Read access to read access k8s-artifacts-gcslogs#1966
Read access to read access k8s-artifacts-gcslogs#1966k8s-ci-robot merged 1 commit intokubernetes:mainfrom
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
approved
k8s-ci-robot
added
the
do-not-merge/hold
|
Thanks @ameukam |
|
I still feel like moving the bucket to its own project might better accomplish the access rules laid out in #904 (comment) but if this gets us started for now so be it |
ameukam
force-pushed
the
empower-ii-group-auditlogs
branch
from
0d26e6c to
dd7ea6a
Compare
Ref: kubernetes#1945 Inital request: https://groups.google.com/g/kubernetes-wg-k8s-infra/c/Wkw0uyMKSXk/m/QLVIAMZzAAAJ. Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
ameukam
force-pushed
the
empower-ii-group-auditlogs
branch
from
dd7ea6a to
56c5025
Compare
thockin
left a comment
thockin
left a comment
There was a problem hiding this comment.
No objections to this alone, but I suspect it will just be the start
|
@ii will need bq.
…On Fri, 23 Apr 2021, 5:49 pm Arnaud M., ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In infra/gcp/ensure-prod-storage.sh
<#1966 (comment)>:
> @@ -359,6 +359,12 @@ color 6 "Handling special cases"
$(svc_acct_email "${GCR_BACKUP_TEST_PRODBAK_PROJECT}" "${PROMOTER_SVCACCT}")
done
+ # Special case: empower ***@***.*** to read k8s-artifacts-gcslogs
+ # k8s-artifacts-gcslogs receive and store Cloud Audit logs for k8s-artificats-prod.
+ ensure_gcs_role_binding "gs://k8s-artifacts-gcslogs" \
@thockin <https://github.com/thockin> I prefer to leave them the choice
of the analysis tool. I would take care of it if there is a need to use BQ.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1966 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAHUY6HRYYYRFC4PZGG6OTTKEC43ANCNFSM43NLKAMA>
.
|
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ameukam, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ameukam, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
Ran
|
|
OK this is #1730 rearing its head. Time to tackle that to unblock us here |
|
A rerun appears to have successfully deployed these changes: #1998 (comment) |
6 participants
Ref: #1945
Initial request:
https://groups.google.com/g/kubernetes-wg-k8s-infra/c/Wkw0uyMKSXk/m/QLVIAMZzAAAJ.
Signed-off-by: Arnaud Meukam ameukam@gmail.com