Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit: redo organizations, storage-api and add container/clusters, logging, monitoring #2102

Merged
merged 8 commits into from
May 27, 2021
Merged

audit: redo organizations, storage-api and add container/clusters, logging, monitoring #2102

merged 8 commits into from
May 27, 2021

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented May 26, 2021
edited
Loading

This is part of a series of PRs:

Now that #2099 has deployed, the audit job should be able to export more resources. Take a crack at logging and monitoring with this PR.

Makes the following layout changes / resource additions by service type

  • organizations:
    • mv org_kubenetes.io to organizations/kubernetes.io
    • add organizations/kubernetes.io/description.json
  • containers:
    • rm projects/{project}/services/container/clusters.txt
    • addprojects/{project}/sevices/container/clusters/{cluster}.json
  • logging:
    • add projects/{project}/services/logging/logs.json
    • add projects/{project}/services/logging/metrics.json
    • add projects/{project}/services/logging/sinks.json
  • monitoring:
    • add projects/{project}/services/monitoring/dashboards/{dashboard}.json
  • storage-api:
    • reduce gsutil calls by listing buckets, avoiding specific configurations unless present
    • add projects/{project}/buckets/{bucket}/metadata.txt
    • add projects/{project}/buckets/{bucket}/logging.json (if configured)
    • add projects/{project}/buckets/{bucket}/lifecycle.json (if configured)
    • add projects/{project}/buckets/{bucket}/retention.json (if configured)
    • rm projects/{project}/buckets/{bucket}/bucketpolicyonly.txt (now redundant given metadata.txt)
    • rm projects/{project}/buckets/{bucket}/cors.txt (now redundant given metadata.txt)
    • rm projects/{project}/buckets/{bucket}/logging.txt (now redundant given logging.json, metadata.txt)

The actual migration to the new format is in followup PR #2103

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels May 26, 2021
@k8s-ci-robot k8s-ci-robot requested review from nikhita and thockin May 26, 2021 19:51
@k8s-ci-robot k8s-ci-robot added area/audit Audit of project resources, audit followup issues, code in audit/ wg/k8s-infra approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 26, 2021
This was referenced May 26, 2021
Closed
Merged
@spiffxp spiffxp force-pushed the audit-add-services branch from ca29784 to b46e46e Compare May 26, 2021 21:34
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels May 26, 2021
@spiffxp spiffxp mentioned this pull request May 26, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented May 26, 2021

/cc @dims @hh

@k8s-ci-robot k8s-ci-robot requested review from dims and hh May 26, 2021 21:37
@spiffxp
Copy link
Member Author

spiffxp commented May 26, 2021

/hold
taking another crack at making this more digestible, and I found at least one bug

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 26, 2021
@spiffxp spiffxp force-pushed the audit-add-services branch 2 times, most recently from 608cb26 to 94903bb Compare May 27, 2021 02:05
@spiffxp spiffxp changed the title audit: fix ci, redo storage-api, add clusters, logging, monitoring audit: redo organizations, storage-api and add container/clusters, logging, monitoring May 27, 2021
spiffxp added 8 commits May 26, 2021 22:29
@spiffxp
audit: unbreak ci runs of audit
5cb1a86 
Fix a few bugs that were introduced by the last PR:

- prevent bq from aborting audit script early
- fix leftover variable name from refactor
- avoid importing infra/gcp/lib.sh since it automatically looks for yq,
  which is not in the image used by the job that runs this script
@spiffxp
audit: add create-or-update-audit-pr.sh
ef43779 
This is mostly a straight copy-paste of the bash-script embedded in the
ci-k8sio-audit job defined in:

- repo: https://github.com/kubernetes/test-infra
- sha: 624c7344bdb56bd25e119a8b1ccc284939861938
- file: config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml

Added boilerplate header, comments up top, and put line breaks in
between each block of code beginning with an echo statement
@spiffxp
audit: export org to new path, add migration
4d9d4d4 
Export to audit/organizations/kubernetes.io/...

Add a migrate_audit_format function that commits a migration from old
format to new. Hoping this makes it easier to follow changes during
review
@spiffxp
audit: style: dry up paths
47a20a8
@spiffxp
audit: add support for container clusters
bec9b13 
include migration code to move to new format
@spiffxp
audit: redo support for storage-api
5a3d13f 
Try to make bucket auditing faster by avoiding multiple gsutil calls for
each possible setting; only make them if they're not the default
setting.

Add support for auditing lifecycle and retention configurations if
present.
@spiffxp
audit: add support for logging service
fd7f183
@spiffxp
audit: add support for monitoring service
1f47041
@spiffxp spiffxp force-pushed the audit-add-services branch from 94903bb to 1f47041 Compare May 27, 2021 02:32
@spiffxp spiffxp mentioned this pull request May 27, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented May 27, 2021

/hold
At this point I'm happy with it; holding for #2104 to merge

@spiffxp
Copy link
Member Author

spiffxp commented May 27, 2021
edited
Loading

/hold cancel
#2104 has merged

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 27, 2021
@spiffxp
Copy link
Member Author

spiffxp commented May 27, 2021

It might also be easier to instead merge #2103 which will close this out as well

cpanato
cpanato approved these changes May 27, 2021
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 27, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 2d31c65 into kubernetes:main May 27, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone May 27, 2021
@spiffxp spiffxp deleted the audit-add-services branch May 27, 2021 20:09
@spiffxp spiffxp mentioned this pull request May 28, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@nikhita nikhita Awaiting requested review from nikhita

@thockin thockin Awaiting requested review from thockin

@dims dims Awaiting requested review from dims

@hh hh Awaiting requested review from hh

Assignees

@cpanato cpanato

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/audit Audit of project resources, audit followup issues, code in audit/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.
3 participants
@spiffxp @k8s-ci-robot @cpanato