I am trying to enable Audit Logs i.e. Data Access Logs using Cloud Deployment Manager in GCP but I am getting some error, below is the script I have created in YAML.
resources:
- name: get-iam-policy
action: gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.getIamPolicy
properties:
resource: <project_id>
metadata:
runtimePolicy:
- 'UPDATE_ALWAYS'
- name: patch-iam-policy
action: gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.setIamPolicy
properties:
resource: <project_id>
policy:
etag: $(ref.get-iam-policy.etag)
auditConfigs:
- auditLogConfigs:
- logType: ADMIN_READ
service: allServices
Above code is stored in file deploy.yaml and below command is used to create the deployment
gcloud deployment-manager deployments create test --config deploy.yaml
I am getting error below
(gcloud.deployment-manager.deployments.create) Error in Operation [operation-1621334235876-5c2984b310ba1-9e1e602f-d982565d]: errors:
- code: RESOURCE_ERROR
location: /deployments/test/resources/patch-iam-policy
message: '{"ResourceType":"gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.setIamPolicy","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"Invalid
JSON payload received. Unknown name \"auditConfigs\": Cannot find field.","status":"INVALID_ARGUMENT","details":[{"@type":"type.googleapis.com/google.rpc.BadRequest","fieldViolations":[{"description":"Invalid
JSON payload received. Unknown name \"auditConfigs\": Cannot find field."}]}],"statusMessage":"Bad
Request","requestPath":"https://cloudresourcemanager.googleapis.com/v1/projects/******:setIamPolicy","httpMethod":"POST"}}'