Skip to content

audit as of 2020-02-17 #1676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
spiffxp wants to merge 18 commits into from
Closed

audit as of 2020-02-17 #1676

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
a9efe55
audit: add psharma to org admins
spiffxp Feb 16, 2021
f8a9628
audit: add psharma as owner to kubernetes-public
spiffxp Feb 18, 2021
f0d0b63
audit: update gcp-auditor org-scoped roles
spiffxp Feb 16, 2021
98667b8
audit: add XPN_SERVICE_PROJECTS quota
spiffxp Feb 18, 2021
a3f2812
audit: add k8s-staging-releng-test
spiffxp Feb 18, 2021
a25f038
audit: add k8s-staging-provider-openstack
spiffxp Feb 18, 2021
619e515
audit: add k8s-staging-experimental
spiffxp Feb 18, 2021
acfc2fd
audit: remove windows-remote-docker secrets
spiffxp Feb 18, 2021
96f3b66
audit: add cncf-ci-github-token secret
spiffxp Feb 18, 2021
f56650d
audit: remove k8s-staging-e2e-test
spiffxp Feb 18, 2021
5552dae
audit: remove k8s-artifacts-prod-vulndash bucket
spiffxp Feb 18, 2021
176f6e3
audit: setup k8s-conform for provider-openstack
spiffxp Feb 18, 2021
95d847e
audit: enable GCR for e2e projects
spiffxp Feb 18, 2021
0ec345d
audit: evidence of some e2e projects using GCR
spiffxp Feb 18, 2021
a4b8700
audit: QQ add kubernetes-staging buckets to e2e projects
spiffxp Feb 18, 2021
ac803bc
audit: gke cluster maintenance noise
spiffxp Feb 18, 2021
2e29d26
audit: dns service appears to have dropped a quota
spiffxp Feb 18, 2021
b7d200f
audit: WELP I deleted a thing I shouldn't have
spiffxp Feb 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
7 changes: 7 additions & 0 deletions audit/org_kubernetes.io/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
"group:k8s-infra-gcp-org-admins@kubernetes.io",
"user:domain-admin-lf@kubernetes.io",
"user:ihor@cncf.io",
"user:psharma@linuxfoundation.org",
"user:spiffxp@google.com",
"user:thockin@google.com",
"user:twaggoner@linuxfoundation.org"
Expand All @@ -96,6 +97,12 @@
],
"role": "roles/resourcemanager.projectDeleter"
},
{
"members": [
"group:k8s-infra-gcp-auditors@kubernetes.io"
],
"role": "roles/secretmanager.viewer"
},
{
"members": [
"group:k8s-infra-gcp-org-admins@kubernetes.io"
Expand Down
4 changes: 4 additions & 0 deletions audit/projects/k8s-artifacts-prod-bak/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
4 changes: 0 additions & 4 deletions ...rojects/k8s-artifacts-prod/buckets/k8s-artifacts-prod-vuln-dashboard/bucketpolicyonly.txt
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion audit/projects/k8s-artifacts-prod/buckets/k8s-artifacts-prod-vuln-dashboard/cors.txt
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion audit/projects/k8s-artifacts-prod/buckets/k8s-artifacts-prod-vuln-dashboard/logging.txt
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions audit/projects/k8s-artifacts-prod/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
},
{
"members": [
"serviceAccount:k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com"
"deleted:serviceAccount:k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com?uid=111422293292441494221"
Copy link
Copy Markdown
Member

@thockin thockin Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yikes! With great power...

Copy link
Copy Markdown
Contributor Author

@spiffxp spiffxp Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this was me #1730

],
"role": "roles/errorreporting.writer"
},
Expand All @@ -54,7 +54,7 @@
},
{
"members": [
"serviceAccount:k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com"
"deleted:serviceAccount:k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com?uid=111422293292441494221"
],
"role": "roles/logging.logWriter"
},
Expand Down
8 changes: 0 additions & 8 deletions ...ccounts/k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com/description.json
View file
Open in desktop

This file was deleted.

11 changes: 0 additions & 11 deletions ...ervice-accounts/k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com/iam.json
View file
Open in desktop

This file was deleted.

4 changes: 4 additions & 0 deletions audit/projects/k8s-artifacts-prod/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
4 changes: 4 additions & 0 deletions audit/projects/k8s-cip-test-prod/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
4 changes: 4 additions & 0 deletions audit/projects/k8s-conform/buckets/k8s-conform-provider-openstack/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Bucket Policy Only setting for gs://k8s-conform-provider-openstack:
Copy link
Copy Markdown
Member

@thockin thockin Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see no trace of this in the codebase? Why does it exist?

Copy link
Copy Markdown
Member

@thockin thockin Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dims 2/15/21

Explain?

Copy link
Copy Markdown
Member

@dims dims Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like we have a bunch of these. i only run scripts, i don't know enough to meddle in the UI :) I believe i was re-running some of the conform buckets

[dims@dims-a01 07:15] ~/go/src/k8s.io/k8s.io ⟩ rg -i "Bucket Policy Only" | wc -l
     244

In this instance i think i was trying to re-run scripts again to see how to help with:
kubernetes/test-infra#20914

Copy link
Copy Markdown
Member

@dims dims Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/kubernetes/k8s.io/pull/1676/files/5552daee41483e00b09c7ad5b1c57d699ab9848d..176f6e37790b71ce30ef9b57ddf78804abdfe1b3#r585516339

Copy link
Copy Markdown
Contributor Author

@spiffxp spiffxp Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ultimately I would like for us to have this enabled across the org, and enforced via an org policy

per-object ACLs are much trickier to audit and enforce

Copy link
Copy Markdown
Member

@thockin thockin Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, my point in tagging @dims was that I can't find any trace of these projects in git. Did someone forget to send a PR?

Copy link
Copy Markdown
Member

@dims dims Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i know we cleaned some stuff up in:
#1311 (comment)

Only reference to k8s-conform-provider-openstack i can find is:
theopenlab/openlab#691

may be @chrigl knows more?

Copy link
Copy Markdown
Contributor Author

@spiffxp spiffxp Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thockin it is in the codebase

Copy link
Copy Markdown
Member

@thockin thockin Mar 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I apologize. I got bitten by master/main - I had not resynced this copy in a while and was trying to sync master and not noticing that it failed.

Indeed, it is in the tree. Mea culpa, my apologies.

Enabled: True
LockedTime: 2021-05-16 15:12:16.571000+00:00

1 change: 1 addition & 0 deletions audit/projects/k8s-conform/buckets/k8s-conform-provider-openstack/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://k8s-conform-provider-openstack/ has no CORS configuration.
39 changes: 39 additions & 0 deletions audit/projects/k8s-conform/buckets/k8s-conform-provider-openstack/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"bindings": [
{
"members": [
"group:k8s-infra-artifact-admins@kubernetes.io",
"projectEditor:k8s-conform",
"projectOwner:k8s-conform"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:k8s-conform"
],
"role": "roles/storage.legacyBucketReader"
},
{
"members": [
"group:k8s-infra-conform-provider-openstack@kubernetes.io",
"serviceAccount:service-provider-openstack@k8s-conform.iam.gserviceaccount.com"
],
"role": "roles/storage.legacyBucketWriter"
},
{
"members": [
"group:k8s-infra-artifact-admins@kubernetes.io",
"group:k8s-infra-conform-provider-openstack@kubernetes.io",
"serviceAccount:service-provider-openstack@k8s-conform.iam.gserviceaccount.com"
],
"role": "roles/storage.objectAdmin"
},
{
"members": [
"allUsers"
],
"role": "roles/storage.objectViewer"
}
]
}
1 change: 1 addition & 0 deletions audit/projects/k8s-conform/buckets/k8s-conform-provider-openstack/logging.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://k8s-conform-provider-openstack/ has no logging configuration.
7 changes: 7 additions & 0 deletions audit/projects/k8s-conform/secrets/service-provider-openstack-key/description.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"createTime": "2021-02-15T15:18:08.840992Z",
"name": "projects/228988630781/secrets/service-provider-openstack-key",
"replication": {
"automatic": {}
}
}
2 changes: 1 addition & 1 deletion ...s/windows-remote-docker_cert-pem/iam.json → ...s/service-provider-openstack-key/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"bindings": [
{
"members": [
"serviceAccount:456067983721@cloudbuild.gserviceaccount.com"
"group:k8s-infra-conform-provider-openstack@kubernetes.io"
],
"role": "roles/secretmanager.secretAccessor"
}
Expand Down
10 changes: 10 additions & 0 deletions audit/projects/k8s-conform/secrets/service-provider-openstack-key/versions.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[
{
"createTime": "2021-02-15T15:18:09.874889Z",
"name": "projects/228988630781/secrets/service-provider-openstack-key/versions/1",
"replicationStatus": {
"automatic": {}
},
"state": "ENABLED"
}
]
8 changes: 8 additions & 0 deletions ...-accounts/service-provider-openstack@k8s-conform.iam.gserviceaccount.com/description.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"displayName": "service-provider-openstack",
"email": "service-provider-openstack@k8s-conform.iam.gserviceaccount.com",
"name": "projects/k8s-conform/serviceAccounts/service-provider-openstack@k8s-conform.iam.gserviceaccount.com",
"oauth2ClientId": "114482259319052246948",
"projectId": "k8s-conform",
"uniqueId": "114482259319052246948"
}
1 change: 1 addition & 0 deletions .../service-accounts/service-provider-openstack@k8s-conform.iam.gserviceaccount.com/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
4 changes: 4 additions & 0 deletions audit/projects/k8s-conform/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
4 changes: 4 additions & 0 deletions audit/projects/k8s-gcr-audit-test-prod/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
4 changes: 4 additions & 0 deletions audit/projects/k8s-gcr-backup-test-prod-bak/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
3 changes: 3 additions & 0 deletions .../k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-asia/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bucket Policy Only setting for gs://kubernetes-staging-485128143e-asia:
Copy link
Copy Markdown
Member

@thockin thockin Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is why test SAs shouldn't be able to make new buckets, I guess? How do we root cause it?

Copy link
Copy Markdown
Contributor Author

@spiffxp spiffxp Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Covered this in #1664 (comment)

I'll open a followup issue for how to avoid these growing unbounded

Enabled: False

1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-asia/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-485128143e-asia/ has no CORS configuration.
17 changes: 17 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-asia/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"bindings": [
{
"members": [
"projectEditor:k8s-infra-e2e-boskos-001",
"projectOwner:k8s-infra-e2e-boskos-001"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:k8s-infra-e2e-boskos-001"
],
"role": "roles/storage.legacyBucketReader"
}
]
}
1 change: 1 addition & 0 deletions .../projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-asia/logging.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-485128143e-asia/ has no logging configuration.
3 changes: 3 additions & 0 deletions ...ts/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-eu/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bucket Policy Only setting for gs://kubernetes-staging-485128143e-eu:
Enabled: False

1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-eu/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-485128143e-eu/ has no CORS configuration.
17 changes: 17 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-eu/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"bindings": [
{
"members": [
"projectEditor:k8s-infra-e2e-boskos-001",
"projectOwner:k8s-infra-e2e-boskos-001"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:k8s-infra-e2e-boskos-001"
],
"role": "roles/storage.legacyBucketReader"
}
]
}
1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e-eu/logging.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-485128143e-eu/ has no logging configuration.
3 changes: 3 additions & 0 deletions ...jects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bucket Policy Only setting for gs://kubernetes-staging-485128143e:
Enabled: False

1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-485128143e/ has no CORS configuration.
17 changes: 17 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"bindings": [
{
"members": [
"projectEditor:k8s-infra-e2e-boskos-001",
"projectOwner:k8s-infra-e2e-boskos-001"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:k8s-infra-e2e-boskos-001"
],
"role": "roles/storage.legacyBucketReader"
}
]
}
1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/buckets/kubernetes-staging-485128143e/logging.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-485128143e/ has no logging configuration.
6 changes: 6 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
],
"role": "roles/compute.serviceAgent"
},
{
"members": [
"serviceAccount:service-271867469224@containerregistry.iam.gserviceaccount.com"
],
"role": "roles/containerregistry.ServiceAgent"
},
{
"members": [
"serviceAccount:271867469224-compute@developer.gserviceaccount.com",
Expand Down
4 changes: 4 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/services/compute/project-info.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,10 @@
"limit": 200,
"metric": "SECURITY_POLICY_RULES"
},
{
"limit": 1000,
"metric": "XPN_SERVICE_PROJECTS"
},
{
"limit": 150,
"metric": "PACKET_MIRRORINGS"
Expand Down
3 changes: 3 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-001/services/enabled.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
NAME TITLE
compute.googleapis.com Compute Engine API
containerregistry.googleapis.com Container Registry API
Copy link
Copy Markdown
Member

@thockin thockin Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this scripted? Who will ultimately clean these up?

Copy link
Copy Markdown
Contributor Author

@spiffxp spiffxp Mar 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how to cleanup will be followed up in #1675

Yes this is scripted: https://github.com/kubernetes/k8s.io/blob/main/infra/gcp/prow/ensure-e2e-projects.sh

This was added via #1536

logging.googleapis.com Cloud Logging API
monitoring.googleapis.com Cloud Monitoring API
oslogin.googleapis.com Cloud OS Login API
pubsub.googleapis.com Cloud Pub/Sub API
storage-api.googleapis.com Google Cloud Storage JSON API
storage-component.googleapis.com Cloud Storage
3 changes: 3 additions & 0 deletions .../k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-asia/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bucket Policy Only setting for gs://kubernetes-staging-1057edcb61-asia:
Enabled: False

1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-asia/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-1057edcb61-asia/ has no CORS configuration.
17 changes: 17 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-asia/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"bindings": [
{
"members": [
"projectEditor:k8s-infra-e2e-boskos-002",
"projectOwner:k8s-infra-e2e-boskos-002"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:k8s-infra-e2e-boskos-002"
],
"role": "roles/storage.legacyBucketReader"
}
]
}
1 change: 1 addition & 0 deletions .../projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-asia/logging.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-1057edcb61-asia/ has no logging configuration.
3 changes: 3 additions & 0 deletions ...ts/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-eu/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bucket Policy Only setting for gs://kubernetes-staging-1057edcb61-eu:
Enabled: False

1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-eu/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-1057edcb61-eu/ has no CORS configuration.
17 changes: 17 additions & 0 deletions audit/projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-eu/iam.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"bindings": [
{
"members": [
"projectEditor:k8s-infra-e2e-boskos-002",
"projectOwner:k8s-infra-e2e-boskos-002"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:k8s-infra-e2e-boskos-002"
],
"role": "roles/storage.legacyBucketReader"
}
]
}
1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61-eu/logging.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-1057edcb61-eu/ has no logging configuration.
3 changes: 3 additions & 0 deletions ...jects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61/bucketpolicyonly.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bucket Policy Only setting for gs://kubernetes-staging-1057edcb61:
Enabled: False

1 change: 1 addition & 0 deletions audit/projects/k8s-infra-e2e-boskos-002/buckets/kubernetes-staging-1057edcb61/cors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
gs://kubernetes-staging-1057edcb61/ has no CORS configuration.
Loading