Following the docs available from GCP here: https://cloud.google.com/artifact-registry/docs/repositories/cleanup-policy
I set the cleanup policy on my artifact repository with the dry-run option enabled but could not get any audit logs to be outputted using the command.
gcloud logging read 'protoPayload.serviceName="artifactregistry.googleapis.com" AND protoPayload.request.parent:"projects/gift-service-app-jm/locations/australia-southeast1/repositories/gcf-artifacts" AND protoPayload.request.validateOnly=true' \
--resource-names="projects/gift-service-app-jm" \
--project=gift-service-app-jm
I was able to confirm the policy has been set and the dry-run option is enabled using the gcloud artifacts repositories describe gcf-artifacts
command
{
"cleanupPolicies": {
"Delete Previous Versions": {
"action": "DELETE",
"condition": {
"olderThan": "864000s",
"tagState": "UNTAGGED"
},
"id": "Delete Previous Versions"
}
},
"cleanupPolicyDryRun": true,
"createTime": "2023-09-27T05:07:31.256470Z",
"description": "This repository is created and used by Cloud Functions",
"format": "DOCKER",
"labels": {
"goog-managed-by": "cloudfunctions"
},
"mode": "STANDARD_REPOSITORY",
"name": "projects/gift-service-app-jm/locations/australia-southeast1/repositories/gcf-artifacts",
"updateTime": "2024-07-10T05:39:56.088672Z"
}
Has anyone had this issue before, I have the owner role applied to my IAM principal but have also tried adding the logs viewer and private logs viewer roles explicitly.