Skip to content

Commit

Permalink
Remove windos-img-promoter-cert secret
Browse files Browse the repository at this point in the history
The secret was manually added, and has been manually removed. This is
removing the supporting infra/gcp scripting.
  • Loading branch information
spiffxp committed Feb 11, 2021
1 parent 845c9ee commit 51e1663
Showing 1 changed file with 0 additions and 26 deletions.
26 changes: 0 additions & 26 deletions infra/gcp/ensure-staging-storage.sh
Original file line number Diff line number Diff line change
Expand Up @@ -115,10 +115,6 @@ RELEASE_STAGING_PROJECTS=(
releng
)

WINDOWS_REMOTE_DOCKER_PROJECTS=(
e2e-test-images
)

if [ $# = 0 ]; then
# default to all staging projects
set -- "${STAGING_PROJECTS[@]}"
Expand Down Expand Up @@ -260,28 +256,6 @@ for repo in "${RELEASE_STAGING_PROJECTS[@]}"; do
) 2>&1 | indent
done

# Special case: Empower GCB in k8s-staging-e2e-test-images to access secrets
# that were manually added to k8s-infra-prow-trusted
color 6 "Configuring special cases for GCB access to windows-img-promoter-cert secrets"
for repo in "${WINDOWS_REMOTE_DOCKER_PROJECTS[@]}"; do
(
PROJECT="k8s-staging-${repo}"
SECRET_PROJECT="k8s-infra-prow-build-trusted"
SECRET_GROUP="windows-img-promoter-cert"
for secret in $(gcloud secrets list \
--format="value(name)" \
--project="${SECRET_PROJECT}" \
--filter="labels.secret-group=${SECRET_GROUP}"); do
color 6 "Empowering ${PROJECT}'s GCB service account to access secret ${secret} in ${SECRET_PROJECT}"
gcloud secrets add-iam-policy-binding \
"${secret}" \
--project="${SECRET_PROJECT}" \
--member="serviceAccount:$(gcb_service_account_email "k8s-staging-e2e-test-images")" \
--role="roles/secretmanager.secretAccessor"
done
) 2>&1 | indent
done

# Special case: In order for ci-kubernetes-build to run on k8s-infra-prow-build,
# it needs write access to gcr.io/k8s-staging-ci-images. For now,
# we will grant the prow-build service account write access. Longer
Expand Down

0 comments on commit 51e1663

Please sign in to comment.