Merge pull request #2446 from k8s-infra-ci-robot/autoaudit-prow

audit: update as of 2021-08-03

audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.riaan_data_store.access.json

@@ -14,5 +14,9 @@
   {
     "role": "READER",
     "specialGroup": "projectReaders"
+  },
+  {
+    "role": "READER",
+    "userByEmail": "[email protected]"
   }
 ]

audit/projects/k8s-infra-prow-build-trusted/iam.json

@@ -12,6 +12,12 @@
       ],
       "role": "organizations/758905017065/roles/iam.serviceAccountLister"
     },
+    {
+      "members": [
+        "serviceAccount:[email protected]"
+      ],
+      "role": "roles/bigquery.user"
+    },
     {
       "members": [
         "serviceAccount:[email protected]"

audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json

@@ -14,9 +14,7 @@
     "enabled": true,
     "securityGroup": "[email protected]"
   },
-  "autoscaling": {
-    "autoscalingProfile": "BALANCED"
-  },
+  "autoscaling": {},
   "binaryAuthorization": {},
   "clusterIpv4Cidr": "10.4.0.0/14",
   "createTime": "2020-04-30T23:44:46+00:00",

audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json

@@ -1,6 +1,7 @@
 [
   "projects/k8s-infra-prow-build-trusted/logs/OSConfigAgent",
   "projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Factivity",
+  "projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Fdata_access",
   "projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Fsystem_event",
   "projects/k8s-infra-prow-build-trusted/logs/clouderrorreporting.googleapis.com%2Finsights",
   "projects/k8s-infra-prow-build-trusted/logs/compute.googleapis.com%2Fshielded_vm_integrity",

audit/projects/k8s-infra-prow-build/services/container/clusters/prow-build.json

@@ -225,7 +225,7 @@
       "upgradeSettings": {
         "maxSurge": 1
       },
-      "version": "1.19.9-gke.1900"
+      "version": "1.20.8-gke.900"
     }
   ],
   "releaseChannel": {

audit/projects/k8s-infra-prow-build/services/logging/logs.json

@@ -1,5 +1,6 @@
 [
   "projects/k8s-infra-prow-build/logs/GCEGuestAgent",
+  "projects/k8s-infra-prow-build/logs/OSConfigAgent",
   "projects/k8s-infra-prow-build/logs/cloudaudit.googleapis.com%2Factivity",
   "projects/k8s-infra-prow-build/logs/cloudaudit.googleapis.com%2Fdata_access",
   "projects/k8s-infra-prow-build/logs/cloudaudit.googleapis.com%2Fsystem_event",

audit/projects/kubernetes-public/buckets/k8s-infra-scalability-tests-logs/lifecycle.json

@@ -0,0 +1 @@
+{"rule": [{"action": {"type": "Delete"}, "condition": {"age": 90}}]}

audit/projects/kubernetes-public/buckets/k8s-infra-scalability-tests-logs/metadata.txt

@@ -6,13 +6,13 @@ gs://k8s-infra-scalability-tests-logs/ :
 	Logging configuration:		None
 	Website configuration:		None
 	CORS configuration: 		None
-	Lifecycle configuration:	None
+	Lifecycle configuration:	Present
 	Requester Pays enabled:		None
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Thu, 17 Jun 2021 20:05:52 GMT
-	Time updated:			Thu, 17 Jun 2021 20:05:53 GMT
-	Metageneration:			2
+	Time updated:			Tue, 03 Aug 2021 18:54:17 GMT
+	Metageneration:			3
 	Bucket Policy Only enabled:	True
 	ACL:				[]
 	Default ACL:			[]

audit/projects/kubernetes-public/buckets/k8s-metrics/iam.json

@@ -0,0 +1,41 @@
+{
+  "bindings": [
+    {
+      "members": [
+        "group:[email protected]",
+        "group:[email protected]",
+        "projectEditor:kubernetes-public",
+        "projectOwner:kubernetes-public"
+      ],
+      "role": "roles/storage.legacyBucketOwner"
+    },
+    {
+      "members": [
+        "projectViewer:kubernetes-public"
+      ],
+      "role": "roles/storage.legacyBucketReader"
+    },
+    {
+      "members": [
+        "serviceAccount:[email protected]",
+        "serviceAccount:[email protected]"
+      ],
+      "role": "roles/storage.legacyBucketWriter"
+    },
+    {
+      "members": [
+        "group:[email protected]",
+        "group:[email protected]",
+        "serviceAccount:[email protected]",
+        "serviceAccount:[email protected]"
+      ],
+      "role": "roles/storage.objectAdmin"
+    },
+    {
+      "members": [
+        "allUsers"
+      ],
+      "role": "roles/storage.objectViewer"
+    }
+  ]
+}

audit/projects/kubernetes-public/buckets/k8s-metrics/lifecycle.json

@@ -0,0 +1 @@
+{"rule": [{"action": {"type": "Delete"}, "condition": {"age": 365}}]}

audit/projects/kubernetes-public/buckets/k8s-metrics/metadata.txt

@@ -0,0 +1,18 @@
+gs://k8s-metrics/ :
+	Storage class:			STANDARD
+	Location type:			multi-region
+	Location constraint:		US
+	Versioning enabled:		None
+	Logging configuration:		None
+	Website configuration:		None
+	CORS configuration: 		None
+	Lifecycle configuration:	Present
+	Requester Pays enabled:		None
+	Labels:				None
+	Default KMS key:		None
+	Time created:			Tue, 03 Aug 2021 17:30:17 GMT
+	Time updated:			Tue, 03 Aug 2021 17:31:03 GMT
+	Metageneration:			12
+	Bucket Policy Only enabled:	True
+	ACL:				[]
+	Default ACL:			[]

audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/versions.json

@@ -1,11 +1,20 @@
 [
+  {
+    "createTime": "2021-08-03T15:53:57.204242Z",
+    "etag": "\"15c8a9b18a2d12\"",
+    "name": "projects/127754664067/secrets/k8s-infra-ci-robot-github-token/versions/2",
+    "replicationStatus": {
+      "automatic": {}
+    },
+    "state": "ENABLED"
+  },
   {
     "createTime": "2021-06-15T21:10:17.454396Z",
-    "etag": "\"15c4d466a06f3c\"",
+    "etag": "\"15c8a9b398bcc0\"",
     "name": "projects/127754664067/secrets/k8s-infra-ci-robot-github-token/versions/1",
     "replicationStatus": {
       "automatic": {}
     },
-    "state": "ENABLED"
+    "state": "DISABLED"
   }
 ]