Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update audit #848

Merged
merged 14 commits into from
May 9, 2020
Merged

Update audit #848

merged 14 commits into from
May 9, 2020

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented May 6, 2020
edited
Loading

I would not recommend trying to review all files at once.

This was primarily intended to pick up everything from #830 (prow build clusters and related infra), and demonstrate that #806 (prototype prow build cluster) has nothing hanging around (most of which was picked up from unmerged audit #807)

This picks up:

and then two commits at the end where I'm not entirely sure what happened

spiffxp added 14 commits May 6, 2020 16:50
@spiffxp
audit: remove fingerprint from project-info
e849e22
@spiffxp
audit: give gcb-builder svcacct permissions
66e9153 
same permissions as deployer@k8s-prow
@spiffxp
audit: add legacyBucketWriter role to staging gcs
5f35344 
and a few gcb-builder stragglers
@spiffxp
audit: use gcloud secrets for k8s-gsuite
1131015 
the groups reconciler now gets the service account it needs to do its
thing from a secret stored in this project, instead of git-crypt
@spiffxp
audit: add k8s-staging-infra-tools
8c9eee6
@spiffxp
audit: add k8s-staging-slack-infra
b40867a
@spiffxp
audit: turn down dev2 cluster
9bf417c
@spiffxp
audit: add k8s-infra-prow-build
9a336cf
@spiffxp
audit: add k8s-infra-prow-build-trusted
d9fd1ae
@spiffxp
audit: add k8s-infra-e2e-* gcp projects
dd9e0a5 
created via ensure-e2e-projects.sh
@spiffxp
audit: add k8s-infra-gcp-auditor svcacct
0b4c81b
@spiffxp
audit: refresh ssh keys for kubernetes-public
f29a0be 
sshKeys: deleted dev2 cluster

ssh-keys: accidental deletion, but they expired so not replacing
@spiffxp
audit: refresh k8s-staging-kube-state-metrics?
90bddd2 
this looks like a full run of ensure-staging-storage.sh refresh some
things for this bucket, or maybe previous audits missed this bucket
@spiffxp
audit: someone enabled gke for this project?
5dc1917
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/audit Audit of project resources, audit followup issues, code in audit/ labels May 6, 2020
@k8s-ci-robot k8s-ci-robot added wg/k8s-infra approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 6, 2020
@spiffxp spiffxp mentioned this pull request May 7, 2020
Merged
@spiffxp
Copy link
Member Author

spiffxp commented May 7, 2020

/cc @thockin

@k8s-ci-robot k8s-ci-robot requested a review from thockin May 7, 2020 00:38
thockin
thockin reviewed May 7, 2020
View reviewed changes
audit/projects/k8s-staging-csi/services/enabled.txt
@@ -8,8 +8,11 @@ clouddebugger.googleapis.com Cloud Debugger API
cloudkms.googleapis.com Cloud Key Management Service (KMS) API
cloudtrace.googleapis.com Cloud Trace API
compute.googleapis.com Compute Engine API
container.googleapis.com Kubernetes Engine API
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was @dims. It's sadly easy to enable just by clicking the UI wrong. Not harmful, but I manually reverted this anyway.

We need Hourly runs of audit and PRs :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoa! Sorry again

@thockin
Copy link
Member

thockin commented May 7, 2020

The legacy bucket writer stuff is odd. Activity shows it was you on April 30, 2020 at 10:20:48 PM GMT-7

@dims
Copy link
Member

dims commented May 7, 2020

Glad we have this to keep us honest! :)

@spiffxp
Copy link
Member Author

spiffxp commented May 7, 2020
edited
Loading

@thockin

The legacy bucket writer stuff is odd. Activity shows it was you on April 30, 2020 at 10:20:48 PM GMT-7

I don't have the history to prove when I ran it, but I suspect I ran ./ensure-staging-storage.sh to hit all buckets, and this was likely after some refactoring you had done (I just couldn't identify the PR)

@spiffxp
Copy link
Member Author

spiffxp commented May 7, 2020

Are we fine merging this as is and having a followup audit catch us cleaning up?

@dims
Copy link
Member

dims commented May 7, 2020

Sounds good @spiffxp !

@dims
Copy link
Member

dims commented May 7, 2020

/approve
/lgtm

/hold for @thockin

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 7, 2020
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 7, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@spiffxp
Copy link
Member Author

spiffxp commented May 9, 2020
edited
Loading

/hold cancel
(spoke with @thockin offline)

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 9, 2020
@k8s-ci-robot k8s-ci-robot merged commit d3a4194 into kubernetes:master May 9, 2020
@spiffxp spiffxp deleted the audit-update branch May 9, 2020 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thockin thockin thockin left review comments

@bartsmykla bartsmykla Awaiting requested review from bartsmykla

@dims dims Awaiting requested review from dims

Assignees

@dims dims

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/audit Audit of project resources, audit followup issues, code in audit/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@spiffxp @thockin @dims @k8s-ci-robot