Skip to content

Commit

Permalink
audit: update as of 2021-07-31
Browse files Browse the repository at this point in the history
  • Loading branch information
Kubernetes Prow Robot committed Jul 31, 2021
1 parent 4564a75 commit 4a17e0c
Show file tree
Hide file tree
Showing 19 changed files with 72 additions and 8 deletions.
3 changes: 2 additions & 1 deletion audit/projects/k8s-artifacts-prod/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
"projects/k8s-artifacts-prod/logs/clouderrorreporting.googleapis.com%2Finsights",
"projects/k8s-artifacts-prod/logs/requests",
"projects/k8s-artifacts-prod/logs/run.googleapis.com%2Frequests",
"projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fstderr"
"projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fstderr",
"projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fvarlog%2Fsystem"
]
1 change: 1 addition & 0 deletions audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
[
"projects/k8s-gcr-audit-test-prod/logs/cip-audit-log",
"projects/k8s-gcr-audit-test-prod/logs/cloudaudit.googleapis.com%2Factivity",
"projects/k8s-gcr-audit-test-prod/logs/cloudaudit.googleapis.com%2Fsystem_event",
"projects/k8s-gcr-audit-test-prod/logs/clouderrorreporting.googleapis.com%2Finsights",
Expand Down
1 change: 1 addition & 0 deletions audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"projects/k8s-infra-prow-build-trusted/logs/OSConfigAgent",
"projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Factivity",
"projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Fsystem_event",
"projects/k8s-infra-prow-build-trusted/logs/clouderrorreporting.googleapis.com%2Finsights",
"projects/k8s-infra-prow-build-trusted/logs/compute.googleapis.com%2Fshielded_vm_integrity",
"projects/k8s-infra-prow-build-trusted/logs/container-runtime",
"projects/k8s-infra-prow-build-trusted/logs/container.googleapis.com%2Fcluster-autoscaler-visibility",
Expand Down
12 changes: 12 additions & 0 deletions audit/projects/k8s-infra-public-pii/iam.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
{
"bindings": [
{
"members": [
"serviceAccount:[email protected]"
],
"role": "roles/bigquery.dataEditor"
},
{
"members": [
"serviceAccount:service-226195303281@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com"
],
"role": "roles/bigquerydatatransfer.serviceAgent"
},
{
"members": [
"user:[email protected]"
Expand Down
8 changes: 8 additions & 0 deletions ...e-accounts/[email protected]/description.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"description": "Service Acccount BigQuery Data Transfer",
"email": "[email protected]",
"name": "projects/k8s-infra-public-pii/serviceAccounts/[email protected]",
"oauth2ClientId": "105765836197633619709",
"projectId": "k8s-infra-public-pii",
"uniqueId": "105765836197633619709"
}
1 change: 1 addition & 0 deletions ...i/service-accounts/[email protected]/iam.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
4 changes: 4 additions & 0 deletions ...ra-public-pii/services/bigquery/bigquery.datasets.k8s_infra_artifacts_gcslogs.access.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
"role": "WRITER",
"specialGroup": "projectWriters"
},
{
"role": "WRITER",
"userByEmail": "service-226195303281@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com"
},
{
"role": "OWNER",
"specialGroup": "projectOwners"
Expand Down
1 change: 1 addition & 0 deletions audit/projects/k8s-infra-public-pii/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
[
"projects/k8s-infra-public-pii/logs/bigquerydatatransfer.googleapis.com%2Ftransfer_config",
"projects/k8s-infra-public-pii/logs/cloudaudit.googleapis.com%2Factivity",
"projects/k8s-infra-public-pii/logs/cloudaudit.googleapis.com%2Fdata_access"
]
3 changes: 2 additions & 1 deletion audit/projects/k8s-staging-boskos/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[
"projects/k8s-staging-boskos/logs/cloudaudit.googleapis.com%2Factivity"
"projects/k8s-staging-boskos/logs/cloudaudit.googleapis.com%2Factivity",
"projects/k8s-staging-boskos/logs/cloudbuild"
]
3 changes: 2 additions & 1 deletion audit/projects/k8s-staging-capi-kubeadm/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[
"projects/k8s-staging-capi-kubeadm/logs/cloudaudit.googleapis.com%2Factivity"
"projects/k8s-staging-capi-kubeadm/logs/cloudaudit.googleapis.com%2Factivity",
"projects/k8s-staging-capi-kubeadm/logs/cloudbuild"
]
1 change: 0 additions & 1 deletion audit/projects/k8s-staging-prometheus-adapter/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
[
"projects/k8s-staging-prometheus-adapter/logs/cloudaudit.googleapis.com%2Factivity",
"projects/k8s-staging-prometheus-adapter/logs/cloudaudit.googleapis.com%2Fsystem_event",
"projects/k8s-staging-prometheus-adapter/logs/cloudbuild"
]
2 changes: 1 addition & 1 deletion audit/projects/kubernetes-public/iam.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
},
{
"members": [
"serviceAccount:[email protected]"
"deleted:serviceAccount:[email protected]?uid=116904371009860244686"
],
"role": "roles/cloudfunctions.serviceAgent"
},
Expand Down
7 changes: 7 additions & 0 deletions ...cts/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/description.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"createTime": "2021-07-28T16:51:19.454161Z",
"name": "projects/127754664067/secrets/k8s-infra-ci-robot-github-account-password",
"replication": {
"automatic": {}
}
}
11 changes: 11 additions & 0 deletions audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/iam.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"bindings": [
{
"members": [
"group:[email protected]"
],
"role": "roles/secretmanager.admin"
}
],
"version": 1
}
11 changes: 11 additions & 0 deletions ...ojects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/versions.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[
{
"createTime": "2021-07-28T16:51:21.137022Z",
"etag": "\"15c831cbc42b7e\"",
"name": "projects/127754664067/secrets/k8s-infra-ci-robot-github-account-password/versions/1",
"replicationStatus": {
"automatic": {}
},
"state": "ENABLED"
}
]
6 changes: 6 additions & 0 deletions audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@
"group:[email protected]"
],
"role": "roles/secretmanager.admin"
},
{
"members": [
"serviceAccount:kubernetes-external-secrets@k8s-infra-prow-build-trusted.iam.gserviceaccount.com"
],
"role": "roles/secretmanager.secretAccessor"
}
],
"version": 1
Expand Down
1 change: 1 addition & 0 deletions audit/projects/kubernetes-public/services/container/clusters/aaa.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
],
"serviceAccount": "default"
},
"autoscalingProfile": "BALANCED",
"enableNodeAutoprovisioning": true,
"resourceLimits": [
{
Expand Down
3 changes: 0 additions & 3 deletions audit/projects/kubernetes-public/services/enabled.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ NAME TITLE
bigquery.googleapis.com BigQuery API
bigquerystorage.googleapis.com BigQuery Storage API
cloudasset.googleapis.com Cloud Asset API
clouderrorreporting.googleapis.com Error Reporting API
cloudfunctions.googleapis.com Cloud Functions API
cloudresourcemanager.googleapis.com Cloud Resource Manager API
cloudshell.googleapis.com Cloud Shell API
compute.googleapis.com Compute Engine API
Expand All @@ -18,7 +16,6 @@ oslogin.googleapis.com Cloud OS Login API
pubsub.googleapis.com Cloud Pub/Sub API
secretmanager.googleapis.com Secret Manager API
serviceusage.googleapis.com Service Usage API
source.googleapis.com Legacy Cloud Source Repositories API
stackdriver.googleapis.com Stackdriver API
storage-api.googleapis.com Google Cloud Storage JSON API
storage-component.googleapis.com Cloud Storage
1 change: 1 addition & 0 deletions audit/projects/kubernetes-public/services/logging/logs.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
"projects/kubernetes-public/logs/kubelet-monitor",
"projects/kubernetes-public/logs/monitoring.googleapis.com%2FViolationAutoResolveEventv1",
"projects/kubernetes-public/logs/monitoring.googleapis.com%2FViolationOpenEventv1",
"projects/kubernetes-public/logs/monitoring.googleapis.com%2Fuptime_checks",
"projects/kubernetes-public/logs/node-problem-detector",
"projects/kubernetes-public/logs/requests",
"projects/kubernetes-public/logs/serialconsole.googleapis.com%2Fserial_port_1_output",
Expand Down

0 comments on commit 4a17e0c

Please sign in to comment.