feat(audit_trail): audit alerting endpoint (#5385)

scaleway-bot · yfodil · web-flow · commit c813f3028caf · 2026-03-06T15:57:45.000Z
Co-authored-by: Yacine FODIL &lt;yfodil@scaleway.com&gt;
diff --git a/cmd/scw/testdata/test-all-usage-audit-trail-event-list-usage.golden b/cmd/scw/testdata/test-all-usage-audit-trail-event-list-usage.golden
@@ -7,7 +7,7 @@ USAGE:
 
 ARGS:
   [project-id]        (Optional) ID of the Project containing the Audit Trail events
-  [resource-type]     (Optional) Type of the Scaleway resource (unknown_type | secm_secret | secm_secret_version | kube_cluster | kube_pool | kube_node | kube_acl | keym_key | iam_user | iam_application | iam_group | iam_policy | iam_api_key | iam_ssh_key | iam_rule | iam_saml | iam_saml_certificate | iam_scim | iam_scim_token | secret_manager_secret | secret_manager_version | key_manager_key | account_user | account_organization | account_project | account_contract_signature | instance_server | instance_placement_group | instance_security_group | instance_volume | instance_snapshot | instance_image | instance_template | apple_silicon_server | baremetal_server | baremetal_setting | ipam_ip | sbs_volume | sbs_snapshot | load_balancer_lb | load_balancer_ip | load_balancer_frontend | load_balancer_backend | load_balancer_route | load_balancer_acl | load_balancer_certificate | sfs_filesystem | vpc_private_network | vpc_vpc | vpc_subnet | vpc_route | vpc_acl | edge_services_plan | edge_services_pipeline | edge_services_dns_stage | edge_services_tls_stage | edge_services_cache_stage | edge_services_route_stage | edge_services_route_rules | edge_services_waf_stage | edge_services_backend_stage | s2s_vpn_gateway | s2s_customer_gateway | s2s_routing_policy | s2s_connection | vpc_gw_gateway | vpc_gw_gateway_network | vpc_gw_dhcp | vpc_gw_dhcp_entry | vpc_gw_pat_rule | vpc_gw_ip | audit_trail_export_job | rdb_instance | rdb_instance_backup | rdb_instance_endpoint | rdb_instance_logs | rdb_instance_read_replica | rdb_instance_snapshot | mongodb_instance | mongodb_instance_snapshot | mongodb_instance_endpoint | apple_silicon_runner)
+  [resource-type]     (Optional) Type of the Scaleway resource (unknown_type | secm_secret | secm_secret_version | kube_cluster | kube_pool | kube_node | kube_acl | keym_key | iam_user | iam_application | iam_group | iam_policy | iam_api_key | iam_ssh_key | iam_rule | iam_saml | iam_saml_certificate | iam_scim | iam_scim_token | secret_manager_secret | secret_manager_version | key_manager_key | account_user | account_organization | account_project | account_contract_signature | instance_server | instance_placement_group | instance_security_group | instance_volume | instance_snapshot | instance_image | instance_template | apple_silicon_server | baremetal_server | baremetal_setting | ipam_ip | sbs_volume | sbs_snapshot | load_balancer_lb | load_balancer_ip | load_balancer_frontend | load_balancer_backend | load_balancer_route | load_balancer_acl | load_balancer_certificate | sfs_filesystem | vpc_private_network | vpc_vpc | vpc_subnet | vpc_route | vpc_acl | edge_services_plan | edge_services_pipeline | edge_services_dns_stage | edge_services_tls_stage | edge_services_cache_stage | edge_services_route_stage | edge_services_route_rules | edge_services_waf_stage | edge_services_backend_stage | s2s_vpn_gateway | s2s_customer_gateway | s2s_routing_policy | s2s_connection | vpc_gw_gateway | vpc_gw_gateway_network | vpc_gw_dhcp | vpc_gw_dhcp_entry | vpc_gw_pat_rule | vpc_gw_ip | audit_trail_export_job | rdb_instance | rdb_instance_backup | rdb_instance_endpoint | rdb_instance_logs | rdb_instance_read_replica | rdb_instance_snapshot | mongodb_instance | mongodb_instance_snapshot | mongodb_instance_endpoint | apple_silicon_runner | audit_trail_alert_rule)
   [method-name]       (Optional) Name of the method of the API call performed
   [status]            (Optional) HTTP status code of the request. Returns either `200` if the request was successful or `403` if the permission was denied
   [recorded-after]    (Optional) The `recorded_after` parameter defines the earliest timestamp from which Audit Trail events are retrieved. Returns `one hour ago` by default
diff --git a/docs/commands/audit-trail.md b/docs/commands/audit-trail.md
@@ -29,7 +29,7 @@ scw audit-trail event list [arg=value ...]
 | Name |   | Description |
 |------|---|-------------|
 | project-id |  | (Optional) ID of the Project containing the Audit Trail events |
-| resource-type | One of: `unknown_type`, `secm_secret`, `secm_secret_version`, `kube_cluster`, `kube_pool`, `kube_node`, `kube_acl`, `keym_key`, `iam_user`, `iam_application`, `iam_group`, `iam_policy`, `iam_api_key`, `iam_ssh_key`, `iam_rule`, `iam_saml`, `iam_saml_certificate`, `iam_scim`, `iam_scim_token`, `secret_manager_secret`, `secret_manager_version`, `key_manager_key`, `account_user`, `account_organization`, `account_project`, `account_contract_signature`, `instance_server`, `instance_placement_group`, `instance_security_group`, `instance_volume`, `instance_snapshot`, `instance_image`, `instance_template`, `apple_silicon_server`, `baremetal_server`, `baremetal_setting`, `ipam_ip`, `sbs_volume`, `sbs_snapshot`, `load_balancer_lb`, `load_balancer_ip`, `load_balancer_frontend`, `load_balancer_backend`, `load_balancer_route`, `load_balancer_acl`, `load_balancer_certificate`, `sfs_filesystem`, `vpc_private_network`, `vpc_vpc`, `vpc_subnet`, `vpc_route`, `vpc_acl`, `edge_services_plan`, `edge_services_pipeline`, `edge_services_dns_stage`, `edge_services_tls_stage`, `edge_services_cache_stage`, `edge_services_route_stage`, `edge_services_route_rules`, `edge_services_waf_stage`, `edge_services_backend_stage`, `s2s_vpn_gateway`, `s2s_customer_gateway`, `s2s_routing_policy`, `s2s_connection`, `vpc_gw_gateway`, `vpc_gw_gateway_network`, `vpc_gw_dhcp`, `vpc_gw_dhcp_entry`, `vpc_gw_pat_rule`, `vpc_gw_ip`, `audit_trail_export_job`, `rdb_instance`, `rdb_instance_backup`, `rdb_instance_endpoint`, `rdb_instance_logs`, `rdb_instance_read_replica`, `rdb_instance_snapshot`, `mongodb_instance`, `mongodb_instance_snapshot`, `mongodb_instance_endpoint`, `apple_silicon_runner` | (Optional) Type of the Scaleway resource |
+| resource-type | One of: `unknown_type`, `secm_secret`, `secm_secret_version`, `kube_cluster`, `kube_pool`, `kube_node`, `kube_acl`, `keym_key`, `iam_user`, `iam_application`, `iam_group`, `iam_policy`, `iam_api_key`, `iam_ssh_key`, `iam_rule`, `iam_saml`, `iam_saml_certificate`, `iam_scim`, `iam_scim_token`, `secret_manager_secret`, `secret_manager_version`, `key_manager_key`, `account_user`, `account_organization`, `account_project`, `account_contract_signature`, `instance_server`, `instance_placement_group`, `instance_security_group`, `instance_volume`, `instance_snapshot`, `instance_image`, `instance_template`, `apple_silicon_server`, `baremetal_server`, `baremetal_setting`, `ipam_ip`, `sbs_volume`, `sbs_snapshot`, `load_balancer_lb`, `load_balancer_ip`, `load_balancer_frontend`, `load_balancer_backend`, `load_balancer_route`, `load_balancer_acl`, `load_balancer_certificate`, `sfs_filesystem`, `vpc_private_network`, `vpc_vpc`, `vpc_subnet`, `vpc_route`, `vpc_acl`, `edge_services_plan`, `edge_services_pipeline`, `edge_services_dns_stage`, `edge_services_tls_stage`, `edge_services_cache_stage`, `edge_services_route_stage`, `edge_services_route_rules`, `edge_services_waf_stage`, `edge_services_backend_stage`, `s2s_vpn_gateway`, `s2s_customer_gateway`, `s2s_routing_policy`, `s2s_connection`, `vpc_gw_gateway`, `vpc_gw_gateway_network`, `vpc_gw_dhcp`, `vpc_gw_dhcp_entry`, `vpc_gw_pat_rule`, `vpc_gw_ip`, `audit_trail_export_job`, `rdb_instance`, `rdb_instance_backup`, `rdb_instance_endpoint`, `rdb_instance_logs`, `rdb_instance_read_replica`, `rdb_instance_snapshot`, `mongodb_instance`, `mongodb_instance_snapshot`, `mongodb_instance_endpoint`, `apple_silicon_runner`, `audit_trail_alert_rule` | (Optional) Type of the Scaleway resource |
 | method-name |  | (Optional) Name of the method of the API call performed |
 | status |  | (Optional) HTTP status code of the request. Returns either `200` if the request was successful or `403` if the permission was denied |
 | recorded-after |  | (Optional) The `recorded_after` parameter defines the earliest timestamp from which Audit Trail events are retrieved. Returns `one hour ago` by default |
diff --git a/go.mod b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/moby/buildkit v0.28.0
 	github.com/moby/go-archive v0.2.0
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260305131804-040897b1dc59
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260306130343-cfb58d20e951
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/pflag v1.0.10
diff --git a/go.sum b/go.sum
@@ -476,8 +476,8 @@ github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI=
 github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260305131804-040897b1dc59 h1:LihhZcC1EBGMXecl4wjuozsII2pKtsxPHkO8P5VXyA4=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260305131804-040897b1dc59/go.mod h1:EG4RjSWH4YiEB6bPmLxzkDm7GsEqLcXNTCwigMNapxQ=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260306130343-cfb58d20e951 h1:dlU8JPen8NfS9RtVFpVOaZc/f8HymiGq8Ne2koe7FoM=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260306130343-cfb58d20e951/go.mod h1:EG4RjSWH4YiEB6bPmLxzkDm7GsEqLcXNTCwigMNapxQ=
 github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8=
 github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM=
 github.com/secure-systems-lab/go-securesystemslib v0.10.0 h1:l+H5ErcW0PAehBNrBxoGv1jjNpGYdZ9RcheFkB2WI14=
diff --git a/internal/namespaces/audit_trail/v1alpha1/audit_trail_cli.go b/internal/namespaces/audit_trail/v1alpha1/audit_trail_cli.go
@@ -159,6 +159,7 @@ func auditTrailEventList() *core.Command {
 					"mongodb_instance_snapshot",
 					"mongodb_instance_endpoint",
 					"apple_silicon_runner",
+					"audit_trail_alert_rule",
 				},
 			},
 			{

-Original file line number
+Diff line change
 	github.com/moby/buildkit v0.28.0
 	github.com/moby/go-archive v0.2.0
 	github.com/opencontainers/go-digest v1.0.0
 -	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260305131804-040897b1dc59
 +	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36.0.20260306130343-cfb58d20e951
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/pflag v1.0.10
Original file line number	Diff line number	Diff line change
`@@ -159,6 +159,7 @@ func auditTrailEventList() *core.Command {`
`159`	`159`	`"mongodb_instance_snapshot",`
`160`	`160`	`"mongodb_instance_endpoint",`
`161`	`161`	`"apple_silicon_runner",`
	`162`	`+ "audit_trail_alert_rule",`
`162`	`163`	`},`
`163`	`164`	`},`
`164`	`165`	`{`