partial-audit: k8s-staging-* update as of 2021-02-24

audit/projects/k8s-staging-artifact-promoter/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-capi-docker/iam.json

@@ -20,6 +20,12 @@
       ],
       "role": "roles/cloudbuild.serviceAgent"
     },
+    {
+      "members": [
+        "serviceAccount:service-44019431644@compute-system.iam.gserviceaccount.com"
+      ],
+      "role": "roles/compute.serviceAgent"
+    },
     {
       "members": [
         "serviceAccount:service-44019431644@container-analysis.iam.gserviceaccount.com"
@@ -40,6 +46,8 @@
     },
     {
       "members": [
+        "serviceAccount:44019431644-compute@developer.gserviceaccount.com",
+        "serviceAccount:44019431644@cloudservices.gserviceaccount.com",
         "serviceAccount:service-44019431644@containerregistry.iam.gserviceaccount.com"
       ],
       "role": "roles/editor"

audit/projects/k8s-staging-capi-docker/service-accounts/44019431644-compute@developer.gserviceaccount.com/description.json

@@ -0,0 +1,8 @@
+{
+  "displayName": "Compute Engine default service account",
+  "email": "44019431644-compute@developer.gserviceaccount.com",
+  "name": "projects/k8s-staging-capi-docker/serviceAccounts/44019431644-compute@developer.gserviceaccount.com",
+  "oauth2ClientId": "108793772350733493223",
+  "projectId": "k8s-staging-capi-docker",
+  "uniqueId": "108793772350733493223"
+}

audit/projects/k8s-staging-capi-docker/service-accounts/44019431644-compute@developer.gserviceaccount.com/iam.json

@@ -0,0 +1 @@
+{}

audit/projects/k8s-staging-capi-docker/services/compute/project-info.json

@@ -0,0 +1,167 @@
+{
+  "commonInstanceMetadata": {
+    "kind": "compute#metadata"
+  },
+  "creationTimestamp": "2021-02-16T16:34:10.559-08:00",
+  "defaultNetworkTier": "PREMIUM",
+  "defaultServiceAccount": "44019431644-compute@developer.gserviceaccount.com",
+  "id": "1894482911793633901",
+  "kind": "compute#project",
+  "name": "k8s-staging-capi-docker",
+  "quotas": [
+    {
+      "limit": 10000,
+      "metric": "SNAPSHOTS"
+    },
+    {
+      "limit": 30,
+      "metric": "NETWORKS"
+    },
+    {
+      "limit": 500,
+      "metric": "FIREWALLS"
+    },
+    {
+      "limit": 5000,
+      "metric": "IMAGES"
+    },
+    {
+      "limit": 175,
+      "metric": "STATIC_ADDRESSES"
+    },
+    {
+      "limit": 300,
+      "metric": "ROUTES"
+    },
+    {
+      "limit": 150,
+      "metric": "FORWARDING_RULES"
+    },
+    {
+      "limit": 500,
+      "metric": "TARGET_POOLS"
+    },
+    {
+      "limit": 500,
+      "metric": "HEALTH_CHECKS"
+    },
+    {
+      "limit": 575,
+      "metric": "IN_USE_ADDRESSES"
+    },
+    {
+      "limit": 500,
+      "metric": "TARGET_INSTANCES"
+    },
+    {
+      "limit": 100,
+      "metric": "TARGET_HTTP_PROXIES"
+    },
+    {
+      "limit": 100,
+      "metric": "URL_MAPS"
+    },
+    {
+      "limit": 30,
+      "metric": "BACKEND_SERVICES"
+    },
+    {
+      "limit": 1000,
+      "metric": "INSTANCE_TEMPLATES"
+    },
+    {
+      "limit": 50,
+      "metric": "TARGET_VPN_GATEWAYS"
+    },
+    {
+      "limit": 100,
+      "metric": "VPN_TUNNELS"
+    },
+    {
+      "limit": 30,
+      "metric": "BACKEND_BUCKETS"
+    },
+    {
+      "limit": 20,
+      "metric": "ROUTERS"
+    },
+    {
+      "limit": 100,
+      "metric": "TARGET_SSL_PROXIES"
+    },
+    {
+      "limit": 100,
+      "metric": "TARGET_HTTPS_PROXIES"
+    },
+    {
+      "limit": 100,
+      "metric": "SSL_CERTIFICATES"
+    },
+    {
+      "limit": 275,
+      "metric": "SUBNETWORKS"
+    },
+    {
+      "limit": 100,
+      "metric": "TARGET_TCP_PROXIES"
+    },
+    {
+      "limit": 10,
+      "metric": "SECURITY_POLICIES"
+    },
+    {
+      "limit": 200,
+      "metric": "SECURITY_POLICY_RULES"
+    },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
+    {
+      "limit": 150,
+      "metric": "PACKET_MIRRORINGS"
+    },
+    {
+      "limit": 1000,
+      "metric": "NETWORK_ENDPOINT_GROUPS"
+    },
+    {
+      "limit": 6,
+      "metric": "INTERCONNECTS"
+    },
+    {
+      "limit": 5000,
+      "metric": "GLOBAL_INTERNAL_ADDRESSES"
+    },
+    {
+      "limit": 50,
+      "metric": "VPN_GATEWAYS"
+    },
+    {
+      "limit": 5000,
+      "metric": "MACHINE_IMAGES"
+    },
+    {
+      "limit": 20,
+      "metric": "SECURITY_POLICY_CEVAL_RULES"
+    },
+    {
+      "limit": 50,
+      "metric": "EXTERNAL_VPN_GATEWAYS"
+    },
+    {
+      "limit": 1,
+      "metric": "PUBLIC_ADVERTISED_PREFIXES"
+    },
+    {
+      "limit": 10,
+      "metric": "PUBLIC_DELEGATED_PREFIXES"
+    },
+    {
+      "limit": 1024,
+      "metric": "STATIC_BYOIP_ADDRESSES"
+    }
+  ],
+  "selfLink": "https://www.googleapis.com/compute/v1/projects/k8s-staging-capi-docker",
+  "xpnProjectStatus": "UNSPECIFIED_XPN_PROJECT_STATUS"
+}

audit/projects/k8s-staging-capi-docker/services/dns/info.json

@@ -4,7 +4,6 @@
   "number": "44019431644",
   "quota": {
     "dnsKeysPerManagedZone": 4,
-    "gkeClustersPerPolicy": 100,
     "kind": "dns#quota",
     "managedZones": 10000,
     "managedZonesPerNetwork": 10000,

audit/projects/k8s-staging-capi-docker/services/enabled.txt

@@ -1,11 +1,13 @@
 NAME                              TITLE
 cloudbuild.googleapis.com         Cloud Build API
 cloudkms.googleapis.com           Cloud Key Management Service (KMS) API
+compute.googleapis.com            Compute Engine API
 containeranalysis.googleapis.com  Container Analysis API
 containerregistry.googleapis.com  Container Registry API
 containerscanning.googleapis.com  Container Scanning API
 dns.googleapis.com                Cloud DNS API
 logging.googleapis.com            Cloud Logging API
+oslogin.googleapis.com            Cloud OS Login API
 pubsub.googleapis.com             Cloud Pub/Sub API
 secretmanager.googleapis.com      Secret Manager API
 storage-api.googleapis.com        Google Cloud Storage JSON API

audit/projects/k8s-staging-capi-openstack/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-cip-test/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-cluster-api-aws/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-cluster-api/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-coredns/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-csi/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-e2e-test-images/buckets/artifacts.k8s-staging-e2e-test-images.appspot.com/iam.json

@@ -4,7 +4,8 @@
       "members": [
         "group:k8s-infra-artifact-admins@kubernetes.io",
         "projectEditor:k8s-staging-e2e-test-images",
-        "projectOwner:k8s-staging-e2e-test-images"
+        "projectOwner:k8s-staging-e2e-test-images",
+        "serviceAccount:456067983721@cloudbuild.gserviceaccount.com"
       ],
       "role": "roles/storage.legacyBucketOwner"
     },

audit/projects/k8s-staging-e2e-test-images/services/compute/project-info.json

@@ -113,6 +113,10 @@
       "limit": 200,
       "metric": "SECURITY_POLICY_RULES"
     },
+    {
+      "limit": 1000,
+      "metric": "XPN_SERVICE_PROJECTS"
+    },
     {
       "limit": 150,
       "metric": "PACKET_MIRRORINGS"

audit/projects/k8s-staging-e2e-test-images/services/enabled.txt

@@ -1,19 +1,20 @@
-NAME                              TITLE
-bigquery.googleapis.com           BigQuery API
-bigquerystorage.googleapis.com    BigQuery Storage API
-cloudbuild.googleapis.com         Cloud Build API
-cloudkms.googleapis.com           Cloud Key Management Service (KMS) API
-compute.googleapis.com            Compute Engine API
-container.googleapis.com          Kubernetes Engine API
-containeranalysis.googleapis.com  Container Analysis API
-containerregistry.googleapis.com  Container Registry API
-containerscanning.googleapis.com  Container Scanning API
-iam.googleapis.com                Identity and Access Management (IAM) API
-iamcredentials.googleapis.com     IAM Service Account Credentials API
-logging.googleapis.com            Cloud Logging API
-monitoring.googleapis.com         Cloud Monitoring API
-oslogin.googleapis.com            Cloud OS Login API
-pubsub.googleapis.com             Cloud Pub/Sub API
-secretmanager.googleapis.com      Secret Manager API
-storage-api.googleapis.com        Google Cloud Storage JSON API
-storage-component.googleapis.com  Cloud Storage
+NAME                                 TITLE
+bigquery.googleapis.com              BigQuery API
+bigquerystorage.googleapis.com       BigQuery Storage API
+cloudbuild.googleapis.com            Cloud Build API
+cloudkms.googleapis.com              Cloud Key Management Service (KMS) API
+compute.googleapis.com               Compute Engine API
+container.googleapis.com             Kubernetes Engine API
+containeranalysis.googleapis.com     Container Analysis API
+containerregistry.googleapis.com     Container Registry API
+containerscanning.googleapis.com     Container Scanning API
+iam.googleapis.com                   Identity and Access Management (IAM) API
+iamcredentials.googleapis.com        IAM Service Account Credentials API
+logging.googleapis.com               Cloud Logging API
+monitoring.googleapis.com            Cloud Monitoring API
+oslogin.googleapis.com               Cloud OS Login API
+policytroubleshooter.googleapis.com  Policy Troubleshooter API
+pubsub.googleapis.com                Cloud Pub/Sub API
+secretmanager.googleapis.com         Secret Manager API
+storage-api.googleapis.com           Google Cloud Storage JSON API
+storage-component.googleapis.com     Cloud Storage

audit/projects/k8s-staging-experimental/buckets/artifacts.k8s-staging-experimental.appspot.com/bucketpolicyonly.txt

@@ -0,0 +1,4 @@
+Bucket Policy Only setting for gs://artifacts.k8s-staging-experimental.appspot.com:
+  Enabled: True
+  LockedTime: 2021-04-29 15:44:34.938000+00:00
+

audit/projects/k8s-staging-experimental/buckets/artifacts.k8s-staging-experimental.appspot.com/cors.txt

@@ -0,0 +1 @@
+gs://artifacts.k8s-staging-experimental.appspot.com/ has no CORS configuration.