From ccf8847035e84cfe1f4c38163f21af38b8c16bc4 Mon Sep 17 00:00:00 2001 From: CNCF CI Bot Date: Wed, 28 Jul 2021 01:25:28 +0000 Subject: [PATCH] audit: update as of 2021-07-28 --- .../services/logging/logs.json | 1 - .../services/compute/project-info.json | 2 +- ...asets.etl_script_generated_set.access.json | 18 ----- ...ets.etl_script_generated_set_1.access.json | 18 ----- .../bigquery.datasets.etl_staging.access.json | 18 ----- .../bigquery/bigquery.datasets.hh.access.json | 18 ----- .../services/bigquery/bigquery.datasets.json | 66 ----------------- ....k8s_artifacts_dataset_bb_test.access.json | 18 ----- ....k8s_artifacts_gcslogs_appspot.access.json | 18 ----- ...atasets.kubernetes_public_logs.access.json | 18 ----- .../description.json | 10 +++ .../k8s-triage-robot-github-token/iam.json | 12 ++++ .../versions.json | 29 ++++++++ .../buckets/k8s-release-asia/iam.json | 17 +++++ .../buckets/k8s-release-asia/metadata.txt | 70 +++++++++++++++++++ .../buckets/k8s-release-eu/iam.json | 17 +++++ .../buckets/k8s-release-eu/metadata.txt | 70 +++++++++++++++++++ .../services/logging/logs.json | 3 +- audit/projects/kubernetes-public/iam.json | 6 ++ .../description.json | 7 ++ .../k8s-infra-prow-hmac-token/iam.json | 1 + .../k8s-infra-prow-hmac-token/versions.json | 11 +++ 22 files changed, 252 insertions(+), 196 deletions(-) delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set.access.json delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set_1.access.json delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_staging.access.json delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.hh.access.json delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_dataset_bb_test.access.json delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_gcslogs_appspot.access.json delete mode 100644 audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.kubernetes_public_logs.access.json create mode 100644 audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/description.json create mode 100644 audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/iam.json create mode 100644 audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/versions.json create mode 100644 audit/projects/k8s-release/buckets/k8s-release-asia/iam.json create mode 100644 audit/projects/k8s-release/buckets/k8s-release-asia/metadata.txt create mode 100644 audit/projects/k8s-release/buckets/k8s-release-eu/iam.json create mode 100644 audit/projects/k8s-release/buckets/k8s-release-eu/metadata.txt create mode 100644 audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/description.json create mode 100644 audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/iam.json create mode 100644 audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/versions.json diff --git a/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json b/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json index c2223d42952..4eb17f2f1a1 100644 --- a/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json +++ b/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json @@ -1,5 +1,4 @@ [ - "projects/k8s-gcr-audit-test-prod/logs/cip-audit-log", "projects/k8s-gcr-audit-test-prod/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-gcr-audit-test-prod/logs/cloudaudit.googleapis.com%2Fsystem_event", "projects/k8s-gcr-audit-test-prod/logs/clouderrorreporting.googleapis.com%2Finsights", diff --git a/audit/projects/k8s-infra-e2e-scale-5k-project/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-scale-5k-project/services/compute/project-info.json index 147d134d0b5..bcd0d81f6df 100644 --- a/audit/projects/k8s-infra-e2e-scale-5k-project/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-scale-5k-project/services/compute/project-info.json @@ -3,7 +3,7 @@ "items": [ { "key": "ssh-keys", - "value": "prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nprow:prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\n" + "value": "prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nprow:prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nameukam:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIQxCxqIeW9zArVuqZ7WhkURWkcQdj+PVqzTdUb65joIxS0hWnYR6gpKtKOUlLw+YUUuAAvoUjl2MBNHU8R1ctJ7V0ISf6IEQuFZa7aS68bYy92gzH1QDpgHeyHlFbOrzZbLFWjebnKlT2wQL+29JB/5oYwY6RW1a+vas0rI6GiHLUu5rEUuLr38lGni9rhoQcidcDtEG7rG/nfa64ZrhDVeiUt0udmZaViXgrlLLTaJjnZTQ1sI5IuG42EEBpGDhHRkDwhAiLNjjVVkoBWDtPMyT/WbraoqShPzBMKhJz6NtS61cF2yMWIN+xZbJoPDJCcwzvQ9sYlcYrt2LEn75UEN+554lrBeQHjdwumiKjAzR/4m+kUHR9nm+a0li5TJUAmQ5K3pKD6ju2xcyrtzaQQ48FJm0y7fIET5dl4fQgLPj8hD9p/UwETF+9lV/XMH0EEyh0AoFWt/X/oDzH9/eBo7bn03Lugj3eYlvM1griu3OB8Iz5HA3oRw0H6JtdX7U= ameukam@barbatos\narnaudm:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIQxCxqIeW9zArVuqZ7WhkURWkcQdj+PVqzTdUb65joIxS0hWnYR6gpKtKOUlLw+YUUuAAvoUjl2MBNHU8R1ctJ7V0ISf6IEQuFZa7aS68bYy92gzH1QDpgHeyHlFbOrzZbLFWjebnKlT2wQL+29JB/5oYwY6RW1a+vas0rI6GiHLUu5rEUuLr38lGni9rhoQcidcDtEG7rG/nfa64ZrhDVeiUt0udmZaViXgrlLLTaJjnZTQ1sI5IuG42EEBpGDhHRkDwhAiLNjjVVkoBWDtPMyT/WbraoqShPzBMKhJz6NtS61cF2yMWIN+xZbJoPDJCcwzvQ9sYlcYrt2LEn75UEN+554lrBeQHjdwumiKjAzR/4m+kUHR9nm+a0li5TJUAmQ5K3pKD6ju2xcyrtzaQQ48FJm0y7fIET5dl4fQgLPj8hD9p/UwETF+9lV/XMH0EEyh0AoFWt/X/oDzH9/eBo7bn03Lugj3eYlvM1griu3OB8Iz5HA3oRw0H6JtdX7U= ameukam@barbatos\na.meukam:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCdE4V5qmAAK8S9EqpuWIO3ZRXLPNOnLkgJboKOXvsgvUuE/96oaYTUZjo8tdovBsyx40q0quliylZB2X0yQ+LlbdnU9NUx/MrE6J98+05WYeJK/a+EjXwZv0lyTzl6ooDHZ+jEqUKaZ/rGaupFQU5pyFm1JZtJSdUrqQ2LLjbpcK3HGbWlt/TSjO//cJSx0J3aaf+PwqZBP3nAvcOQvnB+6hwmNha6FHvJPapiAb60/6QIrlWffrtVmGB+y2qBVaYdWZAP4iEKZKervFw/2x3+SyfTxwgp54kSok0ls1+xacQquTZR8Pj2wHwILE/9UkiUA7tZYK3nLguJGNs0Tqjzj1yykZdq3cJWq5XWtKBVtrghFboxtIJirlnD6wu3DqxfZwiqEOhRpEef0gH00rXCpMsuPur9rNSSeWHvRahqXIy5Ltq/Nl87WL3aJeUjlPk1ASRkKX+3WXZk6t6T+Lr4kJIzxWfFDxSXNKMRyMXi8hICLT9g5YLu42XLYmYI/bk= a.meukam@parprpmc012593a" } ], "kind": "compute#metadata" diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set.access.json deleted file mode 100644 index 68ab5d0a7b4..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "asn-etl@k8s-infra-ii-sandbox.iam.gserviceaccount.com" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set_1.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set_1.access.json deleted file mode 100644 index 4a76db5b89d..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set_1.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "bb@ii.coop" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_staging.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_staging.access.json deleted file mode 100644 index 4a76db5b89d..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_staging.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "bb@ii.coop" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.hh.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.hh.access.json deleted file mode 100644 index 1b9fe6a2bc6..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.hh.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "hh@ii.coop" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.json index 5b8f36bd945..3cfbd7a8c57 100644 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.json +++ b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.json @@ -1,22 +1,4 @@ [ - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:etl_script_generated_set", - "datasetReference": { - "datasetId": "etl_script_generated_set", - "projectId": "k8s-infra-ii-sandbox" - }, - "location": "US" - }, - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:etl_script_generated_set_1", - "datasetReference": { - "datasetId": "etl_script_generated_set_1", - "projectId": "k8s-infra-ii-sandbox" - }, - "location": "US" - }, { "kind": "bigquery#dataset", "id": "k8s-infra-ii-sandbox:etl_script_generated_set_prod", @@ -26,54 +8,6 @@ }, "location": "US" }, - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:etl_staging", - "datasetReference": { - "datasetId": "etl_staging", - "projectId": "k8s-infra-ii-sandbox" - }, - "location": "US" - }, - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:hh", - "datasetReference": { - "datasetId": "hh", - "projectId": "k8s-infra-ii-sandbox" - }, - "location": "US" - }, - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:k8s_artifacts_dataset_bb_test", - "datasetReference": { - "datasetId": "k8s_artifacts_dataset_bb_test", - "projectId": "k8s-infra-ii-sandbox" - }, - "labels": { - "managed-by-cnrm": "true" - }, - "location": "US" - }, - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:k8s_artifacts_gcslogs_appspot", - "datasetReference": { - "datasetId": "k8s_artifacts_gcslogs_appspot", - "projectId": "k8s-infra-ii-sandbox" - }, - "location": "US" - }, - { - "kind": "bigquery#dataset", - "id": "k8s-infra-ii-sandbox:kubernetes_public_logs", - "datasetReference": { - "datasetId": "kubernetes_public_logs", - "projectId": "k8s-infra-ii-sandbox" - }, - "location": "US" - }, { "kind": "bigquery#dataset", "id": "k8s-infra-ii-sandbox:riaan_data_store", diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_dataset_bb_test.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_dataset_bb_test.access.json deleted file mode 100644 index 4a76db5b89d..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_dataset_bb_test.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "bb@ii.coop" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_gcslogs_appspot.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_gcslogs_appspot.access.json deleted file mode 100644 index 4a76db5b89d..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.k8s_artifacts_gcslogs_appspot.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "bb@ii.coop" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.kubernetes_public_logs.access.json b/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.kubernetes_public_logs.access.json deleted file mode 100644 index e1dcaceb7dd..00000000000 --- a/audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.kubernetes_public_logs.access.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "role": "WRITER", - "specialGroup": "projectWriters" - }, - { - "role": "OWNER", - "specialGroup": "projectOwners" - }, - { - "role": "OWNER", - "userByEmail": "caleb@ii.coop" - }, - { - "role": "READER", - "specialGroup": "projectReaders" - } -] diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/description.json new file mode 100644 index 00000000000..e666f158660 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/description.json @@ -0,0 +1,10 @@ +{ + "createTime": "2021-07-22T15:22:42.229306Z", + "labels": { + "group": "sig-contributor-experience" + }, + "name": "projects/180382678033/secrets/k8s-triage-robot-github-token", + "replication": { + "automatic": {} + } +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/iam.json new file mode 100644 index 00000000000..a175f7e4429 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/iam.json @@ -0,0 +1,12 @@ +{ + "bindings": [ + { + "members": [ + "group:github@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io" + ], + "role": "roles/secretmanager.admin" + } + ], + "version": 1 +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/versions.json new file mode 100644 index 00000000000..a105f740f12 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/k8s-triage-robot-github-token/versions.json @@ -0,0 +1,29 @@ +[ + { + "createTime": "2021-07-23T03:18:11.506633Z", + "etag": "\"15c7c1da789dc9\"", + "name": "projects/180382678033/secrets/k8s-triage-robot-github-token/versions/3", + "replicationStatus": { + "automatic": {} + }, + "state": "ENABLED" + }, + { + "createTime": "2021-07-22T22:02:20.507249Z", + "etag": "\"15c7bd70e75071\"", + "name": "projects/180382678033/secrets/k8s-triage-robot-github-token/versions/2", + "replicationStatus": { + "automatic": {} + }, + "state": "ENABLED" + }, + { + "createTime": "2021-07-22T17:11:33.029513Z", + "etag": "\"15c7c1db001f02\"", + "name": "projects/180382678033/secrets/k8s-triage-robot-github-token/versions/1", + "replicationStatus": { + "automatic": {} + }, + "state": "DISABLED" + } +] diff --git a/audit/projects/k8s-release/buckets/k8s-release-asia/iam.json b/audit/projects/k8s-release/buckets/k8s-release-asia/iam.json new file mode 100644 index 00000000000..1ea1407f67e --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-asia/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-release", + "projectOwner:k8s-release" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-release" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-release/buckets/k8s-release-asia/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release-asia/metadata.txt new file mode 100644 index 00000000000..63570160d73 --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-asia/metadata.txt @@ -0,0 +1,70 @@ +gs://k8s-release-asia/ : + Storage class: STANDARD + Location type: multi-region + Location constraint: US + Versioning enabled: None + Logging configuration: None + Website configuration: None + CORS configuration: None + Lifecycle configuration: None + Requester Pays enabled: None + Labels: None + Default KMS key: None + Time created: Mon, 26 Jul 2021 22:12:46 GMT + Time updated: Mon, 26 Jul 2021 22:12:46 GMT + Metageneration: 1 + Bucket Policy Only enabled: False + ACL: + [ + { + "entity": "project-owners-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "owners" + }, + "role": "OWNER" + }, + { + "entity": "project-editors-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "editors" + }, + "role": "OWNER" + }, + { + "entity": "project-viewers-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "viewers" + }, + "role": "READER" + } + ] + Default ACL: + [ + { + "entity": "project-owners-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "owners" + }, + "role": "OWNER" + }, + { + "entity": "project-editors-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "editors" + }, + "role": "OWNER" + }, + { + "entity": "project-viewers-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "viewers" + }, + "role": "READER" + } + ] diff --git a/audit/projects/k8s-release/buckets/k8s-release-eu/iam.json b/audit/projects/k8s-release/buckets/k8s-release-eu/iam.json new file mode 100644 index 00000000000..1ea1407f67e --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-eu/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-release", + "projectOwner:k8s-release" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-release" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-release/buckets/k8s-release-eu/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release-eu/metadata.txt new file mode 100644 index 00000000000..772056a2a09 --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-eu/metadata.txt @@ -0,0 +1,70 @@ +gs://k8s-release-eu/ : + Storage class: STANDARD + Location type: multi-region + Location constraint: US + Versioning enabled: None + Logging configuration: None + Website configuration: None + CORS configuration: None + Lifecycle configuration: None + Requester Pays enabled: None + Labels: None + Default KMS key: None + Time created: Mon, 26 Jul 2021 22:12:50 GMT + Time updated: Mon, 26 Jul 2021 22:12:50 GMT + Metageneration: 1 + Bucket Policy Only enabled: False + ACL: + [ + { + "entity": "project-owners-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "owners" + }, + "role": "OWNER" + }, + { + "entity": "project-editors-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "editors" + }, + "role": "OWNER" + }, + { + "entity": "project-viewers-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "viewers" + }, + "role": "READER" + } + ] + Default ACL: + [ + { + "entity": "project-owners-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "owners" + }, + "role": "OWNER" + }, + { + "entity": "project-editors-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "editors" + }, + "role": "OWNER" + }, + { + "entity": "project-viewers-304687256732", + "projectTeam": { + "projectNumber": "304687256732", + "team": "viewers" + }, + "role": "READER" + } + ] diff --git a/audit/projects/k8s-staging-etcd/services/logging/logs.json b/audit/projects/k8s-staging-etcd/services/logging/logs.json index 7b21359a9b0..cc12dda89ec 100644 --- a/audit/projects/k8s-staging-etcd/services/logging/logs.json +++ b/audit/projects/k8s-staging-etcd/services/logging/logs.json @@ -1,4 +1,3 @@ [ - "projects/k8s-staging-etcd/logs/cloudaudit.googleapis.com%2Factivity", - "projects/k8s-staging-etcd/logs/cloudbuild" + "projects/k8s-staging-etcd/logs/cloudaudit.googleapis.com%2Factivity" ] diff --git a/audit/projects/kubernetes-public/iam.json b/audit/projects/kubernetes-public/iam.json index cbfd6da61e0..097185ae6b5 100644 --- a/audit/projects/kubernetes-public/iam.json +++ b/audit/projects/kubernetes-public/iam.json @@ -1,5 +1,11 @@ { "bindings": [ + { + "members": [ + "serviceAccount:prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" + ], + "role": "organizations/758905017065/roles/container.deployer" + }, { "members": [ "group:k8s-infra-cluster-admins@kubernetes.io" diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/description.json b/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/description.json new file mode 100644 index 00000000000..75686a2d3de --- /dev/null +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/description.json @@ -0,0 +1,7 @@ +{ + "createTime": "2021-07-21T22:43:41.525028Z", + "name": "projects/127754664067/secrets/k8s-infra-prow-hmac-token", + "replication": { + "automatic": {} + } +} diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/iam.json b/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/iam.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/iam.json @@ -0,0 +1 @@ +{} diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/versions.json b/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/versions.json new file mode 100644 index 00000000000..533a45b9d6b --- /dev/null +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-prow-hmac-token/versions.json @@ -0,0 +1,11 @@ +[ + { + "createTime": "2021-07-21T22:43:43.063748Z", + "etag": "\"15c7a9e708bec4\"", + "name": "projects/127754664067/secrets/k8s-infra-prow-hmac-token/versions/1", + "replicationStatus": { + "automatic": {} + }, + "state": "ENABLED" + } +]