v1/clusters
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier
Ce-Time: 2023-01-31T22:36:41.425747Z
Ce-Type: dev.chainguard.api.tenant.cluster.updated.v1
Content-Length: 1666
Content-Type: application/json
User-Agent: Go-http-client/1.1
Example HTTP Body
{
"actor": {
"subject": "identity that triggered the event"
},
"body": {
"activity": {
"example activity": {
"controller_name": "the name of the Controller CRD which was the source of this activity on the tenant cluster",
"last_seen": {
"nanos": 420599000,
"seconds": 1675204601
},
"namespace": "the namespace in which the source of this cluster activity lives",
"spec_hash": "the hash of the Controller or Webhook CRD's spec",
"webhook_name": "the name of the Webhook CRD which was the source of this activity on the tenant cluster"
}
},
"agent_version": "the version of the Chainguard agent last reported by the cluster",
"auth_info": {
"client_certificate_data": "Y29udGFpbnMgUEVNLWVuY29kZWQgZGF0YSBmcm9tIGEgY2xpZW50IGNlcnQgZmlsZSBmb3IgVExT",
"client_key_data": "Y29udGFpbnMgUEVNLWVuY29kZWQgZGF0YSBmcm9tIGEgY2xpZW50IGtleSBmaWxlIGZvciBUTFM="
},
"description": "a short description of this cluster",
"group": {
"description": "human readable description of group",
"id": "group UIDP under which this group resides",
"name": "human readable name of group"
},
"id": "Cluster UID/GID under which this cluster resides",
"info": {
"CertificateAuthorityData": "Y29udGFpbnMgUEVNLWVuY29kZWQgY2VydGlmaWNhdGUgYXV0aG9yaXR5IGNlcnRpZmljYXRlcw==",
"server": "address of the kubernetes cluster (https://hostname:port)"
},
"issuer": "the identity issuer tied to this cluster",
"last_seen": {
"nanos": 420599000,
"seconds": 1675204601
},
"managed_name": "unique name assigned to this cluster's managed agent",
"name": "name of the cluster",
"registered": {
"nanos": 420599000,
"seconds": 1675204601
},
"remote_id": "the remote ID of this cluster",
"status": {
"message": "message",
"reason": "reason"
},
"version": "the Kubernetes version last reported by the cluster"
}
}