From 1e65bf7a12a09254e3a12b53da4e03b3aa521a0b Mon Sep 17 00:00:00 2001 From: CNCF CI Bot Date: Thu, 20 May 2021 19:12:59 +0000 Subject: [PATCH] audit: update as of 2021-05-20 --- .../services/compute/project-info.json | 2 +- .../buckets/k8s-release-test-prod-gcb/iam.json | 2 -- audit/projects/k8s-release-test-prod/iam.json | 1 - .../k8s-release/buckets/k8s-release-gcb/iam.json | 2 -- audit/projects/k8s-release/iam.json | 1 - .../buckets/k8s-staging-addon-manager-gcb/iam.json | 2 -- audit/projects/k8s-staging-addon-manager/iam.json | 1 - .../k8s-staging-addon-manager/services/enabled.txt | 1 - .../buckets/k8s-staging-apisnoop-gcb/iam.json | 2 -- audit/projects/k8s-staging-apisnoop/iam.json | 1 - audit/projects/k8s-staging-apisnoop/services/enabled.txt | 1 - .../buckets/k8s-staging-artifact-promoter-gcb/iam.json | 2 -- audit/projects/k8s-staging-artifact-promoter/iam.json | 1 - .../k8s-staging-artifact-promoter/services/enabled.txt | 1 - .../buckets/k8s-staging-autoscaling-gcb/iam.json | 2 -- audit/projects/k8s-staging-autoscaling/iam.json | 1 - .../k8s-staging-autoscaling/services/enabled.txt | 1 - .../buckets/k8s-staging-bootkube-gcb/iam.json | 2 -- audit/projects/k8s-staging-bootkube/iam.json | 1 - audit/projects/k8s-staging-bootkube/services/enabled.txt | 1 - .../buckets/k8s-staging-boskos-gcb/iam.json | 2 -- audit/projects/k8s-staging-boskos/iam.json | 1 - audit/projects/k8s-staging-boskos/services/enabled.txt | 1 - .../buckets/k8s-staging-build-image-gcb/iam.json | 2 -- audit/projects/k8s-staging-build-image/iam.json | 1 - .../k8s-staging-build-image/services/enabled.txt | 1 - .../buckets/k8s-staging-capi-docker-gcb/iam.json | 2 -- audit/projects/k8s-staging-capi-docker/iam.json | 1 - .../k8s-staging-capi-docker/services/enabled.txt | 1 - .../buckets/k8s-staging-capi-kubeadm-gcb/iam.json | 2 -- audit/projects/k8s-staging-capi-kubeadm/iam.json | 1 - .../k8s-staging-capi-kubeadm/services/enabled.txt | 1 - .../buckets/k8s-staging-capi-openstack-gcb/iam.json | 2 -- audit/projects/k8s-staging-capi-openstack/iam.json | 1 - .../k8s-staging-capi-openstack/services/enabled.txt | 1 - .../buckets/k8s-staging-capi-vsphere-gcb/iam.json | 2 -- audit/projects/k8s-staging-capi-vsphere/iam.json | 1 - .../k8s-staging-capi-vsphere/services/enabled.txt | 1 - .../buckets/k8s-staging-ci-images-gcb/iam.json | 2 -- audit/projects/k8s-staging-ci-images/iam.json | 1 - .../projects/k8s-staging-ci-images/services/enabled.txt | 1 - .../buckets/k8s-staging-cip-test-gcb/iam.json | 2 -- audit/projects/k8s-staging-cip-test/iam.json | 1 - audit/projects/k8s-staging-cip-test/services/enabled.txt | 1 - .../buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json | 2 -- audit/projects/k8s-staging-cloud-provider-gcp/iam.json | 1 - .../k8s-staging-cloud-provider-gcp/services/enabled.txt | 1 - .../buckets/k8s-staging-cluster-addons-gcb/iam.json | 2 -- audit/projects/k8s-staging-cluster-addons/iam.json | 1 - .../k8s-staging-cluster-addons/services/enabled.txt | 1 - .../buckets/k8s-staging-cluster-api-aws-gcb/iam.json | 2 -- audit/projects/k8s-staging-cluster-api-aws/iam.json | 1 - .../k8s-staging-cluster-api-aws/services/enabled.txt | 1 - .../buckets/k8s-staging-cluster-api-azure-gcb/iam.json | 2 -- audit/projects/k8s-staging-cluster-api-azure/iam.json | 1 - .../k8s-staging-cluster-api-azure/services/enabled.txt | 1 - .../buckets/k8s-staging-cluster-api-do-gcb/iam.json | 2 -- audit/projects/k8s-staging-cluster-api-do/iam.json | 1 - .../k8s-staging-cluster-api-do/services/enabled.txt | 1 - .../buckets/k8s-staging-cluster-api-gcp-gcb/iam.json | 4 ++-- .../buckets/k8s-staging-cluster-api-gcp/iam.json | 9 ++++++++- audit/projects/k8s-staging-cluster-api-gcp/iam.json | 1 - .../description.json | 2 +- .../k8s-staging-cluster-api-gcp/services/enabled.txt | 1 - .../buckets/k8s-staging-cluster-api-gcb/iam.json | 2 -- audit/projects/k8s-staging-cluster-api/iam.json | 1 - .../k8s-staging-cluster-api/services/enabled.txt | 1 - .../buckets/k8s-staging-coredns-gcb/iam.json | 2 -- audit/projects/k8s-staging-coredns/iam.json | 1 - audit/projects/k8s-staging-coredns/services/enabled.txt | 1 - .../k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json | 2 -- audit/projects/k8s-staging-cpa/iam.json | 1 - audit/projects/k8s-staging-cpa/services/enabled.txt | 1 - .../buckets/k8s-staging-cri-tools-gcb/iam.json | 2 -- audit/projects/k8s-staging-cri-tools/iam.json | 1 - .../projects/k8s-staging-cri-tools/services/enabled.txt | 1 - .../buckets/k8s-staging-csi-secrets-store-gcb/iam.json | 2 -- audit/projects/k8s-staging-csi-secrets-store/iam.json | 1 - .../k8s-staging-csi-secrets-store/services/enabled.txt | 1 - .../k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json | 2 -- audit/projects/k8s-staging-csi/iam.json | 1 - audit/projects/k8s-staging-csi/services/enabled.txt | 1 - .../buckets/k8s-staging-descheduler-gcb/iam.json | 2 -- audit/projects/k8s-staging-descheduler/iam.json | 1 - .../k8s-staging-descheduler/services/enabled.txt | 1 - .../k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json | 2 -- audit/projects/k8s-staging-dns/iam.json | 1 - audit/projects/k8s-staging-dns/services/enabled.txt | 1 - .../buckets/k8s-staging-e2e-test-images-gcb/iam.json | 2 -- audit/projects/k8s-staging-e2e-test-images/iam.json | 1 - .../k8s-staging-e2e-test-images/services/enabled.txt | 1 - .../buckets/k8s-staging-etcd-gcb/iam.json | 2 -- audit/projects/k8s-staging-etcd/iam.json | 1 - audit/projects/k8s-staging-etcd/services/enabled.txt | 1 - .../buckets/k8s-staging-etcdadm-gcb/iam.json | 2 -- audit/projects/k8s-staging-etcdadm/iam.json | 1 - audit/projects/k8s-staging-etcdadm/services/enabled.txt | 1 - .../buckets/k8s-staging-examples-gcb/iam.json | 2 -- audit/projects/k8s-staging-examples/iam.json | 1 - audit/projects/k8s-staging-examples/services/enabled.txt | 1 - .../buckets/k8s-staging-experimental-gcb/iam.json | 2 -- audit/projects/k8s-staging-experimental/iam.json | 1 - .../k8s-staging-experimental/services/enabled.txt | 1 - .../buckets/k8s-staging-external-dns-gcb/iam.json | 2 -- audit/projects/k8s-staging-external-dns/iam.json | 1 - .../k8s-staging-external-dns/services/enabled.txt | 1 - .../buckets/k8s-staging-gateway-api-gcb/iam.json | 2 -- audit/projects/k8s-staging-gateway-api/iam.json | 1 - .../k8s-staging-gateway-api/services/enabled.txt | 1 - .../buckets/k8s-staging-git-sync-gcb/iam.json | 2 -- audit/projects/k8s-staging-git-sync/iam.json | 1 - audit/projects/k8s-staging-git-sync/services/enabled.txt | 1 - .../buckets/k8s-staging-infra-tools-gcb/iam.json | 2 -- audit/projects/k8s-staging-infra-tools/iam.json | 1 - .../k8s-staging-infra-tools/services/enabled.txt | 1 - .../buckets/k8s-staging-ingress-nginx-gcb/iam.json | 2 -- audit/projects/k8s-staging-ingress-nginx/iam.json | 1 - .../k8s-staging-ingress-nginx/services/enabled.txt | 1 - .../buckets/k8s-staging-ingressconformance-gcb/iam.json | 2 -- audit/projects/k8s-staging-ingressconformance/iam.json | 1 - .../k8s-staging-ingressconformance/services/enabled.txt | 1 - .../buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json | 2 -- audit/projects/k8s-staging-k8s-gsm-tools/iam.json | 1 - .../k8s-staging-k8s-gsm-tools/services/enabled.txt | 1 - .../buckets/k8s-staging-kas-network-proxy-gcb/iam.json | 2 -- audit/projects/k8s-staging-kas-network-proxy/iam.json | 1 - .../k8s-staging-kas-network-proxy/services/enabled.txt | 1 - .../buckets/k8s-staging-kind-gcb/iam.json | 2 -- audit/projects/k8s-staging-kind/iam.json | 1 - audit/projects/k8s-staging-kind/services/enabled.txt | 1 - .../buckets/k8s-staging-kops-gcb/iam.json | 2 -- audit/projects/k8s-staging-kops/iam.json | 1 - audit/projects/k8s-staging-kops/services/enabled.txt | 1 - .../buckets/k8s-staging-kube-state-metrics-gcb/iam.json | 2 -- audit/projects/k8s-staging-kube-state-metrics/iam.json | 1 - .../k8s-staging-kube-state-metrics/services/enabled.txt | 1 - .../buckets/k8s-staging-kubeadm-gcb/iam.json | 2 -- audit/projects/k8s-staging-kubeadm/iam.json | 1 - audit/projects/k8s-staging-kubeadm/services/enabled.txt | 1 - .../buckets/k8s-staging-kubernetes-gcb/iam.json | 2 -- audit/projects/k8s-staging-kubernetes/iam.json | 1 - .../projects/k8s-staging-kubernetes/services/enabled.txt | 1 - .../buckets/k8s-staging-kubetest2-gcb/iam.json | 2 -- audit/projects/k8s-staging-kubetest2/iam.json | 1 - .../projects/k8s-staging-kubetest2/services/enabled.txt | 1 - .../buckets/k8s-staging-kustomize-gcb/iam.json | 2 -- audit/projects/k8s-staging-kustomize/iam.json | 1 - .../projects/k8s-staging-kustomize/services/enabled.txt | 1 - .../buckets/k8s-staging-metrics-server-gcb/iam.json | 2 -- audit/projects/k8s-staging-metrics-server/iam.json | 1 - .../k8s-staging-metrics-server/services/enabled.txt | 1 - .../buckets/k8s-staging-mirror-gcb/iam.json | 2 -- audit/projects/k8s-staging-mirror/iam.json | 1 - audit/projects/k8s-staging-mirror/services/enabled.txt | 1 - .../buckets/k8s-staging-multitenancy-gcb/iam.json | 2 -- audit/projects/k8s-staging-multitenancy/iam.json | 1 - .../k8s-staging-multitenancy/services/enabled.txt | 1 - .../buckets/k8s-staging-networking-gcb/iam.json | 2 -- audit/projects/k8s-staging-networking/iam.json | 1 - .../projects/k8s-staging-networking/services/enabled.txt | 1 - .../k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json | 2 -- audit/projects/k8s-staging-nfd/iam.json | 1 - audit/projects/k8s-staging-nfd/services/enabled.txt | 1 - .../k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json | 2 -- audit/projects/k8s-staging-npd/iam.json | 1 - audit/projects/k8s-staging-npd/services/enabled.txt | 1 - .../buckets/k8s-staging-provider-aws-gcb/iam.json | 2 -- audit/projects/k8s-staging-provider-aws/iam.json | 1 - .../k8s-staging-provider-aws/services/enabled.txt | 1 - .../buckets/k8s-staging-provider-azure-gcb/iam.json | 2 -- audit/projects/k8s-staging-provider-azure/iam.json | 1 - .../k8s-staging-provider-azure/services/enabled.txt | 1 - .../buckets/k8s-staging-provider-openstack-gcb/iam.json | 2 -- audit/projects/k8s-staging-provider-openstack/iam.json | 1 - .../k8s-staging-provider-openstack/services/enabled.txt | 1 - .../buckets/k8s-staging-publishing-bot-gcb/iam.json | 2 -- audit/projects/k8s-staging-publishing-bot/iam.json | 1 - .../k8s-staging-publishing-bot/services/enabled.txt | 1 - .../buckets/k8s-staging-releng-test-gcb/iam.json | 4 ++-- .../buckets/k8s-staging-releng-test/iam.json | 9 ++++++++- audit/projects/k8s-staging-releng-test/iam.json | 1 - .../description.json | 2 +- .../k8s-staging-releng-test/services/enabled.txt | 1 - .../buckets/k8s-staging-releng-gcb/iam.json | 2 -- audit/projects/k8s-staging-releng/iam.json | 1 - audit/projects/k8s-staging-releng/services/enabled.txt | 1 - .../buckets/k8s-staging-scheduler-plugins-gcb/iam.json | 2 -- audit/projects/k8s-staging-scheduler-plugins/iam.json | 1 - .../k8s-staging-scheduler-plugins/services/enabled.txt | 1 - .../buckets/k8s-staging-scl-image-builder-gcb/iam.json | 2 -- audit/projects/k8s-staging-scl-image-builder/iam.json | 1 - .../k8s-staging-scl-image-builder/services/enabled.txt | 1 - .../buckets/k8s-staging-sig-docs-gcb/iam.json | 2 -- audit/projects/k8s-staging-sig-docs/iam.json | 1 - audit/projects/k8s-staging-sig-docs/services/enabled.txt | 1 - .../buckets/k8s-staging-sig-storage-gcb/iam.json | 2 -- audit/projects/k8s-staging-sig-storage/iam.json | 1 - .../k8s-staging-sig-storage/services/enabled.txt | 1 - .../buckets/k8s-staging-slack-infra-gcb/iam.json | 2 -- audit/projects/k8s-staging-slack-infra/iam.json | 1 - .../k8s-staging-slack-infra/services/enabled.txt | 1 - .../buckets/k8s-staging-sp-operator-gcb/iam.json | 2 -- audit/projects/k8s-staging-sp-operator/iam.json | 1 - .../k8s-staging-sp-operator/services/enabled.txt | 1 - .../buckets/k8s-staging-storage-migrator-gcb/iam.json | 2 -- audit/projects/k8s-staging-storage-migrator/iam.json | 7 ------- .../k8s-staging-storage-migrator/services/enabled.txt | 1 - .../buckets/k8s-staging-test-infra-gcb/iam.json | 2 -- audit/projects/k8s-staging-test-infra/iam.json | 1 - .../projects/k8s-staging-test-infra/services/enabled.txt | 1 - .../buckets/k8s-staging-txtdirect-gcb/iam.json | 2 -- audit/projects/k8s-staging-txtdirect/iam.json | 1 - .../projects/k8s-staging-txtdirect/services/enabled.txt | 1 - 213 files changed, 23 insertions(+), 289 deletions(-) diff --git a/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json index 9ca428a68b0..64566a1aced 100644 --- a/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json @@ -3,7 +3,7 @@ "items": [ { "key": "ssh-keys", - "value": "prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nprow:prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow" + "value": "prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nprow:prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nzawodny:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSesDvaYgkqiBK/5cA6qhNuffwxaEg2KjP80uMi2MRPiMCem5A0vbeSg0/U2KKYpzkNfQkBGfj4vYDCjsQU4J978kL/ppzn9Cgu0gwCLF+w2Z3IdxazBSoV+cG605hishOIKFHJrTECQz2cd9GQpRRUAKaxfd0iz5nGgcxqtHtGwjv2refuPqXGR1DRBUC9R6sPOkwLDDdNHMUDGu5+TDHCLW80wPUCKlk3kMik4O5H9/0oPGvErfGX/WSa/VmOfbTUZOL5bUqPQixZZnh5e4tUcslPJD429Y5Gk/jWd9edn2G/NnpszfmaB1wmwpUVbYPMcTGR+8n/0TUBfTCbnjmBSys+MHHdnVWcT59T19A5rlQKGPBbzmomJdl8N8maCgmQOhi1t1/lMxX9X7A2MWFeaze30P4dFUQq/jqeyVeP+4ROiG3xRr9jxgh2A916gvPF05c7Kk5cLkCgVqHc9HG8cgRBXqVGGIp/3BOwCdho/1JIKDniqwx8Vrv16dOmnM= zawodny" } ], "kind": "compute#metadata" diff --git a/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json b/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json index 2e0ccc05af5..307122b7928 100644 --- a/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json +++ b/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json @@ -35,7 +35,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -43,7 +42,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-release-test-prod/iam.json b/audit/projects/k8s-release-test-prod/iam.json index 4408007639e..964532db581 100644 --- a/audit/projects/k8s-release-test-prod/iam.json +++ b/audit/projects/k8s-release-test-prod/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:925892675446@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json b/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json index 4f8ae0abaaa..ebfc0efe13e 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json @@ -31,7 +31,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -39,7 +38,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-release/iam.json b/audit/projects/k8s-release/iam.json index f8cd5ab3d14..a5017c1e7b5 100644 --- a/audit/projects/k8s-release/iam.json +++ b/audit/projects/k8s-release/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:304687256732@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json b/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json index a98593d2a8f..bc9910ec12e 100644 --- a/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json +++ b/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-addon-manager/iam.json b/audit/projects/k8s-staging-addon-manager/iam.json index 4a87fc6d949..cf515f62fad 100644 --- a/audit/projects/k8s-staging-addon-manager/iam.json +++ b/audit/projects/k8s-staging-addon-manager/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:103321906213@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-addon-manager/services/enabled.txt b/audit/projects/k8s-staging-addon-manager/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-addon-manager/services/enabled.txt +++ b/audit/projects/k8s-staging-addon-manager/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json b/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json index 0b16243a3a0..7590816f886 100644 --- a/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json +++ b/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-apisnoop/iam.json b/audit/projects/k8s-staging-apisnoop/iam.json index 1946d5fce9f..58047daf17e 100644 --- a/audit/projects/k8s-staging-apisnoop/iam.json +++ b/audit/projects/k8s-staging-apisnoop/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:782271650518@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-apisnoop/services/enabled.txt b/audit/projects/k8s-staging-apisnoop/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-apisnoop/services/enabled.txt +++ b/audit/projects/k8s-staging-apisnoop/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json b/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json index 3b509f709a3..723fde7057e 100644 --- a/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json +++ b/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-artifact-promoter/iam.json b/audit/projects/k8s-staging-artifact-promoter/iam.json index d52f5443a48..bb4f5424a8f 100644 --- a/audit/projects/k8s-staging-artifact-promoter/iam.json +++ b/audit/projects/k8s-staging-artifact-promoter/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:675573440409@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt b/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt +++ b/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json b/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json index a7ea2603ec4..3134e9fe4fb 100644 --- a/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json +++ b/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-autoscaling/iam.json b/audit/projects/k8s-staging-autoscaling/iam.json index ead10ba0ba1..a93d12d6712 100644 --- a/audit/projects/k8s-staging-autoscaling/iam.json +++ b/audit/projects/k8s-staging-autoscaling/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:371644685964@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-autoscaling/services/enabled.txt b/audit/projects/k8s-staging-autoscaling/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-autoscaling/services/enabled.txt +++ b/audit/projects/k8s-staging-autoscaling/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json b/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json index 6525e97c6b1..a1fc57e86ce 100644 --- a/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json +++ b/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-bootkube/iam.json b/audit/projects/k8s-staging-bootkube/iam.json index 9c154c41276..a6f835cd082 100644 --- a/audit/projects/k8s-staging-bootkube/iam.json +++ b/audit/projects/k8s-staging-bootkube/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:48439280800@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-bootkube/services/enabled.txt b/audit/projects/k8s-staging-bootkube/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-bootkube/services/enabled.txt +++ b/audit/projects/k8s-staging-bootkube/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json b/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json index 344d7718880..5fb2e07f793 100644 --- a/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json +++ b/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-boskos/iam.json b/audit/projects/k8s-staging-boskos/iam.json index a8d2a5181e9..07fc4571486 100644 --- a/audit/projects/k8s-staging-boskos/iam.json +++ b/audit/projects/k8s-staging-boskos/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:41305360102@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-boskos/services/enabled.txt b/audit/projects/k8s-staging-boskos/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-boskos/services/enabled.txt +++ b/audit/projects/k8s-staging-boskos/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json b/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json index c7f000af3ac..d48945dd5dc 100644 --- a/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json +++ b/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-build-image/iam.json b/audit/projects/k8s-staging-build-image/iam.json index 74d2cd22a48..8395725210f 100644 --- a/audit/projects/k8s-staging-build-image/iam.json +++ b/audit/projects/k8s-staging-build-image/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:960211007710@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-build-image/services/enabled.txt b/audit/projects/k8s-staging-build-image/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-build-image/services/enabled.txt +++ b/audit/projects/k8s-staging-build-image/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json b/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json index 0ea1228a316..30e376476d3 100644 --- a/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-docker/iam.json b/audit/projects/k8s-staging-capi-docker/iam.json index eb6e826e096..1e92e05979b 100644 --- a/audit/projects/k8s-staging-capi-docker/iam.json +++ b/audit/projects/k8s-staging-capi-docker/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:44019431644@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-docker/services/enabled.txt b/audit/projects/k8s-staging-capi-docker/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-capi-docker/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-docker/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json b/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json index 7203e40dd76..0db59cae660 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-kubeadm/iam.json b/audit/projects/k8s-staging-capi-kubeadm/iam.json index 89e7f17e16c..ae3cf2788d9 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/iam.json +++ b/audit/projects/k8s-staging-capi-kubeadm/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:778608689920@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt b/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json b/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json index 496d566d199..718a420b81b 100644 --- a/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-openstack/iam.json b/audit/projects/k8s-staging-capi-openstack/iam.json index 14145e2c7e9..5412fe8c479 100644 --- a/audit/projects/k8s-staging-capi-openstack/iam.json +++ b/audit/projects/k8s-staging-capi-openstack/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:129051311436@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-openstack/services/enabled.txt b/audit/projects/k8s-staging-capi-openstack/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-capi-openstack/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-openstack/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json b/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json index bfefb55c718..ddd1e33fca2 100644 --- a/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-vsphere/iam.json b/audit/projects/k8s-staging-capi-vsphere/iam.json index c4d4287f5b9..1310d46a0b1 100644 --- a/audit/projects/k8s-staging-capi-vsphere/iam.json +++ b/audit/projects/k8s-staging-capi-vsphere/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:459565607671@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt b/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json b/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json index 6f6b961b9f2..264a3b8f509 100644 --- a/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json +++ b/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-ci-images/iam.json b/audit/projects/k8s-staging-ci-images/iam.json index 401f1f66d5e..825593befec 100644 --- a/audit/projects/k8s-staging-ci-images/iam.json +++ b/audit/projects/k8s-staging-ci-images/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:731599680865@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-ci-images/services/enabled.txt b/audit/projects/k8s-staging-ci-images/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-ci-images/services/enabled.txt +++ b/audit/projects/k8s-staging-ci-images/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json b/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json index c258b1fdaa2..a7186a689c7 100644 --- a/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json +++ b/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cip-test/iam.json b/audit/projects/k8s-staging-cip-test/iam.json index fa29dc03f84..0423c7528de 100644 --- a/audit/projects/k8s-staging-cip-test/iam.json +++ b/audit/projects/k8s-staging-cip-test/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:324460563566@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cip-test/services/enabled.txt b/audit/projects/k8s-staging-cip-test/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cip-test/services/enabled.txt +++ b/audit/projects/k8s-staging-cip-test/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json b/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json index 537a67859c6..f99fb298450 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json +++ b/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/iam.json b/audit/projects/k8s-staging-cloud-provider-gcp/iam.json index 386ebf4a880..e413ca47cc8 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/iam.json +++ b/audit/projects/k8s-staging-cloud-provider-gcp/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:67010995753@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt b/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt +++ b/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json b/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json index 001de2439da..04b7c8a9fe4 100644 --- a/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-addons/iam.json b/audit/projects/k8s-staging-cluster-addons/iam.json index 4c3770f492d..fe046ca9481 100644 --- a/audit/projects/k8s-staging-cluster-addons/iam.json +++ b/audit/projects/k8s-staging-cluster-addons/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:239900365888@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-addons/services/enabled.txt b/audit/projects/k8s-staging-cluster-addons/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cluster-addons/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-addons/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json index 558b96aea71..2c82d9d3436 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-aws/iam.json b/audit/projects/k8s-staging-cluster-api-aws/iam.json index 845d5de2d78..491d2613dd9 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/iam.json +++ b/audit/projects/k8s-staging-cluster-api-aws/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:433651898792@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json index fc7b05558d5..9678f410e4b 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-azure/iam.json b/audit/projects/k8s-staging-cluster-api-azure/iam.json index 6e0188319e1..06eca7af1c9 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/iam.json +++ b/audit/projects/k8s-staging-cluster-api-azure/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1087109869165@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json index 8dde774e7b8..6cf278c80d1 100644 --- a/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-do/iam.json b/audit/projects/k8s-staging-cluster-api-do/iam.json index f64e231d876..531393b9c3c 100644 --- a/audit/projects/k8s-staging-cluster-api-do/iam.json +++ b/audit/projects/k8s-staging-cluster-api-do/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:226017735054@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json index 59f819b346d..d2b20a63a46 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json @@ -29,7 +29,7 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +37,7 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json index 8de387926b7..90ee0391f68 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json @@ -29,7 +29,14 @@ }, { "members": [ - "allUsers" + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" + ], + "role": "roles/storage.objectCreator" + }, + { + "members": [ + "allUsers", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" } diff --git a/audit/projects/k8s-staging-cluster-api-gcp/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/iam.json index 222941acad6..9d800771083 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:606075400249@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], diff --git a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json index 07491c95192..6d6e594a760 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json @@ -1,5 +1,5 @@ { - "displayName": "used by k8s-infra-prow-build to trigger GCB, write to GCR for k8s-staging-cluster-api-gcp", + "displayName": "used by prow to use GCB, write to GCR and GCS for k8s-staging-cluster-api-gcp", "email": "gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "name": "projects/k8s-staging-cluster-api-gcp/serviceAccounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "oauth2ClientId": "108043822519400192439", diff --git a/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt index 661451636fa..0d782aac9a4 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt @@ -4,7 +4,6 @@ cloudkms.googleapis.com Cloud Key Management Service (KMS) API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API oslogin.googleapis.com Cloud OS Login API pubsub.googleapis.com Cloud Pub/Sub API diff --git a/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json b/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json index b3cbabf4736..b56a6ae999e 100644 --- a/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api/iam.json b/audit/projects/k8s-staging-cluster-api/iam.json index 355f8e45526..3e40235b1bc 100644 --- a/audit/projects/k8s-staging-cluster-api/iam.json +++ b/audit/projects/k8s-staging-cluster-api/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:190130481896@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api/services/enabled.txt b/audit/projects/k8s-staging-cluster-api/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cluster-api/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json b/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json index 0662304e0f5..e3da9781492 100644 --- a/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json +++ b/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-coredns/iam.json b/audit/projects/k8s-staging-coredns/iam.json index c6409cab5b1..98bb02d8062 100644 --- a/audit/projects/k8s-staging-coredns/iam.json +++ b/audit/projects/k8s-staging-coredns/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:848617618266@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-coredns/services/enabled.txt b/audit/projects/k8s-staging-coredns/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-coredns/services/enabled.txt +++ b/audit/projects/k8s-staging-coredns/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json b/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json index 9625155743f..ec6029a7943 100644 --- a/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json +++ b/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cpa/iam.json b/audit/projects/k8s-staging-cpa/iam.json index b64fe14a267..8436038f7a2 100644 --- a/audit/projects/k8s-staging-cpa/iam.json +++ b/audit/projects/k8s-staging-cpa/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:644315828680@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cpa/services/enabled.txt b/audit/projects/k8s-staging-cpa/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cpa/services/enabled.txt +++ b/audit/projects/k8s-staging-cpa/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json b/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json index 1811189d38c..df9b5554547 100644 --- a/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json +++ b/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cri-tools/iam.json b/audit/projects/k8s-staging-cri-tools/iam.json index 4fdb3ca3ef3..184f40b31d9 100644 --- a/audit/projects/k8s-staging-cri-tools/iam.json +++ b/audit/projects/k8s-staging-cri-tools/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:565574877728@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cri-tools/services/enabled.txt b/audit/projects/k8s-staging-cri-tools/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-cri-tools/services/enabled.txt +++ b/audit/projects/k8s-staging-cri-tools/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json b/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json index 7a843b07dff..ffb1434083e 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json +++ b/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-csi-secrets-store/iam.json b/audit/projects/k8s-staging-csi-secrets-store/iam.json index 0799c26ac16..81c09ffe1cd 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/iam.json +++ b/audit/projects/k8s-staging-csi-secrets-store/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:766197520365@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt b/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt +++ b/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json b/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json index 4b0ed0b043a..d2e97346079 100644 --- a/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json +++ b/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-csi/iam.json b/audit/projects/k8s-staging-csi/iam.json index 586db1e4882..59a658cfa90 100644 --- a/audit/projects/k8s-staging-csi/iam.json +++ b/audit/projects/k8s-staging-csi/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:874328413592@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-csi/services/enabled.txt b/audit/projects/k8s-staging-csi/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-csi/services/enabled.txt +++ b/audit/projects/k8s-staging-csi/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json b/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json index c8cbb60d408..20842262c78 100644 --- a/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json +++ b/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-descheduler/iam.json b/audit/projects/k8s-staging-descheduler/iam.json index 3f9ac8cff7c..18f2a7cb3a4 100644 --- a/audit/projects/k8s-staging-descheduler/iam.json +++ b/audit/projects/k8s-staging-descheduler/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1009880777024@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-descheduler/services/enabled.txt b/audit/projects/k8s-staging-descheduler/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-descheduler/services/enabled.txt +++ b/audit/projects/k8s-staging-descheduler/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json b/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json index 3c9ccef10d9..61345947c73 100644 --- a/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json +++ b/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-dns/iam.json b/audit/projects/k8s-staging-dns/iam.json index 242fbf1286c..d444c68b9b6 100644 --- a/audit/projects/k8s-staging-dns/iam.json +++ b/audit/projects/k8s-staging-dns/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:558098336346@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-dns/services/enabled.txt b/audit/projects/k8s-staging-dns/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-dns/services/enabled.txt +++ b/audit/projects/k8s-staging-dns/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json b/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json index 70394c224f9..9754fff5ed1 100644 --- a/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json +++ b/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-e2e-test-images/iam.json b/audit/projects/k8s-staging-e2e-test-images/iam.json index 6c58d9d074f..6282c066105 100644 --- a/audit/projects/k8s-staging-e2e-test-images/iam.json +++ b/audit/projects/k8s-staging-e2e-test-images/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:456067983721@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt b/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt +++ b/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json b/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json index af9838dbb3c..4ab283c92fc 100644 --- a/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json +++ b/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-etcd/iam.json b/audit/projects/k8s-staging-etcd/iam.json index aee17c6fe88..579a29b4567 100644 --- a/audit/projects/k8s-staging-etcd/iam.json +++ b/audit/projects/k8s-staging-etcd/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:329483391043@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-etcd/services/enabled.txt b/audit/projects/k8s-staging-etcd/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-etcd/services/enabled.txt +++ b/audit/projects/k8s-staging-etcd/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json b/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json index 9ffe456a50d..0e82b4eed6f 100644 --- a/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json +++ b/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-etcdadm/iam.json b/audit/projects/k8s-staging-etcdadm/iam.json index fa04070b089..4ce52040f3a 100644 --- a/audit/projects/k8s-staging-etcdadm/iam.json +++ b/audit/projects/k8s-staging-etcdadm/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:621671725592@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-etcdadm/services/enabled.txt b/audit/projects/k8s-staging-etcdadm/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-etcdadm/services/enabled.txt +++ b/audit/projects/k8s-staging-etcdadm/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json b/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json index 8bf7c201cbc..8f19099e066 100644 --- a/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json +++ b/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-examples/iam.json b/audit/projects/k8s-staging-examples/iam.json index ec2db528bac..c3bf8be18e7 100644 --- a/audit/projects/k8s-staging-examples/iam.json +++ b/audit/projects/k8s-staging-examples/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:315229499758@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-examples/services/enabled.txt b/audit/projects/k8s-staging-examples/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-examples/services/enabled.txt +++ b/audit/projects/k8s-staging-examples/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json b/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json index 54ec2c751d0..487e0b47496 100644 --- a/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json +++ b/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-experimental/iam.json b/audit/projects/k8s-staging-experimental/iam.json index 2d6cdb76189..1c44ea43b4d 100644 --- a/audit/projects/k8s-staging-experimental/iam.json +++ b/audit/projects/k8s-staging-experimental/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:737067335481@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-experimental/services/enabled.txt b/audit/projects/k8s-staging-experimental/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-experimental/services/enabled.txt +++ b/audit/projects/k8s-staging-experimental/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json b/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json index 0d4f6d302d8..dce8fd3e18d 100644 --- a/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json +++ b/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-external-dns/iam.json b/audit/projects/k8s-staging-external-dns/iam.json index 341e4c57ba4..747c8ce04d7 100644 --- a/audit/projects/k8s-staging-external-dns/iam.json +++ b/audit/projects/k8s-staging-external-dns/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:548739681389@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-external-dns/services/enabled.txt b/audit/projects/k8s-staging-external-dns/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-external-dns/services/enabled.txt +++ b/audit/projects/k8s-staging-external-dns/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json b/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json index d2625791a5e..f4f42aea8b6 100644 --- a/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json +++ b/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-gateway-api/iam.json b/audit/projects/k8s-staging-gateway-api/iam.json index 38ff1d50fa2..54c945efc10 100644 --- a/audit/projects/k8s-staging-gateway-api/iam.json +++ b/audit/projects/k8s-staging-gateway-api/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:27800831195@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-gateway-api/services/enabled.txt b/audit/projects/k8s-staging-gateway-api/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-gateway-api/services/enabled.txt +++ b/audit/projects/k8s-staging-gateway-api/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json b/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json index 796e7cf8bb4..d63bab61ab0 100644 --- a/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json +++ b/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-git-sync/iam.json b/audit/projects/k8s-staging-git-sync/iam.json index 7528571d983..c1e2c218a95 100644 --- a/audit/projects/k8s-staging-git-sync/iam.json +++ b/audit/projects/k8s-staging-git-sync/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:998209132534@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-git-sync/services/enabled.txt b/audit/projects/k8s-staging-git-sync/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-git-sync/services/enabled.txt +++ b/audit/projects/k8s-staging-git-sync/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json b/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json index 2af22e18ce4..9a358aceb03 100644 --- a/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json +++ b/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-infra-tools/iam.json b/audit/projects/k8s-staging-infra-tools/iam.json index 8563df438d9..0acda17e444 100644 --- a/audit/projects/k8s-staging-infra-tools/iam.json +++ b/audit/projects/k8s-staging-infra-tools/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1017132094926@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-infra-tools/services/enabled.txt b/audit/projects/k8s-staging-infra-tools/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-infra-tools/services/enabled.txt +++ b/audit/projects/k8s-staging-infra-tools/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json b/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json index 513dbe6f7c5..eb853cc284d 100644 --- a/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json +++ b/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-ingress-nginx/iam.json b/audit/projects/k8s-staging-ingress-nginx/iam.json index 4f19f52f0d6..eab1a239c63 100644 --- a/audit/projects/k8s-staging-ingress-nginx/iam.json +++ b/audit/projects/k8s-staging-ingress-nginx/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:971199482687@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt b/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt +++ b/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json b/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json index 1be667af947..b4c1b805367 100644 --- a/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json +++ b/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-ingressconformance/iam.json b/audit/projects/k8s-staging-ingressconformance/iam.json index 29300951b3f..443c47263ec 100644 --- a/audit/projects/k8s-staging-ingressconformance/iam.json +++ b/audit/projects/k8s-staging-ingressconformance/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:320459285183@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-ingressconformance/services/enabled.txt b/audit/projects/k8s-staging-ingressconformance/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-ingressconformance/services/enabled.txt +++ b/audit/projects/k8s-staging-ingressconformance/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json b/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json index fc206fddf5e..a9db497aa43 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json +++ b/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/iam.json b/audit/projects/k8s-staging-k8s-gsm-tools/iam.json index 33bd43fb269..44506a3601e 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/iam.json +++ b/audit/projects/k8s-staging-k8s-gsm-tools/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1073099305721@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt b/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt +++ b/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json b/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json index 01292e3f913..1eb3a4b1908 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json +++ b/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kas-network-proxy/iam.json b/audit/projects/k8s-staging-kas-network-proxy/iam.json index 26bfcf5a3c5..7b0b54951ce 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/iam.json +++ b/audit/projects/k8s-staging-kas-network-proxy/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:670598002495@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt b/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt +++ b/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json b/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json index c599a5ba7bc..23121b0e51e 100644 --- a/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json +++ b/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kind/iam.json b/audit/projects/k8s-staging-kind/iam.json index 9255809dee0..731102c4451 100644 --- a/audit/projects/k8s-staging-kind/iam.json +++ b/audit/projects/k8s-staging-kind/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:220811308229@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kind/services/enabled.txt b/audit/projects/k8s-staging-kind/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kind/services/enabled.txt +++ b/audit/projects/k8s-staging-kind/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json b/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json index 7bf36fdd34b..7e14606bb72 100644 --- a/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json +++ b/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kops/iam.json b/audit/projects/k8s-staging-kops/iam.json index 4f57d815c8c..8d2960bc225 100644 --- a/audit/projects/k8s-staging-kops/iam.json +++ b/audit/projects/k8s-staging-kops/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:889470918518@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kops/services/enabled.txt b/audit/projects/k8s-staging-kops/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kops/services/enabled.txt +++ b/audit/projects/k8s-staging-kops/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json b/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json index 46160a0e600..a989eebc726 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json +++ b/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kube-state-metrics/iam.json b/audit/projects/k8s-staging-kube-state-metrics/iam.json index 98b3310ddd0..3a9485ef26a 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/iam.json +++ b/audit/projects/k8s-staging-kube-state-metrics/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1023797992882@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt b/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt +++ b/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json b/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json index 0c5028f020e..44a10cf3f66 100644 --- a/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json +++ b/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kubeadm/iam.json b/audit/projects/k8s-staging-kubeadm/iam.json index d5680b73d99..45ec9a127d3 100644 --- a/audit/projects/k8s-staging-kubeadm/iam.json +++ b/audit/projects/k8s-staging-kubeadm/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:487125676961@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kubeadm/services/enabled.txt b/audit/projects/k8s-staging-kubeadm/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kubeadm/services/enabled.txt +++ b/audit/projects/k8s-staging-kubeadm/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json b/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json index c79066ea28f..40532910dea 100644 --- a/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json +++ b/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kubernetes/iam.json b/audit/projects/k8s-staging-kubernetes/iam.json index 4a4961ce434..2e93a43576f 100644 --- a/audit/projects/k8s-staging-kubernetes/iam.json +++ b/audit/projects/k8s-staging-kubernetes/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:615281671549@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kubernetes/services/enabled.txt b/audit/projects/k8s-staging-kubernetes/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kubernetes/services/enabled.txt +++ b/audit/projects/k8s-staging-kubernetes/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json b/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json index 7a302a8dbed..2fcb27de03f 100644 --- a/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json +++ b/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kubetest2/iam.json b/audit/projects/k8s-staging-kubetest2/iam.json index c43c8310c04..09b42f475a5 100644 --- a/audit/projects/k8s-staging-kubetest2/iam.json +++ b/audit/projects/k8s-staging-kubetest2/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:4886069902@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kubetest2/services/enabled.txt b/audit/projects/k8s-staging-kubetest2/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kubetest2/services/enabled.txt +++ b/audit/projects/k8s-staging-kubetest2/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json b/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json index 4feb9e803f3..7d5a226aa55 100644 --- a/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json +++ b/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kustomize/iam.json b/audit/projects/k8s-staging-kustomize/iam.json index 2c94c990844..07c91591884 100644 --- a/audit/projects/k8s-staging-kustomize/iam.json +++ b/audit/projects/k8s-staging-kustomize/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:660796270509@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kustomize/services/enabled.txt b/audit/projects/k8s-staging-kustomize/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-kustomize/services/enabled.txt +++ b/audit/projects/k8s-staging-kustomize/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json b/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json index ba1cdb87288..7738d286487 100644 --- a/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json +++ b/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-metrics-server/iam.json b/audit/projects/k8s-staging-metrics-server/iam.json index c7d231447bb..6577c1bb116 100644 --- a/audit/projects/k8s-staging-metrics-server/iam.json +++ b/audit/projects/k8s-staging-metrics-server/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:229033024066@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-metrics-server/services/enabled.txt b/audit/projects/k8s-staging-metrics-server/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-metrics-server/services/enabled.txt +++ b/audit/projects/k8s-staging-metrics-server/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json b/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json index 6ca93a66087..54fb1e3c55e 100644 --- a/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json +++ b/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-mirror/iam.json b/audit/projects/k8s-staging-mirror/iam.json index 65759e58348..efc9e27447a 100644 --- a/audit/projects/k8s-staging-mirror/iam.json +++ b/audit/projects/k8s-staging-mirror/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:98327187586@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-mirror/services/enabled.txt b/audit/projects/k8s-staging-mirror/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-mirror/services/enabled.txt +++ b/audit/projects/k8s-staging-mirror/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json b/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json index 9cf215565a3..eecfd54841a 100644 --- a/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json +++ b/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-multitenancy/iam.json b/audit/projects/k8s-staging-multitenancy/iam.json index 3e242e02562..bb4fd6f766a 100644 --- a/audit/projects/k8s-staging-multitenancy/iam.json +++ b/audit/projects/k8s-staging-multitenancy/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:817922591645@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-multitenancy/services/enabled.txt b/audit/projects/k8s-staging-multitenancy/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-multitenancy/services/enabled.txt +++ b/audit/projects/k8s-staging-multitenancy/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json b/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json index 91e08b99a45..1adf650863b 100644 --- a/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json +++ b/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-networking/iam.json b/audit/projects/k8s-staging-networking/iam.json index 04ebe434d2f..0eebbfb0785 100644 --- a/audit/projects/k8s-staging-networking/iam.json +++ b/audit/projects/k8s-staging-networking/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:235137276492@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-networking/services/enabled.txt b/audit/projects/k8s-staging-networking/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-networking/services/enabled.txt +++ b/audit/projects/k8s-staging-networking/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json b/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json index 8c8d5b07855..051c91ba95b 100644 --- a/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json +++ b/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-nfd/iam.json b/audit/projects/k8s-staging-nfd/iam.json index 673b81533f9..f5ab2dde18b 100644 --- a/audit/projects/k8s-staging-nfd/iam.json +++ b/audit/projects/k8s-staging-nfd/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:5125544917@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-nfd/services/enabled.txt b/audit/projects/k8s-staging-nfd/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-nfd/services/enabled.txt +++ b/audit/projects/k8s-staging-nfd/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json b/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json index 5b89d8ec5b2..eb3fdd8f965 100644 --- a/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json +++ b/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-npd/iam.json b/audit/projects/k8s-staging-npd/iam.json index 8ffdd9d593d..363f5f1c11e 100644 --- a/audit/projects/k8s-staging-npd/iam.json +++ b/audit/projects/k8s-staging-npd/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:152738448582@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-npd/services/enabled.txt b/audit/projects/k8s-staging-npd/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-npd/services/enabled.txt +++ b/audit/projects/k8s-staging-npd/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json b/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json index 47613fa2c8e..b46007ffeb7 100644 --- a/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json +++ b/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-provider-aws/iam.json b/audit/projects/k8s-staging-provider-aws/iam.json index 353a9182530..4d94cb901bc 100644 --- a/audit/projects/k8s-staging-provider-aws/iam.json +++ b/audit/projects/k8s-staging-provider-aws/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:967205882988@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-provider-aws/services/enabled.txt b/audit/projects/k8s-staging-provider-aws/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-provider-aws/services/enabled.txt +++ b/audit/projects/k8s-staging-provider-aws/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json b/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json index 112053bd168..c3be80da2a5 100644 --- a/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json +++ b/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-provider-azure/iam.json b/audit/projects/k8s-staging-provider-azure/iam.json index af5acd58069..763f463b082 100644 --- a/audit/projects/k8s-staging-provider-azure/iam.json +++ b/audit/projects/k8s-staging-provider-azure/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:83539169056@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-provider-azure/services/enabled.txt b/audit/projects/k8s-staging-provider-azure/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-provider-azure/services/enabled.txt +++ b/audit/projects/k8s-staging-provider-azure/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json b/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json index f1a19dacfe7..40b74aeea1b 100644 --- a/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json +++ b/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-provider-openstack/iam.json b/audit/projects/k8s-staging-provider-openstack/iam.json index 2e51ad20178..d96daca3ad6 100644 --- a/audit/projects/k8s-staging-provider-openstack/iam.json +++ b/audit/projects/k8s-staging-provider-openstack/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:625174557286@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-provider-openstack/services/enabled.txt b/audit/projects/k8s-staging-provider-openstack/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-provider-openstack/services/enabled.txt +++ b/audit/projects/k8s-staging-provider-openstack/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json b/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json index e6d6eeab4f5..9016596f93b 100644 --- a/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json +++ b/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-publishing-bot/iam.json b/audit/projects/k8s-staging-publishing-bot/iam.json index d2fcbdff68b..5162dbb73ba 100644 --- a/audit/projects/k8s-staging-publishing-bot/iam.json +++ b/audit/projects/k8s-staging-publishing-bot/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:438481731081@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-publishing-bot/services/enabled.txt b/audit/projects/k8s-staging-publishing-bot/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-publishing-bot/services/enabled.txt +++ b/audit/projects/k8s-staging-publishing-bot/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json index abf141328c8..f9794c6e84c 100644 --- a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json +++ b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json @@ -29,7 +29,7 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +37,7 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json index 452dd81e2d3..f379524f99a 100644 --- a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json +++ b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json @@ -29,7 +29,14 @@ }, { "members": [ - "allUsers" + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com" + ], + "role": "roles/storage.objectCreator" + }, + { + "members": [ + "allUsers", + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" } diff --git a/audit/projects/k8s-staging-releng-test/iam.json b/audit/projects/k8s-staging-releng-test/iam.json index 7c2d0abba4f..7a089bb918a 100644 --- a/audit/projects/k8s-staging-releng-test/iam.json +++ b/audit/projects/k8s-staging-releng-test/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:86929635859@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], diff --git a/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json b/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json index a61fdcaf03d..21a9a504a0b 100644 --- a/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json +++ b/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json @@ -1,5 +1,5 @@ { - "displayName": "used by k8s-infra-prow-build to trigger GCB, write to GCR for k8s-staging-releng-test", + "displayName": "used by prow to use GCB, write to GCR and GCS for k8s-staging-releng-test", "email": "gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "name": "projects/k8s-staging-releng-test/serviceAccounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "oauth2ClientId": "106077646816281830376", diff --git a/audit/projects/k8s-staging-releng-test/services/enabled.txt b/audit/projects/k8s-staging-releng-test/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-releng-test/services/enabled.txt +++ b/audit/projects/k8s-staging-releng-test/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json b/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json index 8aea9d8c951..b1425b08f13 100644 --- a/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json +++ b/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-releng/iam.json b/audit/projects/k8s-staging-releng/iam.json index f536b1323e7..e83b2f3d61e 100644 --- a/audit/projects/k8s-staging-releng/iam.json +++ b/audit/projects/k8s-staging-releng/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:117157742389@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-releng/services/enabled.txt b/audit/projects/k8s-staging-releng/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-releng/services/enabled.txt +++ b/audit/projects/k8s-staging-releng/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json b/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json index 68c2c599244..75e6347f945 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json +++ b/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-scheduler-plugins/iam.json b/audit/projects/k8s-staging-scheduler-plugins/iam.json index b2ae542ea4d..9fc8a4c982e 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/iam.json +++ b/audit/projects/k8s-staging-scheduler-plugins/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:96918712006@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt b/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt +++ b/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json b/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json index 2961275200c..29483541208 100644 --- a/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json +++ b/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-scl-image-builder/iam.json b/audit/projects/k8s-staging-scl-image-builder/iam.json index 9609375bb29..209f0507507 100644 --- a/audit/projects/k8s-staging-scl-image-builder/iam.json +++ b/audit/projects/k8s-staging-scl-image-builder/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:974299031321@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt b/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt +++ b/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json b/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json index aa7a5c0b6a1..b24a75ff4e3 100644 --- a/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json +++ b/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-sig-docs/iam.json b/audit/projects/k8s-staging-sig-docs/iam.json index 937f48e7d5a..000391ac946 100644 --- a/audit/projects/k8s-staging-sig-docs/iam.json +++ b/audit/projects/k8s-staging-sig-docs/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:563253410071@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-sig-docs/services/enabled.txt b/audit/projects/k8s-staging-sig-docs/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-sig-docs/services/enabled.txt +++ b/audit/projects/k8s-staging-sig-docs/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json b/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json index 9b45e02849f..b6d893b6ae2 100644 --- a/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json +++ b/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-sig-storage/iam.json b/audit/projects/k8s-staging-sig-storage/iam.json index 8d770e85ca2..26301077021 100644 --- a/audit/projects/k8s-staging-sig-storage/iam.json +++ b/audit/projects/k8s-staging-sig-storage/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:272675062337@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-sig-storage/services/enabled.txt b/audit/projects/k8s-staging-sig-storage/services/enabled.txt index 661451636fa..0d782aac9a4 100644 --- a/audit/projects/k8s-staging-sig-storage/services/enabled.txt +++ b/audit/projects/k8s-staging-sig-storage/services/enabled.txt @@ -4,7 +4,6 @@ cloudkms.googleapis.com Cloud Key Management Service (KMS) API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API oslogin.googleapis.com Cloud OS Login API pubsub.googleapis.com Cloud Pub/Sub API diff --git a/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json b/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json index 49d89cace98..c1b210b6a58 100644 --- a/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json +++ b/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-slack-infra/iam.json b/audit/projects/k8s-staging-slack-infra/iam.json index 7e83874d391..8ddaedf09d5 100644 --- a/audit/projects/k8s-staging-slack-infra/iam.json +++ b/audit/projects/k8s-staging-slack-infra/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:470681440884@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-slack-infra/services/enabled.txt b/audit/projects/k8s-staging-slack-infra/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-slack-infra/services/enabled.txt +++ b/audit/projects/k8s-staging-slack-infra/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json b/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json index d7371a077e5..6622b496898 100644 --- a/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json +++ b/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-sp-operator/iam.json b/audit/projects/k8s-staging-sp-operator/iam.json index 52b2405293e..511aa451bb2 100644 --- a/audit/projects/k8s-staging-sp-operator/iam.json +++ b/audit/projects/k8s-staging-sp-operator/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:448637284062@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-sp-operator/services/enabled.txt b/audit/projects/k8s-staging-sp-operator/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-sp-operator/services/enabled.txt +++ b/audit/projects/k8s-staging-sp-operator/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json b/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json index 9de62f480c2..85bc4eb2965 100644 --- a/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json +++ b/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-storage-migrator/iam.json b/audit/projects/k8s-staging-storage-migrator/iam.json index 27532142d13..3a15f666b23 100644 --- a/audit/projects/k8s-staging-storage-migrator/iam.json +++ b/audit/projects/k8s-staging-storage-migrator/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:687417645981@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" @@ -44,12 +43,6 @@ ], "role": "roles/editor" }, - { - "members": [ - "user:davanum@gmail.com" - ], - "role": "roles/owner" - }, { "members": [ "group:k8s-infra-staging-storage-migrator@kubernetes.io" diff --git a/audit/projects/k8s-staging-storage-migrator/services/enabled.txt b/audit/projects/k8s-staging-storage-migrator/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-storage-migrator/services/enabled.txt +++ b/audit/projects/k8s-staging-storage-migrator/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json b/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json index e24020c3b6f..27f61d40787 100644 --- a/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json +++ b/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-test-infra/iam.json b/audit/projects/k8s-staging-test-infra/iam.json index 14303ace7d2..7a3fd7f20a2 100644 --- a/audit/projects/k8s-staging-test-infra/iam.json +++ b/audit/projects/k8s-staging-test-infra/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:958928310150@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-test-infra/services/enabled.txt b/audit/projects/k8s-staging-test-infra/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-test-infra/services/enabled.txt +++ b/audit/projects/k8s-staging-test-infra/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json b/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json index 1001451eeff..1bbe6d07575 100644 --- a/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json +++ b/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-txtdirect/iam.json b/audit/projects/k8s-staging-txtdirect/iam.json index e949794f651..b5108f0c073 100644 --- a/audit/projects/k8s-staging-txtdirect/iam.json +++ b/audit/projects/k8s-staging-txtdirect/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:662592719730@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-txtdirect/services/enabled.txt b/audit/projects/k8s-staging-txtdirect/services/enabled.txt index 30cdd842f18..0a7832adcd8 100644 --- a/audit/projects/k8s-staging-txtdirect/services/enabled.txt +++ b/audit/projects/k8s-staging-txtdirect/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API