From 3a62717288f2154ea79ed7220f6b62cc7af76d7e Mon Sep 17 00:00:00 2001 From: CNCF CI Bot Date: Thu, 27 May 2021 17:06:17 +0000 Subject: [PATCH] audit: update as of 2021-05-27 --- .../org_kubernetes.io/roles/audit.viewer.json | 71 ++++++++++++++++++- .../org_kubernetes.io/roles/prow.viewer.json | 20 ++++++ .../services/compute/project-info.json | 10 +-- 3 files changed, 93 insertions(+), 8 deletions(-) diff --git a/audit/org_kubernetes.io/roles/audit.viewer.json b/audit/org_kubernetes.io/roles/audit.viewer.json index 8c511fb7a6ce..3ff8ddd6ee95 100644 --- a/audit/org_kubernetes.io/roles/audit.viewer.json +++ b/audit/org_kubernetes.io/roles/audit.viewer.json @@ -13,21 +13,40 @@ "actions.agentVersions.list", "aiplatform.annotationSpecs.list", "aiplatform.annotations.list", + "aiplatform.artifacts.list", "aiplatform.batchPredictionJobs.list", + "aiplatform.contexts.list", "aiplatform.customJobs.list", "aiplatform.dataItems.list", "aiplatform.dataLabelingJobs.list", "aiplatform.datasets.list", + "aiplatform.edgeDeploymentJobs.list", + "aiplatform.edgeDevices.list", "aiplatform.endpoints.list", + "aiplatform.entityTypes.list", + "aiplatform.executions.list", + "aiplatform.features.list", + "aiplatform.featurestores.list", + "aiplatform.humanInTheLoops.list", "aiplatform.hyperparameterTuningJobs.list", + "aiplatform.indexEndpoints.list", + "aiplatform.indexes.list", "aiplatform.locations.list", + "aiplatform.metadataSchemas.list", + "aiplatform.metadataStores.list", + "aiplatform.modelDeploymentMonitoringJobs.list", "aiplatform.modelEvaluationSlices.list", "aiplatform.modelEvaluations.list", "aiplatform.models.list", "aiplatform.nasJobs.list", "aiplatform.operations.list", + "aiplatform.pipelineJobs.list", "aiplatform.specialistPools.list", "aiplatform.studies.list", + "aiplatform.tensorboardExperiments.list", + "aiplatform.tensorboardRuns.list", + "aiplatform.tensorboardTimeSeries.list", + "aiplatform.tensorboards.list", "aiplatform.trainingPipelines.list", "aiplatform.trials.list", "apigateway.apiconfigs.getIamPolicy", @@ -112,16 +131,25 @@ "automlrecommendations.placements.list", "automlrecommendations.recommendations.list", "autoscaling.sites.getIamPolicy", + "bigquery.bireservations.get", + "bigquery.capacityCommitments.get", "bigquery.capacityCommitments.list", "bigquery.connections.getIamPolicy", "bigquery.connections.list", + "bigquery.datasets.get", "bigquery.datasets.getIamPolicy", + "bigquery.jobs.get", "bigquery.jobs.list", + "bigquery.jobs.listAll", + "bigquery.models.getMetadata", "bigquery.models.list", "bigquery.reservationAssignments.list", + "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.routines.get", "bigquery.routines.list", "bigquery.savedqueries.list", + "bigquery.tables.get", "bigquery.tables.getIamPolicy", "bigquery.tables.list", "bigtable.appProfiles.list", @@ -239,7 +267,12 @@ "cloudasset.assets.exportSpannerInstances", "cloudasset.assets.exportSqladminInstances", "cloudasset.assets.exportStorageBuckets", + "cloudasset.assets.listAccessPolicy", "cloudasset.assets.listCloudkmsCryptoKeys", + "cloudasset.assets.listIamPolicy", + "cloudasset.assets.listOSInventories", + "cloudasset.assets.listOrgPolicy", + "cloudasset.assets.listResource", "cloudasset.assets.searchAllIamPolicies", "cloudasset.assets.searchAllResources", "cloudasset.feeds.list", @@ -255,12 +288,14 @@ "cloudiot.registries.list", "cloudjobdiscovery.companies.list", "cloudkms.cryptoKeyVersions.list", + "cloudkms.cryptoKeyVersions.viewPublicKey", "cloudkms.cryptoKeys.getIamPolicy", "cloudkms.cryptoKeys.list", "cloudkms.importJobs.getIamPolicy", "cloudkms.importJobs.list", "cloudkms.keyRings.getIamPolicy", "cloudkms.keyRings.list", + "cloudkms.locations.get", "cloudkms.locations.list", "cloudnotifications.activities.list", "cloudprivatecatalogproducer.associations.list", @@ -340,7 +375,6 @@ "compute.globalAddresses.list", "compute.globalForwardingRules.get", "compute.globalForwardingRules.list", - "compute.globalForwardingRules.pscGet", "compute.globalNetworkEndpointGroups.get", "compute.globalNetworkEndpointGroups.list", "compute.globalOperations.get", @@ -437,7 +471,6 @@ "compute.regionTargetHttpsProxies.list", "compute.regionUrlMaps.get", "compute.regionUrlMaps.list", - "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", "compute.reservations.get", @@ -482,7 +515,6 @@ "compute.targetVpnGateways.list", "compute.urlMaps.get", "compute.urlMaps.list", - "compute.urlMaps.validate", "compute.vpnGateways.get", "compute.vpnGateways.list", "compute.vpnTunnels.get", @@ -503,6 +535,7 @@ "container.certificateSigningRequests.list", "container.clusterRoleBindings.list", "container.clusterRoles.list", + "container.clusters.get", "container.clusters.list", "container.componentStatuses.list", "container.configMaps.list", @@ -769,11 +802,22 @@ "iap.webServiceVersions.getIamPolicy", "iap.webServices.getIamPolicy", "iap.webTypes.getIamPolicy", + "integrations.apigeeAuthConfigs.list", + "integrations.apigeeExecutions.list", + "integrations.apigeeIntegrationVers.list", + "integrations.apigeeIntegrations.list", + "integrations.apigeeSfdcChannels.list", + "integrations.apigeeSfdcInstances.list", + "integrations.apigeeSuspensions.list", "lifesciences.operations.list", + "logging.buckets.get", "logging.buckets.list", + "logging.exclusions.get", "logging.exclusions.list", + "logging.locations.get", "logging.locations.list", "logging.logEntries.list", + "logging.logMetrics.get", "logging.logMetrics.list", "logging.logServiceIndexes.list", "logging.logServices.list", @@ -781,8 +825,13 @@ "logging.notificationRules.list", "logging.operations.list", "logging.privateLogEntries.list", + "logging.queries.get", "logging.queries.list", + "logging.queries.listShared", + "logging.sinks.get", "logging.sinks.list", + "logging.usage.get", + "logging.views.get", "logging.views.list", "managedidentities.domains.getIamPolicy", "managedidentities.domains.list", @@ -807,17 +856,28 @@ "ml.studies.list", "ml.trials.list", "ml.versions.list", + "monitoring.alertPolicies.get", "monitoring.alertPolicies.list", + "monitoring.dashboards.get", "monitoring.dashboards.list", + "monitoring.groups.get", "monitoring.groups.list", + "monitoring.metricDescriptors.get", "monitoring.metricDescriptors.list", + "monitoring.monitoredResourceDescriptors.get", "monitoring.monitoredResourceDescriptors.list", + "monitoring.notificationChannelDescriptors.get", "monitoring.notificationChannelDescriptors.list", + "monitoring.notificationChannels.get", "monitoring.notificationChannels.list", + "monitoring.publicWidgets.get", "monitoring.publicWidgets.list", + "monitoring.services.get", "monitoring.services.list", + "monitoring.slos.get", "monitoring.slos.list", "monitoring.timeSeries.list", + "monitoring.uptimeCheckConfigs.get", "monitoring.uptimeCheckConfigs.list", "networkconnectivity.hubs.getIamPolicy", "networkconnectivity.hubs.list", @@ -887,12 +947,16 @@ "proximitybeacon.beacons.list", "proximitybeacon.namespaces.getIamPolicy", "proximitybeacon.namespaces.list", + "pubsub.schemas.get", "pubsub.schemas.getIamPolicy", "pubsub.schemas.list", + "pubsub.snapshots.get", "pubsub.snapshots.getIamPolicy", "pubsub.snapshots.list", + "pubsub.subscriptions.get", "pubsub.subscriptions.getIamPolicy", "pubsub.subscriptions.list", + "pubsub.topics.get", "pubsub.topics.getIamPolicy", "pubsub.topics.list", "pubsublite.subscriptions.list", @@ -1008,6 +1072,7 @@ "spanner.instances.getIamPolicy", "spanner.instances.list", "spanner.sessions.list", + "stackdriver.projects.get", "storage.buckets.get", "storage.buckets.getIamPolicy", "storage.buckets.list", diff --git a/audit/org_kubernetes.io/roles/prow.viewer.json b/audit/org_kubernetes.io/roles/prow.viewer.json index a28b8d98eebc..f16db9722ff2 100644 --- a/audit/org_kubernetes.io/roles/prow.viewer.json +++ b/audit/org_kubernetes.io/roles/prow.viewer.json @@ -383,8 +383,28 @@ "monitoring.uptimeCheckConfigs.get", "monitoring.uptimeCheckConfigs.list", "opsconfigmonitoring.resourceMetadata.list", + "pubsub.schemas.get", + "pubsub.schemas.list", + "pubsub.schemas.validate", + "pubsub.snapshots.get", + "pubsub.snapshots.list", + "pubsub.subscriptions.get", + "pubsub.subscriptions.list", + "pubsub.topics.get", + "pubsub.topics.list", + "resourcemanager.folders.get", + "resourcemanager.folders.list", + "resourcemanager.organizations.get", "resourcemanager.projects.get", + "resourcemanager.projects.getIamPolicy", "resourcemanager.projects.list", + "secretmanager.locations.get", + "secretmanager.locations.list", + "secretmanager.secrets.get", + "secretmanager.secrets.getIamPolicy", + "secretmanager.secrets.list", + "secretmanager.versions.get", + "secretmanager.versions.list", "serviceusage.quotas.get", "serviceusage.services.get", "serviceusage.services.list", diff --git a/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json b/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json index ddbcdcd7de92..99b8870d745a 100644 --- a/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json +++ b/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json @@ -1,17 +1,17 @@ { "commonInstanceMetadata": { "items": [ + { + "key": "gke-ii-sandbox-bobymcbobs-oitq-1b36f519-secondary-ranges", + "value": "services:default:default:gke-ii-sandbox-bobymcbobs-oitq-services-1b36f519,pods:default:default:gke-ii-sandbox-bobymcbobs-oitq-pods-1b36f519" + }, { "key": "ssh-keys", - "value": "ii:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUdHD+LyG+4cFT4oa/gklZf6sba4hJsQAK1ue6J2M5pLPFzuaGXmBKaydDg8oq85lB/fFhpigWFD9crHzcM7OYcXZX03zZBehH+e9y5V++LZhAtHWb4a625Hr9VDxkWa8olQQHbrtKRuhDp6lsXNfpNGiO/HScesVuR2WN8ns/zvkKuEkojQsdMv/Gwm4qhyL8BAQXieFG7J+6NQjNxp49Yy5dqNvw55M7bcLZE83vubWnaqkG9LU58PkEvxqVKHhgXh85UsuQRSMz8j/bXojpKc6obtxjINZsYlrn3T98rQx7tbcPBxDXwzBDayoSr0Oa8gmkpMSwgfK8sYhoN0nPGmeWKYNZXVN/ePTmzUpqOe9Edfs1e7ckHHrlMAvNPiYS0dWke2s+03SxRlJxmgST4mv7aKOhNsay2bmdRaPQQJZ/v9mKVRhdoyfHE8AlwoNdsciZMdE1xaHDPEUtzCjALIamo/brH+hfpqLro5snJFY6HB2CKSunn4tZhAgiKt0= ii@bobymcbobs-humacs-0\nroot:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO5HnHUJBZrRrR8HWKfNjaVGhSe7/Jm8C+fo/xj1Cl8mIx4KEyix9PJbhxgLasXYJxgjH8XbnrVoT8Y3hfzxetOuQMb7XfSjaBkBM5N8aPkBe2GgljDXMapBvXK8o1A0VFxW1H5N9zy6Z1Y6KGon6rlExH6f4+9WfY0mG3pYN/CsMZhGOrFVU5j6fNndzUYDqIQ0F5n2b8KIzn9IrezQEoC7VwLdu1slZ1nuc0VQclYZkK3uYlZ3msB/vzqdaYPlkk/n0bDdJpQGoEyYWQr09AxXzT7/KVJFuIPIQYyfwwPx/kTr4lLwW9brWaXmO87A0eHSQLkFDnrvn0o48lY0HpsyFlW6eaOhulwrZZuSJS1U2GtWTo2pWKwmTmvHu6oBuZewrMGryEaDsEgNbhHYMmIDpgYYd1UIkfIpqrUjbTRB8nz6Nc2sWDom5DL8B75rqWH88QX48p4nLgQIjYkevDQfycWnkM31yjnrs27OLa/X96X7VaAg4bA1azBbAcL3s= caleb@atlaslt\ncaleb:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO5HnHUJBZrRrR8HWKfNjaVGhSe7/Jm8C+fo/xj1Cl8mIx4KEyix9PJbhxgLasXYJxgjH8XbnrVoT8Y3hfzxetOuQMb7XfSjaBkBM5N8aPkBe2GgljDXMapBvXK8o1A0VFxW1H5N9zy6Z1Y6KGon6rlExH6f4+9WfY0mG3pYN/CsMZhGOrFVU5j6fNndzUYDqIQ0F5n2b8KIzn9IrezQEoC7VwLdu1slZ1nuc0VQclYZkK3uYlZ3msB/vzqdaYPlkk/n0bDdJpQGoEyYWQr09AxXzT7/KVJFuIPIQYyfwwPx/kTr4lLwW9brWaXmO87A0eHSQLkFDnrvn0o48lY0HpsyFlW6eaOhulwrZZuSJS1U2GtWTo2pWKwmTmvHu6oBuZewrMGryEaDsEgNbhHYMmIDpgYYd1UIkfIpqrUjbTRB8nz6Nc2sWDom5DL8B75rqWH88QX48p4nLgQIjYkevDQfycWnkM31yjnrs27OLa/X96X7VaAg4bA1azBbAcL3s= caleb@atlaslt" + "value": "ii:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUdHD+LyG+4cFT4oa/gklZf6sba4hJsQAK1ue6J2M5pLPFzuaGXmBKaydDg8oq85lB/fFhpigWFD9crHzcM7OYcXZX03zZBehH+e9y5V++LZhAtHWb4a625Hr9VDxkWa8olQQHbrtKRuhDp6lsXNfpNGiO/HScesVuR2WN8ns/zvkKuEkojQsdMv/Gwm4qhyL8BAQXieFG7J+6NQjNxp49Yy5dqNvw55M7bcLZE83vubWnaqkG9LU58PkEvxqVKHhgXh85UsuQRSMz8j/bXojpKc6obtxjINZsYlrn3T98rQx7tbcPBxDXwzBDayoSr0Oa8gmkpMSwgfK8sYhoN0nPGmeWKYNZXVN/ePTmzUpqOe9Edfs1e7ckHHrlMAvNPiYS0dWke2s+03SxRlJxmgST4mv7aKOhNsay2bmdRaPQQJZ/v9mKVRhdoyfHE8AlwoNdsciZMdE1xaHDPEUtzCjALIamo/brH+hfpqLro5snJFY6HB2CKSunn4tZhAgiKt0= ii@bobymcbobs-humacs-0\nroot:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO5HnHUJBZrRrR8HWKfNjaVGhSe7/Jm8C+fo/xj1Cl8mIx4KEyix9PJbhxgLasXYJxgjH8XbnrVoT8Y3hfzxetOuQMb7XfSjaBkBM5N8aPkBe2GgljDXMapBvXK8o1A0VFxW1H5N9zy6Z1Y6KGon6rlExH6f4+9WfY0mG3pYN/CsMZhGOrFVU5j6fNndzUYDqIQ0F5n2b8KIzn9IrezQEoC7VwLdu1slZ1nuc0VQclYZkK3uYlZ3msB/vzqdaYPlkk/n0bDdJpQGoEyYWQr09AxXzT7/KVJFuIPIQYyfwwPx/kTr4lLwW9brWaXmO87A0eHSQLkFDnrvn0o48lY0HpsyFlW6eaOhulwrZZuSJS1U2GtWTo2pWKwmTmvHu6oBuZewrMGryEaDsEgNbhHYMmIDpgYYd1UIkfIpqrUjbTRB8nz6Nc2sWDom5DL8B75rqWH88QX48p4nLgQIjYkevDQfycWnkM31yjnrs27OLa/X96X7VaAg4bA1azBbAcL3s= caleb@atlaslt\ncaleb:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO5HnHUJBZrRrR8HWKfNjaVGhSe7/Jm8C+fo/xj1Cl8mIx4KEyix9PJbhxgLasXYJxgjH8XbnrVoT8Y3hfzxetOuQMb7XfSjaBkBM5N8aPkBe2GgljDXMapBvXK8o1A0VFxW1H5N9zy6Z1Y6KGon6rlExH6f4+9WfY0mG3pYN/CsMZhGOrFVU5j6fNndzUYDqIQ0F5n2b8KIzn9IrezQEoC7VwLdu1slZ1nuc0VQclYZkK3uYlZ3msB/vzqdaYPlkk/n0bDdJpQGoEyYWQr09AxXzT7/KVJFuIPIQYyfwwPx/kTr4lLwW9brWaXmO87A0eHSQLkFDnrvn0o48lY0HpsyFlW6eaOhulwrZZuSJS1U2GtWTo2pWKwmTmvHu6oBuZewrMGryEaDsEgNbhHYMmIDpgYYd1UIkfIpqrUjbTRB8nz6Nc2sWDom5DL8B75rqWH88QX48p4nLgQIjYkevDQfycWnkM31yjnrs27OLa/X96X7VaAg4bA1azBbAcL3s= caleb@atlaslt\nii:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUhS7BghZwYoLKSsQx7HBxeV9JaA8jIA/kQCrKR58wWbFW7o2qHSC5lD9eJuDH439ifzsG05OxOgsm3Q+Jrb+VTOY1MdGAIW7SV2/xqDjLWmS259qH5kSYaP8TBq2EZZ9mFmIdZPDA7Q5ezjNcyH/LqW0FxU7XqIzFsrZlhDTZ57KZgivRZZsyauwOOP8+nXNj4YGSeQfzpiZXIaTZpSqWOrgud2kIehkeraJTlkXIbLge2zqM0dGLHVEyVW3W8qFPbmZBTdVhH2Tkgz9NNeukgXPzBdhSzSCdA/pLZ28MYUGScaDkc6BhpXHJzBo5zTpyhDyeHoHPUUYyTmFPUc2d hh@p70" }, { "key": "sshKeys", "value": "\ngke-1b36f519e8e743f18546:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwmar7BaW0i91sjoISML1Uxq66HmOoI/8cmX4obuChdQY7hD0D+ZTY75CUPd2JuUZGZZXsiD34N/RXDatjCQRb7n3qepBwhM0DliO12758Tawev04nM8qWwZnSBjQFP2KMUwPdpGbZTKzLXZHBnYMWPqe3cEPKjVWRPZ92STnLcN0m5Zr8j7tsH1S++plT88/bz3UeirO/TyRRDDtRFCwv0fV13k0F/00JATLKOU2kj8tfDBoIgl01XSrK8hRn4x5SDQ6zk7IqoCWO3ibZSBLUq8SwphoY+Bb789Gib3k0uYpNSfwuC3QHOmLhB6axuzo3vio7yRwgUeYPpSuf9s7b gke-1b36f519e8e743f18546@gke-1b36f519e8e743f18546\ngke-1b36f519e8e743f18546:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pLKBuvJXkpJwEWdhBqDgaTK9wlEkAOj+A85kZADTH/gz7yllMFntnRwcakmTm9D/zfBlCLkZkoMoTxZTpUANOlfb7qoQY+ij0sbdKA1ST3Om4WRxu6dwPjMUyQkKRYIJc0hn9qQL9zJcfYVLHCvKihj1R5N7mDyWkmlpJ7TO6tMHIEXRT2sxuzvajKPVZpALl+EPasKQyEgetV6TUHQje+DfZ+Du1ET/iSZUPlOUI2ioRuwxtippHKJCNxpgC+PpsHouo+EWPna/so7H4ZvGPWxvtCqooafI1RBJb0rZq1DLBg1TTBcnJ44CqMDJpS4nY3fWyF7lNQcM3e0NFUDB gke-1b36f519e8e743f18546@gke-1b36f519e8e743f18546\ngke-1b36f519e8e743f18546:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNBBArKYbWXkuif/RcaE/eQRMpMN/+3xDbEoksxq3NpbJjrrHRNN1o4m3FNViLbKE516ekv63Hmy6bVVeE0vxHMwkzd5gO2emm5cF3qB3O92MWf2mfEjXYsSG7hxl21LPenElmTNHa9wm8kYBGZZvKDg+Mgo4TzTLwSTwzlfX9O8QhgsBnwy2PrOYohGlZ+XDSUDZ9FZKIMRmjh2ddvMyImNYOa6P7AiL1FO1/i1vnA/2C4zsfO9qhnFQz9B4nlHM9hIieDCPZrFNJOZvI77MAbJj7jW63eULCsEOE+dkYR8B+u1lDRjsyv9TJab6FSpLIsCCDVUPazH+uBaaeZIbx gke-1b36f519e8e743f18546@gke-1b36f519e8e743f18546" - }, - { - "key": "gke-ii-sandbox-bobymcbobs-oitq-1b36f519-secondary-ranges", - "value": "services:default:default:gke-ii-sandbox-bobymcbobs-oitq-services-1b36f519,pods:default:default:gke-ii-sandbox-bobymcbobs-oitq-pods-1b36f519" } ], "kind": "compute#metadata"