From 0e4d008ee06acd65e01380c5e6313fd7ae4e0aaf Mon Sep 17 00:00:00 2001 From: CNCF CI Bot Date: Wed, 24 Feb 2021 03:54:09 +0000 Subject: [PATCH] audit: update as of 2021-02-24 --- .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-a0b6b040d4/cors.txt | 1 + .../kubernetes-staging-a0b6b040d4/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-a0b6b040d4/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-01/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-2abfb0e14f/cors.txt | 1 + .../kubernetes-staging-2abfb0e14f/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-2abfb0e14f/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-02/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-38aad5d74f/cors.txt | 1 + .../kubernetes-staging-38aad5d74f/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-38aad5d74f/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-03/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-8ebe77e78f/cors.txt | 1 + .../kubernetes-staging-8ebe77e78f/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-8ebe77e78f/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-04/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-b48eda6f1a/cors.txt | 1 + .../kubernetes-staging-b48eda6f1a/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-b48eda6f1a/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-05/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-cca279e715/cors.txt | 1 + .../kubernetes-staging-cca279e715/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-cca279e715/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-06/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-227c85f357/cors.txt | 1 + .../kubernetes-staging-227c85f357/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-227c85f357/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-07/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-544928283b/cors.txt | 1 + .../kubernetes-staging-544928283b/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-544928283b/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-08/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-328989ca07/cors.txt | 1 + .../kubernetes-staging-328989ca07/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-328989ca07/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-09/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ .../bucketpolicyonly.txt | 3 +++ .../kubernetes-staging-b4ee4f94c2/cors.txt | 1 + .../kubernetes-staging-b4ee4f94c2/iam.json | 17 +++++++++++++++++ .../kubernetes-staging-b4ee4f94c2/logging.txt | 1 + .../k8s-infra-e2e-boskos-gpu-10/iam.json | 6 ++++++ .../services/compute/project-info.json | 4 ++++ .../services/enabled.txt | 3 +++ 70 files changed, 350 insertions(+) create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/logging.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/bucketpolicyonly.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/cors.txt create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/iam.json create mode 100644 audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/logging.txt diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/bucketpolicyonly.txt new file mode 100644 index 00000000000..9cdf96ba13b --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-a0b6b040d4: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/cors.txt new file mode 100644 index 00000000000..5bd5de0c217 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-a0b6b040d4/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/iam.json new file mode 100644 index 00000000000..c382af84c65 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-01", + "projectOwner:k8s-infra-e2e-boskos-gpu-01" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-01" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/logging.txt new file mode 100644 index 00000000000..d68196854f4 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/buckets/kubernetes-staging-a0b6b040d4/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-a0b6b040d4/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-01/iam.json index 4fb3da77aff..7bea6c44694 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-01/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-220512457637@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:220512457637-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/compute/project-info.json index 36d44b87303..4d0f1fda942 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-01/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/bucketpolicyonly.txt new file mode 100644 index 00000000000..9a8767d6060 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-2abfb0e14f: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/cors.txt new file mode 100644 index 00000000000..0b608fa8e89 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-2abfb0e14f/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/iam.json new file mode 100644 index 00000000000..cf17554debb --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-02", + "projectOwner:k8s-infra-e2e-boskos-gpu-02" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-02" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/logging.txt new file mode 100644 index 00000000000..4c4a967ac65 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/buckets/kubernetes-staging-2abfb0e14f/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-2abfb0e14f/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-02/iam.json index dc1d7f80b98..d81cb198397 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-02/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-627137184414@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:627137184414-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/compute/project-info.json index 4a76709983c..abe1e2a5746 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-02/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/bucketpolicyonly.txt new file mode 100644 index 00000000000..8dce25200c2 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-38aad5d74f: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/cors.txt new file mode 100644 index 00000000000..1dfc45fa8a9 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-38aad5d74f/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/iam.json new file mode 100644 index 00000000000..153c669919c --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-03", + "projectOwner:k8s-infra-e2e-boskos-gpu-03" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-03" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/logging.txt new file mode 100644 index 00000000000..3da15a0e2d3 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/buckets/kubernetes-staging-38aad5d74f/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-38aad5d74f/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-03/iam.json index 7ff1cc9d8a0..d467f8c5928 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-03/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-910061531590@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:910061531590-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/compute/project-info.json index 6986b2f64e4..68a8f02f58b 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-03/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/bucketpolicyonly.txt new file mode 100644 index 00000000000..c54a5ed5ef0 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-8ebe77e78f: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/cors.txt new file mode 100644 index 00000000000..863d2d449e4 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-8ebe77e78f/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/iam.json new file mode 100644 index 00000000000..b9194e12b7b --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-04", + "projectOwner:k8s-infra-e2e-boskos-gpu-04" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-04" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/logging.txt new file mode 100644 index 00000000000..79e30bc2b84 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/buckets/kubernetes-staging-8ebe77e78f/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-8ebe77e78f/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-04/iam.json index 4541356612f..353a8448bf7 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-04/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-887670065934@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:887670065934-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/compute/project-info.json index a99e48425b2..c75493e44b1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-04/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/bucketpolicyonly.txt new file mode 100644 index 00000000000..0a502e8d8b8 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-b48eda6f1a: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/cors.txt new file mode 100644 index 00000000000..45e01dab666 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-b48eda6f1a/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/iam.json new file mode 100644 index 00000000000..943edb7b26d --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-05", + "projectOwner:k8s-infra-e2e-boskos-gpu-05" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-05" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/logging.txt new file mode 100644 index 00000000000..cacf00fb8d6 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/buckets/kubernetes-staging-b48eda6f1a/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-b48eda6f1a/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-05/iam.json index 18011b3aaf5..8734fb22fac 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-05/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-135385633554@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:135385633554-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/compute/project-info.json index 140c14c7538..2301e796679 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-05/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/bucketpolicyonly.txt new file mode 100644 index 00000000000..37dbf1730f4 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-cca279e715: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/cors.txt new file mode 100644 index 00000000000..eb10f60fc0c --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-cca279e715/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/iam.json new file mode 100644 index 00000000000..e361839e5d8 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-06", + "projectOwner:k8s-infra-e2e-boskos-gpu-06" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-06" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/logging.txt new file mode 100644 index 00000000000..0cc39c74ab7 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/buckets/kubernetes-staging-cca279e715/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-cca279e715/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-06/iam.json index a0214f62bd0..0cca53764ce 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-06/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-574702544726@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:574702544726-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/compute/project-info.json index a53628fdd78..606b226e25e 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-06/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/bucketpolicyonly.txt new file mode 100644 index 00000000000..9ac41cdcca8 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-227c85f357: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/cors.txt new file mode 100644 index 00000000000..74092512ca1 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-227c85f357/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/iam.json new file mode 100644 index 00000000000..6f338dc2872 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-07", + "projectOwner:k8s-infra-e2e-boskos-gpu-07" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-07" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/logging.txt new file mode 100644 index 00000000000..e3da1b77d47 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/buckets/kubernetes-staging-227c85f357/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-227c85f357/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-07/iam.json index c4b864dd8a9..2552c356d95 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-07/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-593515467300@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:593515467300-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/compute/project-info.json index 809bb197bb9..7a9b687a3b2 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-07/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/bucketpolicyonly.txt new file mode 100644 index 00000000000..f4d7deb8940 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-544928283b: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/cors.txt new file mode 100644 index 00000000000..1a974703d3c --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-544928283b/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/iam.json new file mode 100644 index 00000000000..0875b1a9d44 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-08", + "projectOwner:k8s-infra-e2e-boskos-gpu-08" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-08" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/logging.txt new file mode 100644 index 00000000000..e377c356445 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/buckets/kubernetes-staging-544928283b/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-544928283b/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-08/iam.json index def3946deef..ba6d46aca86 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-08/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-693828359310@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:693828359310-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/compute/project-info.json index c047ab185e8..1b909878423 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-08/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/bucketpolicyonly.txt new file mode 100644 index 00000000000..178548edeff --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-328989ca07: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/cors.txt new file mode 100644 index 00000000000..a69aaa494df --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-328989ca07/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/iam.json new file mode 100644 index 00000000000..e2e1a453383 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-09", + "projectOwner:k8s-infra-e2e-boskos-gpu-09" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-09" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/logging.txt new file mode 100644 index 00000000000..11328b3ac25 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/buckets/kubernetes-staging-328989ca07/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-328989ca07/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-09/iam.json index 88dc636ba68..cb7cbba9d9e 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-09/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-136773320006@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:136773320006-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/compute/project-info.json index ec7c67fba2e..9e72cb05ef1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-09/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/bucketpolicyonly.txt new file mode 100644 index 00000000000..99ee4c602c8 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-b4ee4f94c2: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/cors.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/cors.txt new file mode 100644 index 00000000000..502328751cf --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-b4ee4f94c2/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/iam.json new file mode 100644 index 00000000000..65ddd983548 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-boskos-gpu-10", + "projectOwner:k8s-infra-e2e-boskos-gpu-10" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-boskos-gpu-10" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/logging.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/logging.txt new file mode 100644 index 00000000000..971f423671a --- /dev/null +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/buckets/kubernetes-staging-b4ee4f94c2/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-b4ee4f94c2/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/iam.json b/audit/projects/k8s-infra-e2e-boskos-gpu-10/iam.json index d689cdd0b87..4d72ed505c2 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-10/iam.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-441369562578@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:441369562578-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/compute/project-info.json index 5d36ba058e1..0e6a44485c9 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/enabled.txt b/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-boskos-gpu-10/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage