Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: GCS bucket to store official CVE list #3494

Closed
PushkarJ opened this issue Mar 9, 2022 · 7 comments
Closed

Request: GCS bucket to store official CVE list #3494

PushkarJ opened this issue Mar 9, 2022 · 7 comments
Assignees
@ameukam
Labels
sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/security Categorizes an issue or PR as relevant to SIG Security. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Milestone
v1.25

Comments

@PushkarJ
Copy link
Member

PushkarJ commented Mar 9, 2022
edited
Loading

In support of KEP-3203: kubernetes/enhancements#3204

We need GCS bucket to store generated JSON blob of official CVE list, which needs to be public readable (http get should work)

  • The google group this can be linked to for membership is [email protected]
  • We will also need a service account with credentials that we can use to write to bucket

Reference PR I have seen that does something very similar is #2570

/sig security k8s-infra docs testing
@PushkarJ PushkarJ added the sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. label Mar 9, 2022
@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Mar 9, 2022
@PushkarJ PushkarJ mentioned this issue Mar 9, 2022
Closed
@ameukam
Copy link
Member

ameukam commented Mar 15, 2022

/milestone v1.24
/assign

@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Mar 15, 2022
@ameukam
Copy link
Member

ameukam commented Apr 21, 2022

Sorry for not taking care of this now. The main effort is focused on 1.24 out in 2 weeks. I'll get back when 1.25 start.

/milestone v1.25

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.24, v1.25 Apr 21, 2022
@nehaLohia27
Copy link
Contributor

@ameukam Any updates on this issue ?

@ameukam
Copy link
Member

ameukam commented Jun 15, 2022

@ameukam Any updates on this issue ?

@nehaLohia27 Sorry. I didn't have the bandwidth to take care of this. Should be take care before end of the milestone.

@PushkarJ PushkarJ mentioned this issue Jul 12, 2022
Open
10 tasks
@PushkarJ
Copy link
Member Author

@ameukam (when you are back) This is part of kubernetes/enhancements#3203 tracked for v1.25.

Much of our implementation depends on having this GCS bucket created. What's the best way we can help you get this created?

@PushkarJ PushkarJ mentioned this issue Jul 21, 2022
Merged
3 tasks
@ameukam ameukam mentioned this issue Jul 25, 2022
Merged
This was referenced Jul 25, 2022
Merged
Merged
@PushkarJ
Copy link
Member Author

Just confirmed a few things post merge of #4009

  • A user(me) from security-tooling-private is able to write to the bucket
  • View access is public for all
  • Anonymous users are not able to write to the bucket and get this error ServiceException: 401 Anonymous caller does not have storage.objects.create access to the Google Cloud Storage object.

So I think it is safe to close this one!!

Thank you for your help in implementing this @ameukam
/close

@k8s-ci-robot
Copy link
Contributor

@PushkarJ: Closing this issue.

In response to this:

Just confirmed a few things post merge of #4009

  • A user(me) from security-tooling-private is able to write to the bucket
  • View access is public for all
  • Anonymous users are not able to write to the bucket and get this error ServiceException: 401 Anonymous caller does not have storage.objects.create access to the Google Cloud Storage object.

So I think it is safe to close this one!!

Thank you for your help in implementing this @ameukam
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot moved this to Done in SIG K8S Infra Jul 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ameukam ameukam

Labels
sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/security Categorizes an issue or PR as relevant to SIG Security. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
SIG K8S Infra
Status: Done
Milestone
v1.25
Development

No branches or pull requests
4 participants
@ameukam @PushkarJ @nehaLohia27 @k8s-ci-robot