From 828947569b96189b798e9ed696de5fbb6c4e85dd Mon Sep 17 00:00:00 2001 From: CNCF CI Bot Date: Mon, 12 Jul 2021 05:33:59 +0000 Subject: [PATCH] audit: update as of 2021-07-12 --- .../projects/k8s-artifacts-prod/services/logging/logs.json | 1 - audit/projects/k8s-cip-test-prod/services/logging/logs.json | 1 - audit/projects/k8s-release/buckets/k8s-release/iam.json | 6 ++++-- audit/projects/k8s-release/buckets/k8s-release/metadata.txt | 4 ++-- audit/projects/k8s-release/iam.json | 6 ++++++ audit/projects/k8s-release/services/logging/logs.json | 4 +++- .../k8s-staging-cluster-api-gcp/services/logging/logs.json | 3 +-- .../kubernetes-public/services/container/clusters/aaa.json | 6 +++--- 8 files changed, 19 insertions(+), 12 deletions(-) diff --git a/audit/projects/k8s-artifacts-prod/services/logging/logs.json b/audit/projects/k8s-artifacts-prod/services/logging/logs.json index 66786c120769..b2f323a69596 100644 --- a/audit/projects/k8s-artifacts-prod/services/logging/logs.json +++ b/audit/projects/k8s-artifacts-prod/services/logging/logs.json @@ -1,6 +1,5 @@ [ "projects/k8s-artifacts-prod/logs/cip-audit-log", - "projects/k8s-artifacts-prod/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-artifacts-prod/logs/cloudaudit.googleapis.com%2Fsystem_event", "projects/k8s-artifacts-prod/logs/requests", "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Frequests", diff --git a/audit/projects/k8s-cip-test-prod/services/logging/logs.json b/audit/projects/k8s-cip-test-prod/services/logging/logs.json index a20d3d66efce..d67ffd5d4f57 100644 --- a/audit/projects/k8s-cip-test-prod/services/logging/logs.json +++ b/audit/projects/k8s-cip-test-prod/services/logging/logs.json @@ -1,4 +1,3 @@ [ - "projects/k8s-cip-test-prod/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-cip-test-prod/logs/cloudaudit.googleapis.com%2Fsystem_event" ] diff --git a/audit/projects/k8s-release/buckets/k8s-release/iam.json b/audit/projects/k8s-release/buckets/k8s-release/iam.json index c29862cf2b96..c59d5ac59b54 100644 --- a/audit/projects/k8s-release/buckets/k8s-release/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release/iam.json @@ -10,7 +10,8 @@ }, { "members": [ - "projectViewer:k8s-release" + "projectViewer:k8s-release", + "serviceAccount:project-304687256732@storage-transfer-service.iam.gserviceaccount.com" ], "role": "roles/storage.legacyBucketReader" }, @@ -25,7 +26,8 @@ "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", "group:k8s-infra-release-admins@kubernetes.io", - "group:k8s-infra-release-editors@kubernetes.io" + "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:project-304687256732@storage-transfer-service.iam.gserviceaccount.com" ], "role": "roles/storage.objectAdmin" }, diff --git a/audit/projects/k8s-release/buckets/k8s-release/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release/metadata.txt index 9e900145e668..95c67afdc053 100644 --- a/audit/projects/k8s-release/buckets/k8s-release/metadata.txt +++ b/audit/projects/k8s-release/buckets/k8s-release/metadata.txt @@ -11,8 +11,8 @@ gs://k8s-release/ : Labels: None Default KMS key: None Time created: Fri, 07 Aug 2020 20:50:17 GMT - Time updated: Fri, 07 Aug 2020 20:50:37 GMT - Metageneration: 9 + Time updated: Fri, 09 Jul 2021 20:06:14 GMT + Metageneration: 10 Bucket Policy Only enabled: True ACL: [] Default ACL: [] diff --git a/audit/projects/k8s-release/iam.json b/audit/projects/k8s-release/iam.json index a5017c1e7b54..c2d1b0791720 100644 --- a/audit/projects/k8s-release/iam.json +++ b/audit/projects/k8s-release/iam.json @@ -50,6 +50,12 @@ ], "role": "roles/editor" }, + { + "members": [ + "serviceAccount:cloud-ingest-dcp@cloud-ingest-prod.iam.gserviceaccount.com" + ], + "role": "roles/pubsub.editor" + }, { "members": [ "group:k8s-infra-release-admins@kubernetes.io", diff --git a/audit/projects/k8s-release/services/logging/logs.json b/audit/projects/k8s-release/services/logging/logs.json index fe51488c7066..437f6d9437fe 100644 --- a/audit/projects/k8s-release/services/logging/logs.json +++ b/audit/projects/k8s-release/services/logging/logs.json @@ -1 +1,3 @@ -[] +[ + "projects/k8s-release/logs/cloudaudit.googleapis.com%2Factivity" +] diff --git a/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json b/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json index 24fdf5d8823e..cb825c8f1a07 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json @@ -2,6 +2,5 @@ "projects/k8s-staging-cluster-api-gcp/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-staging-cluster-api-gcp/logs/cloudaudit.googleapis.com%2Fdata_access", "projects/k8s-staging-cluster-api-gcp/logs/cloudaudit.googleapis.com%2Fsystem_event", - "projects/k8s-staging-cluster-api-gcp/logs/cloudbuild", - "projects/k8s-staging-cluster-api-gcp/logs/compute.googleapis.com%2Fshielded_vm_integrity" + "projects/k8s-staging-cluster-api-gcp/logs/cloudbuild" ] diff --git a/audit/projects/kubernetes-public/services/container/clusters/aaa.json b/audit/projects/kubernetes-public/services/container/clusters/aaa.json index e95b354b57c2..48a658f70061 100644 --- a/audit/projects/kubernetes-public/services/container/clusters/aaa.json +++ b/audit/projects/kubernetes-public/services/container/clusters/aaa.json @@ -37,7 +37,7 @@ "clusterIpv4Cidr": "10.40.0.0/14", "createTime": "2019-09-18T23:39:24+00:00", "currentMasterVersion": "1.19.9-gke.1900", - "currentNodeVersion": "1.18.17-gke.1901 *", + "currentNodeVersion": "1.19.9-gke.1900", "databaseEncryption": { "state": "DECRYPTED" }, @@ -168,7 +168,7 @@ "upgradeSettings": { "maxSurge": 1 }, - "version": "1.18.17-gke.1901" + "version": "1.19.9-gke.1900" }, { "autoscaling": { @@ -219,7 +219,7 @@ "upgradeSettings": { "maxSurge": 1 }, - "version": "1.18.17-gke.1901" + "version": "1.19.9-gke.1900" } ], "releaseChannel": {