chore(docs): added audit log sample to usage guide (#428)

Author: daniel-sanche

logging/samples/snippets/usage_guide.py

@@ -71,6 +71,33 @@ def client_list_entries(client, to_delete):  # pylint: disable=unused-argument
         # [END client_list_entries_order_by]
         break
 
+    # [START logging_list_gke_audit_logs]
+    import google.cloud.logging
+    from datetime import datetime, timedelta, timezone
+    import os
+
+    # pull your project id from an environment variable
+    project_id = os.environ["GOOGLE_CLOUD_PROJECT"]
+    # construct a date object representing yesterday
+    yesterday = datetime.now(timezone.utc) - timedelta(days=1)
+    # Cloud Logging expects a timestamp in RFC3339 UTC "Zulu" format
+    # https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry
+    time_format = "%Y-%m-%dT%H:%M:%S.%f%z"
+    # build a filter that returns GKE Admin Activity audit Logs from
+    # the past 24 hours
+    # https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging
+    filter_str = (
+        f'logName="projects/{project_id}/logs/cloudaudit.googleapis.com%2Factivity"'
+        f' AND resource.type="k8s_cluster"'
+        f' AND timestamp>="{yesterday.strftime(time_format)}"'
+    )
+    # query and print all matching logs
+    client = google.cloud.logging.Client()
+    for entry in client.list_entries(filter_=filter_str):
+        print(entry)
+        # [END logging_list_gke_audit_logs]
+        break  # we don't really need to print them all
+
 
 @snippet
 def logger_usage(client, to_delete):