Skip to content

Google Cloud EventArc

To send Google Cloud Audit log events to EventArc you will need a container service running on Cloud Run. We provide you a container located at ''. That container's job is to read the cloud event it receives and relays it back to a Direktiv service.


Setup Audit Logs to be managed

Read policy file to /tmp/policy.yaml

gcloud projects get-iam-policy PROJECT_ID > /tmp/policy.yaml

Add the follow section above 'bindings:'

- auditLogConfigs:
  - logType: ADMIN_READ
  - logType: DATA_WRITE
  - logType: DATA_READ

Set the new policy

gcloud projects set-iam-policy PROJECT_ID /tmp/policy.yaml

Setup Configs for Gcloud to run properly

gcloud config set project PROJECT_ID
gcloud config set run/region us-central1
gcloud config set run/platform managed
gcloud config set eventarc/location us-central1

Configure the Cloud Run Service

Using Authentication

Create a secret to use as the DIREKTIV_TOKEN

gcloud secrets create DIREKTIV_TOKEN \

Create a file that contains the ACCESS_TOKEN generated from Direktiv that has 'namespaceEvent' privilege. I chose to create the file as '/tmp/ac'.

Add the secret data to the secret

gcloud secrets versions add DIREKTIV_TOKEN --data-file=/tmp/ac

Create a Cloud Run Service

Deploy the container to your environment

gcloud beta run deploy event-arc-listener --image \
    --update-secrets=DIREKTIV_TOKEN=DIREKTIV_TOKEN:1 \
    --set-env-vars "DIREKTIV_NAMESPACE=trent" \
    --set-env-vars "DIREKTIV_ENDPOINT=" \

Create a Trigger for the Cloud Run Service

Create a new trigger to listen for storage events on this project.

gcloud eventarc triggers create storage-upload-trigger \
    --destination-run-service=event-arc-listener  \
    --destination-run-region=us-central1 \
    --event-filters="" \
    --event-filters="" \
    --event-filters="methodName=storage.objects.create" \

Note: Keep in mind this trigger will take 10 minutes to work


Create this simple workflow that gets executed when it receives a cloud-event of a specific type.

id: listen-for-event
description: Listen to a custom cloud event
  type: event
  state: helloworld
  - id: helloworld
    type: noop
    transform: 'jq({ result: . })'