From 8b11e977cb7185e3a117581b32af06d36658c4cf Mon Sep 17 00:00:00 2001 From: Kubernetes Prow Robot Date: Mon, 2 Aug 2021 09:13:20 +0000 Subject: [PATCH] audit: update as of 2021-08-02 --- .../k8s-artifacts-prod/services/logging/logs.json | 3 ++- .../services/logging/logs.json | 1 + .../container/clusters/prow-build-trusted.json | 4 ++-- .../services/logging/logs.json | 2 ++ .../services/container/clusters/prow-build.json | 4 ++-- audit/projects/k8s-infra-public-pii/iam.json | 12 ++++++++++++ .../description.json | 8 ++++++++ .../iam.json | 1 + ....datasets.k8s_infra_artifacts_gcslogs.access.json | 4 ++++ .../k8s-infra-public-pii/services/logging/logs.json | 1 + .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-bootkube/services/logging/logs.json | 4 +--- .../k8s-staging-boskos/services/logging/logs.json | 3 ++- .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 3 ++- .../services/logging/logs.json | 4 +--- .../k8s-staging-ci-images/services/logging/logs.json | 4 +--- .../k8s-staging-cip-test/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 5 +---- .../k8s-staging-coredns/services/logging/logs.json | 4 +--- .../k8s-staging-cpa/services/logging/logs.json | 4 +--- .../k8s-staging-cri-tools/services/logging/logs.json | 4 +--- .../k8s-staging-csi/services/logging/logs.json | 4 +--- .../k8s-staging-etcd/services/logging/logs.json | 4 +--- .../k8s-staging-examples/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-git-sync/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-kubeadm/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-mirror/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-npd/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 1 - .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-sig-docs/services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../services/logging/logs.json | 4 +--- .../k8s-staging-txtdirect/services/logging/logs.json | 4 +--- audit/projects/kubernetes-public/iam.json | 2 +- .../description.json | 7 +++++++ .../iam.json | 11 +++++++++++ .../versions.json | 11 +++++++++++ .../secrets/k8s-infra-ci-robot-github-token/iam.json | 6 ++++++ .../services/container/clusters/aaa.json | 4 ++-- .../projects/kubernetes-public/services/enabled.txt | 3 --- .../kubernetes-public/services/logging/logs.json | 1 + 53 files changed, 110 insertions(+), 111 deletions(-) create mode 100644 audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/description.json create mode 100644 audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/iam.json create mode 100644 audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/description.json create mode 100644 audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/iam.json create mode 100644 audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/versions.json diff --git a/audit/projects/k8s-artifacts-prod/services/logging/logs.json b/audit/projects/k8s-artifacts-prod/services/logging/logs.json index 96ee568d4dd7..cff8777dc05b 100644 --- a/audit/projects/k8s-artifacts-prod/services/logging/logs.json +++ b/audit/projects/k8s-artifacts-prod/services/logging/logs.json @@ -5,5 +5,6 @@ "projects/k8s-artifacts-prod/logs/clouderrorreporting.googleapis.com%2Finsights", "projects/k8s-artifacts-prod/logs/requests", "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Frequests", - "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fstderr" + "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fstderr", + "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fvarlog%2Fsystem" ] diff --git a/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json b/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json index 4eb17f2f1a14..c2223d429520 100644 --- a/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json +++ b/audit/projects/k8s-gcr-audit-test-prod/services/logging/logs.json @@ -1,4 +1,5 @@ [ + "projects/k8s-gcr-audit-test-prod/logs/cip-audit-log", "projects/k8s-gcr-audit-test-prod/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-gcr-audit-test-prod/logs/cloudaudit.googleapis.com%2Fsystem_event", "projects/k8s-gcr-audit-test-prod/logs/clouderrorreporting.googleapis.com%2Finsights", diff --git a/audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json b/audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json index 5cf0f3f8feaf..bb3439603c79 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json +++ b/audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json @@ -18,8 +18,8 @@ "binaryAuthorization": {}, "clusterIpv4Cidr": "10.4.0.0/14", "createTime": "2020-04-30T23:44:46+00:00", - "currentMasterVersion": "1.19.9-gke.1900", - "currentNodeVersion": "1.19.9-gke.1900", + "currentMasterVersion": "1.20.8-gke.900", + "currentNodeVersion": "1.19.9-gke.1900 *", "databaseEncryption": { "state": "DECRYPTED" }, diff --git a/audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json b/audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json index 0bece4baa1c3..4777fd09c8d4 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json +++ b/audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json @@ -2,9 +2,11 @@ "projects/k8s-infra-prow-build-trusted/logs/OSConfigAgent", "projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-infra-prow-build-trusted/logs/cloudaudit.googleapis.com%2Fsystem_event", + "projects/k8s-infra-prow-build-trusted/logs/clouderrorreporting.googleapis.com%2Finsights", "projects/k8s-infra-prow-build-trusted/logs/compute.googleapis.com%2Fshielded_vm_integrity", "projects/k8s-infra-prow-build-trusted/logs/container-runtime", "projects/k8s-infra-prow-build-trusted/logs/container.googleapis.com%2Fcluster-autoscaler-visibility", + "projects/k8s-infra-prow-build-trusted/logs/docker", "projects/k8s-infra-prow-build-trusted/logs/events", "projects/k8s-infra-prow-build-trusted/logs/kube-proxy", "projects/k8s-infra-prow-build-trusted/logs/kubelet", diff --git a/audit/projects/k8s-infra-prow-build/services/container/clusters/prow-build.json b/audit/projects/k8s-infra-prow-build/services/container/clusters/prow-build.json index c662071b0d59..6b49d9e1c41e 100644 --- a/audit/projects/k8s-infra-prow-build/services/container/clusters/prow-build.json +++ b/audit/projects/k8s-infra-prow-build/services/container/clusters/prow-build.json @@ -18,8 +18,8 @@ "binaryAuthorization": {}, "clusterIpv4Cidr": "10.32.0.0/14", "createTime": "2020-04-30T21:31:49+00:00", - "currentMasterVersion": "1.19.9-gke.1900", - "currentNodeVersion": "1.19.9-gke.1900", + "currentMasterVersion": "1.20.8-gke.900", + "currentNodeVersion": "1.19.9-gke.1900 *", "databaseEncryption": { "state": "DECRYPTED" }, diff --git a/audit/projects/k8s-infra-public-pii/iam.json b/audit/projects/k8s-infra-public-pii/iam.json index d801b21c749a..18a6b600739f 100644 --- a/audit/projects/k8s-infra-public-pii/iam.json +++ b/audit/projects/k8s-infra-public-pii/iam.json @@ -1,5 +1,17 @@ { "bindings": [ + { + "members": [ + "serviceAccount:bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com" + ], + "role": "roles/bigquery.dataEditor" + }, + { + "members": [ + "serviceAccount:service-226195303281@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com" + ], + "role": "roles/bigquerydatatransfer.serviceAgent" + }, { "members": [ "user:ameukam@gmail.com" diff --git a/audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/description.json b/audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/description.json new file mode 100644 index 000000000000..314163b5c1d3 --- /dev/null +++ b/audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/description.json @@ -0,0 +1,8 @@ +{ + "description": "Service Acccount BigQuery Data Transfer", + "email": "bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com", + "name": "projects/k8s-infra-public-pii/serviceAccounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com", + "oauth2ClientId": "105765836197633619709", + "projectId": "k8s-infra-public-pii", + "uniqueId": "105765836197633619709" +} diff --git a/audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/iam.json b/audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/iam.json new file mode 100644 index 000000000000..0967ef424bce --- /dev/null +++ b/audit/projects/k8s-infra-public-pii/service-accounts/bq-data-transfer@k8s-infra-public-pii.iam.gserviceaccount.com/iam.json @@ -0,0 +1 @@ +{} diff --git a/audit/projects/k8s-infra-public-pii/services/bigquery/bigquery.datasets.k8s_infra_artifacts_gcslogs.access.json b/audit/projects/k8s-infra-public-pii/services/bigquery/bigquery.datasets.k8s_infra_artifacts_gcslogs.access.json index e917e3bce50b..c86a80910854 100644 --- a/audit/projects/k8s-infra-public-pii/services/bigquery/bigquery.datasets.k8s_infra_artifacts_gcslogs.access.json +++ b/audit/projects/k8s-infra-public-pii/services/bigquery/bigquery.datasets.k8s_infra_artifacts_gcslogs.access.json @@ -3,6 +3,10 @@ "role": "WRITER", "specialGroup": "projectWriters" }, + { + "role": "WRITER", + "userByEmail": "service-226195303281@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com" + }, { "role": "OWNER", "specialGroup": "projectOwners" diff --git a/audit/projects/k8s-infra-public-pii/services/logging/logs.json b/audit/projects/k8s-infra-public-pii/services/logging/logs.json index acfd4bcf1d46..f7115baf11b7 100644 --- a/audit/projects/k8s-infra-public-pii/services/logging/logs.json +++ b/audit/projects/k8s-infra-public-pii/services/logging/logs.json @@ -1,4 +1,5 @@ [ + "projects/k8s-infra-public-pii/logs/bigquerydatatransfer.googleapis.com%2Ftransfer_config", "projects/k8s-infra-public-pii/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-infra-public-pii/logs/cloudaudit.googleapis.com%2Fdata_access" ] diff --git a/audit/projects/k8s-staging-addon-manager/services/logging/logs.json b/audit/projects/k8s-staging-addon-manager/services/logging/logs.json index d026438ef439..fe51488c7066 100644 --- a/audit/projects/k8s-staging-addon-manager/services/logging/logs.json +++ b/audit/projects/k8s-staging-addon-manager/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-addon-manager/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-autoscaling/services/logging/logs.json b/audit/projects/k8s-staging-autoscaling/services/logging/logs.json index ca4f840a79a2..fe51488c7066 100644 --- a/audit/projects/k8s-staging-autoscaling/services/logging/logs.json +++ b/audit/projects/k8s-staging-autoscaling/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-autoscaling/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-bootkube/services/logging/logs.json b/audit/projects/k8s-staging-bootkube/services/logging/logs.json index 19f6afea95d4..fe51488c7066 100644 --- a/audit/projects/k8s-staging-bootkube/services/logging/logs.json +++ b/audit/projects/k8s-staging-bootkube/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-bootkube/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-boskos/services/logging/logs.json b/audit/projects/k8s-staging-boskos/services/logging/logs.json index 359024d99974..81dd40722fd4 100644 --- a/audit/projects/k8s-staging-boskos/services/logging/logs.json +++ b/audit/projects/k8s-staging-boskos/services/logging/logs.json @@ -1,3 +1,4 @@ [ - "projects/k8s-staging-boskos/logs/cloudaudit.googleapis.com%2Factivity" + "projects/k8s-staging-boskos/logs/cloudaudit.googleapis.com%2Factivity", + "projects/k8s-staging-boskos/logs/cloudbuild" ] diff --git a/audit/projects/k8s-staging-capi-docker/services/logging/logs.json b/audit/projects/k8s-staging-capi-docker/services/logging/logs.json index f51499df7b6b..fe51488c7066 100644 --- a/audit/projects/k8s-staging-capi-docker/services/logging/logs.json +++ b/audit/projects/k8s-staging-capi-docker/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-capi-docker/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-capi-kubeadm/services/logging/logs.json b/audit/projects/k8s-staging-capi-kubeadm/services/logging/logs.json index 9b29dcbcefd3..362f246edbdb 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/services/logging/logs.json +++ b/audit/projects/k8s-staging-capi-kubeadm/services/logging/logs.json @@ -1,3 +1,4 @@ [ - "projects/k8s-staging-capi-kubeadm/logs/cloudaudit.googleapis.com%2Factivity" + "projects/k8s-staging-capi-kubeadm/logs/cloudaudit.googleapis.com%2Factivity", + "projects/k8s-staging-capi-kubeadm/logs/cloudbuild" ] diff --git a/audit/projects/k8s-staging-capi-vsphere/services/logging/logs.json b/audit/projects/k8s-staging-capi-vsphere/services/logging/logs.json index 9a2b2cc834a6..fe51488c7066 100644 --- a/audit/projects/k8s-staging-capi-vsphere/services/logging/logs.json +++ b/audit/projects/k8s-staging-capi-vsphere/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-capi-vsphere/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-ci-images/services/logging/logs.json b/audit/projects/k8s-staging-ci-images/services/logging/logs.json index 614bf5a85d70..fe51488c7066 100644 --- a/audit/projects/k8s-staging-ci-images/services/logging/logs.json +++ b/audit/projects/k8s-staging-ci-images/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-ci-images/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-cip-test/services/logging/logs.json b/audit/projects/k8s-staging-cip-test/services/logging/logs.json index fa7bc7ba8dcd..fe51488c7066 100644 --- a/audit/projects/k8s-staging-cip-test/services/logging/logs.json +++ b/audit/projects/k8s-staging-cip-test/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-cip-test/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-cluster-addons/services/logging/logs.json b/audit/projects/k8s-staging-cluster-addons/services/logging/logs.json index 0c735574ed9c..fe51488c7066 100644 --- a/audit/projects/k8s-staging-cluster-addons/services/logging/logs.json +++ b/audit/projects/k8s-staging-cluster-addons/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-cluster-addons/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-cluster-api-do/services/logging/logs.json b/audit/projects/k8s-staging-cluster-api-do/services/logging/logs.json index b94abc525eb6..fe51488c7066 100644 --- a/audit/projects/k8s-staging-cluster-api-do/services/logging/logs.json +++ b/audit/projects/k8s-staging-cluster-api-do/services/logging/logs.json @@ -1,4 +1 @@ -[ - "projects/k8s-staging-cluster-api-do/logs/cloudaudit.googleapis.com%2Factivity", - "projects/k8s-staging-cluster-api-do/logs/cloudbuild" -] +[] diff --git a/audit/projects/k8s-staging-coredns/services/logging/logs.json b/audit/projects/k8s-staging-coredns/services/logging/logs.json index b41fe02275fe..fe51488c7066 100644 --- a/audit/projects/k8s-staging-coredns/services/logging/logs.json +++ b/audit/projects/k8s-staging-coredns/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-coredns/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-cpa/services/logging/logs.json b/audit/projects/k8s-staging-cpa/services/logging/logs.json index 014708499f9c..fe51488c7066 100644 --- a/audit/projects/k8s-staging-cpa/services/logging/logs.json +++ b/audit/projects/k8s-staging-cpa/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-cpa/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-cri-tools/services/logging/logs.json b/audit/projects/k8s-staging-cri-tools/services/logging/logs.json index 0c4682bc425d..fe51488c7066 100644 --- a/audit/projects/k8s-staging-cri-tools/services/logging/logs.json +++ b/audit/projects/k8s-staging-cri-tools/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-cri-tools/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-csi/services/logging/logs.json b/audit/projects/k8s-staging-csi/services/logging/logs.json index a149df6ae294..fe51488c7066 100644 --- a/audit/projects/k8s-staging-csi/services/logging/logs.json +++ b/audit/projects/k8s-staging-csi/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-csi/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-etcd/services/logging/logs.json b/audit/projects/k8s-staging-etcd/services/logging/logs.json index cc12dda89ec3..fe51488c7066 100644 --- a/audit/projects/k8s-staging-etcd/services/logging/logs.json +++ b/audit/projects/k8s-staging-etcd/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-etcd/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-examples/services/logging/logs.json b/audit/projects/k8s-staging-examples/services/logging/logs.json index f6cbc0f70548..fe51488c7066 100644 --- a/audit/projects/k8s-staging-examples/services/logging/logs.json +++ b/audit/projects/k8s-staging-examples/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-examples/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-experimental/services/logging/logs.json b/audit/projects/k8s-staging-experimental/services/logging/logs.json index a7c71af2f28f..fe51488c7066 100644 --- a/audit/projects/k8s-staging-experimental/services/logging/logs.json +++ b/audit/projects/k8s-staging-experimental/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-experimental/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-git-sync/services/logging/logs.json b/audit/projects/k8s-staging-git-sync/services/logging/logs.json index 81663cdef46f..fe51488c7066 100644 --- a/audit/projects/k8s-staging-git-sync/services/logging/logs.json +++ b/audit/projects/k8s-staging-git-sync/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-git-sync/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-ingressconformance/services/logging/logs.json b/audit/projects/k8s-staging-ingressconformance/services/logging/logs.json index 82c2ec0b886f..fe51488c7066 100644 --- a/audit/projects/k8s-staging-ingressconformance/services/logging/logs.json +++ b/audit/projects/k8s-staging-ingressconformance/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-ingressconformance/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/services/logging/logs.json b/audit/projects/k8s-staging-k8s-gsm-tools/services/logging/logs.json index e7e6c3a22465..fe51488c7066 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/services/logging/logs.json +++ b/audit/projects/k8s-staging-k8s-gsm-tools/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-k8s-gsm-tools/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-kubeadm/services/logging/logs.json b/audit/projects/k8s-staging-kubeadm/services/logging/logs.json index afee342bbbc5..fe51488c7066 100644 --- a/audit/projects/k8s-staging-kubeadm/services/logging/logs.json +++ b/audit/projects/k8s-staging-kubeadm/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-kubeadm/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-kubernetes/services/logging/logs.json b/audit/projects/k8s-staging-kubernetes/services/logging/logs.json index be96dbfbe766..fe51488c7066 100644 --- a/audit/projects/k8s-staging-kubernetes/services/logging/logs.json +++ b/audit/projects/k8s-staging-kubernetes/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-kubernetes/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-mirror/services/logging/logs.json b/audit/projects/k8s-staging-mirror/services/logging/logs.json index 46f8e6769596..fe51488c7066 100644 --- a/audit/projects/k8s-staging-mirror/services/logging/logs.json +++ b/audit/projects/k8s-staging-mirror/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-mirror/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-multitenancy/services/logging/logs.json b/audit/projects/k8s-staging-multitenancy/services/logging/logs.json index 5937937ae79b..fe51488c7066 100644 --- a/audit/projects/k8s-staging-multitenancy/services/logging/logs.json +++ b/audit/projects/k8s-staging-multitenancy/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-multitenancy/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-networking/services/logging/logs.json b/audit/projects/k8s-staging-networking/services/logging/logs.json index 2ab2c6574536..fe51488c7066 100644 --- a/audit/projects/k8s-staging-networking/services/logging/logs.json +++ b/audit/projects/k8s-staging-networking/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-networking/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-npd/services/logging/logs.json b/audit/projects/k8s-staging-npd/services/logging/logs.json index ded49679646f..fe51488c7066 100644 --- a/audit/projects/k8s-staging-npd/services/logging/logs.json +++ b/audit/projects/k8s-staging-npd/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-npd/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-prometheus-adapter/services/logging/logs.json b/audit/projects/k8s-staging-prometheus-adapter/services/logging/logs.json index a375c8e53747..4eb523461ae4 100644 --- a/audit/projects/k8s-staging-prometheus-adapter/services/logging/logs.json +++ b/audit/projects/k8s-staging-prometheus-adapter/services/logging/logs.json @@ -1,5 +1,4 @@ [ "projects/k8s-staging-prometheus-adapter/logs/cloudaudit.googleapis.com%2Factivity", - "projects/k8s-staging-prometheus-adapter/logs/cloudaudit.googleapis.com%2Fsystem_event", "projects/k8s-staging-prometheus-adapter/logs/cloudbuild" ] diff --git a/audit/projects/k8s-staging-provider-openstack/services/logging/logs.json b/audit/projects/k8s-staging-provider-openstack/services/logging/logs.json index dedab5079b38..fe51488c7066 100644 --- a/audit/projects/k8s-staging-provider-openstack/services/logging/logs.json +++ b/audit/projects/k8s-staging-provider-openstack/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-provider-openstack/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-publishing-bot/services/logging/logs.json b/audit/projects/k8s-staging-publishing-bot/services/logging/logs.json index b01fa08942c3..fe51488c7066 100644 --- a/audit/projects/k8s-staging-publishing-bot/services/logging/logs.json +++ b/audit/projects/k8s-staging-publishing-bot/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-publishing-bot/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-sig-docs/services/logging/logs.json b/audit/projects/k8s-staging-sig-docs/services/logging/logs.json index 98e7b56dc9b1..fe51488c7066 100644 --- a/audit/projects/k8s-staging-sig-docs/services/logging/logs.json +++ b/audit/projects/k8s-staging-sig-docs/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-sig-docs/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-slack-infra/services/logging/logs.json b/audit/projects/k8s-staging-slack-infra/services/logging/logs.json index 6fdf07995104..fe51488c7066 100644 --- a/audit/projects/k8s-staging-slack-infra/services/logging/logs.json +++ b/audit/projects/k8s-staging-slack-infra/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-slack-infra/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-storage-migrator/services/logging/logs.json b/audit/projects/k8s-staging-storage-migrator/services/logging/logs.json index aa683e0d88fa..fe51488c7066 100644 --- a/audit/projects/k8s-staging-storage-migrator/services/logging/logs.json +++ b/audit/projects/k8s-staging-storage-migrator/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-storage-migrator/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-test-infra/services/logging/logs.json b/audit/projects/k8s-staging-test-infra/services/logging/logs.json index c140379c3270..fe51488c7066 100644 --- a/audit/projects/k8s-staging-test-infra/services/logging/logs.json +++ b/audit/projects/k8s-staging-test-infra/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-test-infra/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/k8s-staging-txtdirect/services/logging/logs.json b/audit/projects/k8s-staging-txtdirect/services/logging/logs.json index 76061541f65b..fe51488c7066 100644 --- a/audit/projects/k8s-staging-txtdirect/services/logging/logs.json +++ b/audit/projects/k8s-staging-txtdirect/services/logging/logs.json @@ -1,3 +1 @@ -[ - "projects/k8s-staging-txtdirect/logs/cloudaudit.googleapis.com%2Factivity" -] +[] diff --git a/audit/projects/kubernetes-public/iam.json b/audit/projects/kubernetes-public/iam.json index 097185ae6b57..c303e5513c15 100644 --- a/audit/projects/kubernetes-public/iam.json +++ b/audit/projects/kubernetes-public/iam.json @@ -26,7 +26,7 @@ }, { "members": [ - "serviceAccount:service-127754664067@gcf-admin-robot.iam.gserviceaccount.com" + "deleted:serviceAccount:service-127754664067@gcf-admin-robot.iam.gserviceaccount.com?uid=116904371009860244686" ], "role": "roles/cloudfunctions.serviceAgent" }, diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/description.json b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/description.json new file mode 100644 index 000000000000..6127e45bccdb --- /dev/null +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/description.json @@ -0,0 +1,7 @@ +{ + "createTime": "2021-07-28T16:51:19.454161Z", + "name": "projects/127754664067/secrets/k8s-infra-ci-robot-github-account-password", + "replication": { + "automatic": {} + } +} diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/iam.json b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/iam.json new file mode 100644 index 000000000000..5fde1248c67c --- /dev/null +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/iam.json @@ -0,0 +1,11 @@ +{ + "bindings": [ + { + "members": [ + "group:k8s-infra-ci-robot@kubernetes.io" + ], + "role": "roles/secretmanager.admin" + } + ], + "version": 1 +} diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/versions.json b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/versions.json new file mode 100644 index 000000000000..3db4684898db --- /dev/null +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-account-password/versions.json @@ -0,0 +1,11 @@ +[ + { + "createTime": "2021-07-28T16:51:21.137022Z", + "etag": "\"15c831cbc42b7e\"", + "name": "projects/127754664067/secrets/k8s-infra-ci-robot-github-account-password/versions/1", + "replicationStatus": { + "automatic": {} + }, + "state": "ENABLED" + } +] diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json index 67b884f1c927..004846b33c3d 100644 --- a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json @@ -5,6 +5,12 @@ "group:k8s-infra-rbac-prow@kubernetes.io" ], "role": "roles/secretmanager.admin" + }, + { + "members": [ + "serviceAccount:kubernetes-external-secrets@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" + ], + "role": "roles/secretmanager.secretAccessor" } ], "version": 1 diff --git a/audit/projects/kubernetes-public/services/container/clusters/aaa.json b/audit/projects/kubernetes-public/services/container/clusters/aaa.json index 48a658f70061..7fd460b1953f 100644 --- a/audit/projects/kubernetes-public/services/container/clusters/aaa.json +++ b/audit/projects/kubernetes-public/services/container/clusters/aaa.json @@ -36,8 +36,8 @@ "binaryAuthorization": {}, "clusterIpv4Cidr": "10.40.0.0/14", "createTime": "2019-09-18T23:39:24+00:00", - "currentMasterVersion": "1.19.9-gke.1900", - "currentNodeVersion": "1.19.9-gke.1900", + "currentMasterVersion": "1.20.8-gke.900", + "currentNodeVersion": "1.19.9-gke.1900 *", "databaseEncryption": { "state": "DECRYPTED" }, diff --git a/audit/projects/kubernetes-public/services/enabled.txt b/audit/projects/kubernetes-public/services/enabled.txt index 57499919b5e4..b0235ca621b1 100644 --- a/audit/projects/kubernetes-public/services/enabled.txt +++ b/audit/projects/kubernetes-public/services/enabled.txt @@ -2,8 +2,6 @@ NAME TITLE bigquery.googleapis.com BigQuery API bigquerystorage.googleapis.com BigQuery Storage API cloudasset.googleapis.com Cloud Asset API -clouderrorreporting.googleapis.com Error Reporting API -cloudfunctions.googleapis.com Cloud Functions API cloudresourcemanager.googleapis.com Cloud Resource Manager API cloudshell.googleapis.com Cloud Shell API compute.googleapis.com Compute Engine API @@ -18,7 +16,6 @@ oslogin.googleapis.com Cloud OS Login API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API serviceusage.googleapis.com Service Usage API -source.googleapis.com Legacy Cloud Source Repositories API stackdriver.googleapis.com Stackdriver API storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/kubernetes-public/services/logging/logs.json b/audit/projects/kubernetes-public/services/logging/logs.json index 9c6c6ba4f760..366b57cf89d6 100644 --- a/audit/projects/kubernetes-public/services/logging/logs.json +++ b/audit/projects/kubernetes-public/services/logging/logs.json @@ -17,6 +17,7 @@ "projects/kubernetes-public/logs/kubelet-monitor", "projects/kubernetes-public/logs/monitoring.googleapis.com%2FViolationAutoResolveEventv1", "projects/kubernetes-public/logs/monitoring.googleapis.com%2FViolationOpenEventv1", + "projects/kubernetes-public/logs/monitoring.googleapis.com%2Fuptime_checks", "projects/kubernetes-public/logs/node-problem-detector", "projects/kubernetes-public/logs/requests", "projects/kubernetes-public/logs/serialconsole.googleapis.com%2Fserial_port_1_output",