diff --git a/audit/projects/k8s-infra-e2e-gce-project/iam.json b/audit/projects/k8s-infra-e2e-gce-project/iam.json index 6ef8d54d13a..6ed26a99055 100644 --- a/audit/projects/k8s-infra-e2e-gce-project/iam.json +++ b/audit/projects/k8s-infra-e2e-gce-project/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-302382158096@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:302382158096-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-gce-project/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-gce-project/services/compute/project-info.json index 3c8b075d544..8fe76ba1413 100644 --- a/audit/projects/k8s-infra-e2e-gce-project/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-gce-project/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 200, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 150, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-gce-project/services/enabled.txt b/audit/projects/k8s-infra-e2e-gce-project/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-gce-project/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-gce-project/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/bucketpolicyonly.txt new file mode 100644 index 00000000000..e5f18548a01 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-cfeccb2cc5: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/cors.txt b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/cors.txt new file mode 100644 index 00000000000..5feb471d3cb --- /dev/null +++ b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-cfeccb2cc5/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/iam.json b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/iam.json similarity index 56% rename from audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/iam.json rename to audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/iam.json index 0d3cc53abb0..9aed3a4ed77 100644 --- a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/iam.json +++ b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/iam.json @@ -2,14 +2,14 @@ "bindings": [ { "members": [ - "projectEditor:k8s-infra-e2e-scale-project", - "projectOwner:k8s-infra-e2e-scale-project" + "projectEditor:k8s-infra-e2e-gpu-project", + "projectOwner:k8s-infra-e2e-gpu-project" ], "role": "roles/storage.legacyBucketOwner" }, { "members": [ - "projectViewer:k8s-infra-e2e-scale-project" + "projectViewer:k8s-infra-e2e-gpu-project" ], "role": "roles/storage.legacyBucketReader" } diff --git a/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/logging.txt b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/logging.txt new file mode 100644 index 00000000000..14ce2e41076 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-gpu-project/buckets/kubernetes-staging-cfeccb2cc5/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-cfeccb2cc5/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-gpu-project/iam.json b/audit/projects/k8s-infra-e2e-gpu-project/iam.json index 16f9216bd39..cb5ffefaf9e 100644 --- a/audit/projects/k8s-infra-e2e-gpu-project/iam.json +++ b/audit/projects/k8s-infra-e2e-gpu-project/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-438213416405@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:438213416405-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-gpu-project/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-gpu-project/services/compute/project-info.json index f1cc385a873..1cf14a7cb08 100644 --- a/audit/projects/k8s-infra-e2e-gpu-project/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-gpu-project/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-gpu-project/services/enabled.txt b/audit/projects/k8s-infra-e2e-gpu-project/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-gpu-project/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-gpu-project/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/bucketpolicyonly.txt new file mode 100644 index 00000000000..7834a2db9ce --- /dev/null +++ b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://kubernetes-staging-39e765ac61-asia: + Enabled: False + diff --git a/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/cors.txt b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/cors.txt new file mode 100644 index 00000000000..64f8388586d --- /dev/null +++ b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/cors.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-39e765ac61-asia/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/iam.json b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/iam.json new file mode 100644 index 00000000000..d36ec99dd05 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-e2e-ingress-project", + "projectOwner:k8s-infra-e2e-ingress-project" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-e2e-ingress-project" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/logging.txt b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/logging.txt new file mode 100644 index 00000000000..8c0e83f93d6 --- /dev/null +++ b/audit/projects/k8s-infra-e2e-ingress-project/buckets/kubernetes-staging-39e765ac61-asia/logging.txt @@ -0,0 +1 @@ +gs://kubernetes-staging-39e765ac61-asia/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-ingress-project/iam.json b/audit/projects/k8s-infra-e2e-ingress-project/iam.json index e0abaa20ae2..27cc998ad22 100644 --- a/audit/projects/k8s-infra-e2e-ingress-project/iam.json +++ b/audit/projects/k8s-infra-e2e-ingress-project/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-741153779759@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:741153779759-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-ingress-project/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-ingress-project/services/compute/project-info.json index 59b6ea63542..e02a004e42e 100644 --- a/audit/projects/k8s-infra-e2e-ingress-project/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-ingress-project/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 200, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 150, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-ingress-project/services/enabled.txt b/audit/projects/k8s-infra-e2e-ingress-project/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-ingress-project/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-ingress-project/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-node-e2e-project/iam.json b/audit/projects/k8s-infra-e2e-node-e2e-project/iam.json index 2568834a4e9..2355852d9f6 100644 --- a/audit/projects/k8s-infra-e2e-node-e2e-project/iam.json +++ b/audit/projects/k8s-infra-e2e-node-e2e-project/iam.json @@ -12,6 +12,12 @@ ], "role": "roles/compute.serviceAgent" }, + { + "members": [ + "serviceAccount:service-855765450555@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:855765450555-compute@developer.gserviceaccount.com", diff --git a/audit/projects/k8s-infra-e2e-node-e2e-project/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-node-e2e-project/services/compute/project-info.json index b34d041c323..79226622532 100644 --- a/audit/projects/k8s-infra-e2e-node-e2e-project/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-node-e2e-project/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 200, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 150, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-e2e-node-e2e-project/services/enabled.txt b/audit/projects/k8s-infra-e2e-node-e2e-project/services/enabled.txt index 385bd4acd0e..3b60c8454c1 100644 --- a/audit/projects/k8s-infra-e2e-node-e2e-project/services/enabled.txt +++ b/audit/projects/k8s-infra-e2e-node-e2e-project/services/enabled.txt @@ -1,6 +1,9 @@ NAME TITLE compute.googleapis.com Compute Engine API +containerregistry.googleapis.com Container Registry API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +storage-api.googleapis.com Google Cloud Storage JSON API storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/bucketpolicyonly.txt b/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/bucketpolicyonly.txt deleted file mode 100644 index 2f35f388a16..00000000000 --- a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/bucketpolicyonly.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bucket Policy Only setting for gs://kubernetes-staging-8cf5cbdf30: - Enabled: False - diff --git a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/cors.txt b/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/cors.txt deleted file mode 100644 index 49a30f0789c..00000000000 --- a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/cors.txt +++ /dev/null @@ -1 +0,0 @@ -gs://kubernetes-staging-8cf5cbdf30/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/logging.txt b/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/logging.txt deleted file mode 100644 index cdc92ac3ec2..00000000000 --- a/audit/projects/k8s-infra-e2e-scale-project/buckets/kubernetes-staging-8cf5cbdf30/logging.txt +++ /dev/null @@ -1 +0,0 @@ -gs://kubernetes-staging-8cf5cbdf30/ has no logging configuration. diff --git a/audit/projects/k8s-infra-e2e-scale-project/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-scale-project/services/compute/project-info.json index 622dc981c94..8f7c22c9631 100644 --- a/audit/projects/k8s-infra-e2e-scale-project/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-scale-project/services/compute/project-info.json @@ -119,6 +119,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json new file mode 100644 index 00000000000..dc44137a3be --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json @@ -0,0 +1,10 @@ +{ + "createTime": "2021-02-11T04:21:30.200768Z", + "labels": { + "sig": "testing" + }, + "name": "projects/180382678033/secrets/cncf-ci-github-token", + "replication": { + "automatic": {} + } +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json new file mode 100644 index 00000000000..88345e09455 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json @@ -0,0 +1,12 @@ +{ + "bindings": [ + { + "members": [ + "group:k8s-infra-prow-oncall@kubernetes.io", + "user:hh@ii.coop" + ], + "role": "roles/secretmanager.admin" + } + ], + "version": 1 +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json new file mode 100644 index 00000000000..6f3774332be --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json @@ -0,0 +1,10 @@ +[ + { + "createTime": "2021-02-11T20:01:09.472963Z", + "name": "projects/180382678033/secrets/cncf-ci-github-token/versions/1", + "replicationStatus": { + "automatic": {} + }, + "state": "ENABLED" + } +] diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/description.json deleted file mode 100644 index ce3f7266f9e..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/description.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "createTime": "2020-05-27T23:37:49.309378Z", - "labels": { - "secret-group": "windows-img-promoter-cert" - }, - "name": "projects/180382678033/secrets/windows-remote-docker_ca-pem", - "replication": { - "automatic": {} - } -} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/iam.json deleted file mode 100644 index a18367fa89f..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/iam.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "bindings": [ - { - "members": [ - "serviceAccount:456067983721@cloudbuild.gserviceaccount.com" - ], - "role": "roles/secretmanager.secretAccessor" - } - ], - "version": 1 -} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/versions.json deleted file mode 100644 index cdb94ef8736..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_ca-pem/versions.json +++ /dev/null @@ -1,10 +0,0 @@ -[ - { - "createTime": "2020-05-27T23:37:50.427709Z", - "name": "projects/180382678033/secrets/windows-remote-docker_ca-pem/versions/1", - "replicationStatus": { - "automatic": {} - }, - "state": "ENABLED" - } -] diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/description.json deleted file mode 100644 index d7c34ffb1a6..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/description.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "createTime": "2020-05-27T23:38:13.897402Z", - "labels": { - "secret-group": "windows-img-promoter-cert" - }, - "name": "projects/180382678033/secrets/windows-remote-docker_cert-pem", - "replication": { - "automatic": {} - } -} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/iam.json deleted file mode 100644 index a18367fa89f..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/iam.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "bindings": [ - { - "members": [ - "serviceAccount:456067983721@cloudbuild.gserviceaccount.com" - ], - "role": "roles/secretmanager.secretAccessor" - } - ], - "version": 1 -} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/versions.json deleted file mode 100644 index e3beaf0d7df..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_cert-pem/versions.json +++ /dev/null @@ -1,10 +0,0 @@ -[ - { - "createTime": "2020-05-27T23:38:14.994470Z", - "name": "projects/180382678033/secrets/windows-remote-docker_cert-pem/versions/1", - "replicationStatus": { - "automatic": {} - }, - "state": "ENABLED" - } -] diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/description.json deleted file mode 100644 index d896195b936..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/description.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "createTime": "2020-05-27T23:38:32.418003Z", - "labels": { - "secret-group": "windows-img-promoter-cert" - }, - "name": "projects/180382678033/secrets/windows-remote-docker_key-pem", - "replication": { - "automatic": {} - } -} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/iam.json deleted file mode 100644 index a18367fa89f..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/iam.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "bindings": [ - { - "members": [ - "serviceAccount:456067983721@cloudbuild.gserviceaccount.com" - ], - "role": "roles/secretmanager.secretAccessor" - } - ], - "version": 1 -} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/versions.json deleted file mode 100644 index b82aaf80b30..00000000000 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/windows-remote-docker_key-pem/versions.json +++ /dev/null @@ -1,10 +0,0 @@ -[ - { - "createTime": "2020-05-27T23:38:33.351277Z", - "name": "projects/180382678033/secrets/windows-remote-docker_key-pem/versions/1", - "replicationStatus": { - "automatic": {} - }, - "state": "ENABLED" - } -] diff --git a/audit/projects/k8s-infra-prow-build-trusted/services/compute/project-info.json b/audit/projects/k8s-infra-prow-build-trusted/services/compute/project-info.json index 3a48dc58da5..0d321cf2d71 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/services/compute/project-info.json +++ b/audit/projects/k8s-infra-prow-build-trusted/services/compute/project-info.json @@ -123,6 +123,10 @@ "limit": 200, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 150, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-prow-build/services/compute/project-info.json b/audit/projects/k8s-infra-prow-build/services/compute/project-info.json index 659ee4bc7a0..558e455097a 100644 --- a/audit/projects/k8s-infra-prow-build/services/compute/project-info.json +++ b/audit/projects/k8s-infra-prow-build/services/compute/project-info.json @@ -127,6 +127,10 @@ "limit": 100, "metric": "SECURITY_POLICY_RULES" }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, { "limit": 45, "metric": "PACKET_MIRRORINGS" diff --git a/audit/projects/k8s-infra-prow-build/services/container/clusters.txt b/audit/projects/k8s-infra-prow-build/services/container/clusters.txt index 0220886af72..09d6d60b837 100644 --- a/audit/projects/k8s-infra-prow-build/services/container/clusters.txt +++ b/audit/projects/k8s-infra-prow-build/services/container/clusters.txt @@ -1 +1 @@ -prow-build us-central1 us-central1-c;us-central1-f;us-central1-b 67 RUNNING +prow-build us-central1 us-central1-c;us-central1-f;us-central1-b 72 RUNNING