diff --git a/audit/projects/k8s-artifacts-prod/services/enabled.txt b/audit/projects/k8s-artifacts-prod/services/enabled.txt index 7c8d574d15d..f2d2bfe53e5 100644 --- a/audit/projects/k8s-artifacts-prod/services/enabled.txt +++ b/audit/projects/k8s-artifacts-prod/services/enabled.txt @@ -9,7 +9,6 @@ cloudtrace.googleapis.com Cloud Trace API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API datastore.googleapis.com Cloud Datastore API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API diff --git a/audit/projects/k8s-cip-test-prod/services/enabled.txt b/audit/projects/k8s-cip-test-prod/services/enabled.txt index 1aa2d8aef9e..6cd205e21fc 100644 --- a/audit/projects/k8s-cip-test-prod/services/enabled.txt +++ b/audit/projects/k8s-cip-test-prod/services/enabled.txt @@ -7,7 +7,6 @@ cloudtrace.googleapis.com Cloud Trace API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API datastore.googleapis.com Cloud Datastore API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/bucketpolicyonly.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/bucketpolicyonly.txt new file mode 100644 index 00000000000..1f0c2cd43e6 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://k8s-infra-ii-sandbox-bb-test: + Enabled: False + diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/cors.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/cors.txt new file mode 100644 index 00000000000..a2fe46ccb96 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/cors.txt @@ -0,0 +1 @@ +gs://k8s-infra-ii-sandbox-bb-test/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/iam.json b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/iam.json new file mode 100644 index 00000000000..c02e6f33470 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-ii-sandbox", + "projectOwner:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/logging.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/logging.txt new file mode 100644 index 00000000000..b24f97baf84 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/logging.txt @@ -0,0 +1 @@ +gs://k8s-infra-ii-sandbox-bb-test/ has no logging configuration. diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json index 027d37ffd6c..4bd9a686196 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json @@ -1,7 +1,8 @@ { "createTime": "2021-02-11T04:21:30.200768Z", - "etag": "\"15bb07da9956c0\"", + "etag": "\"15c2db0d2d7401\"", "labels": { + "group": "sig-testing", "sig": "testing" }, "name": "projects/180382678033/secrets/cncf-ci-github-token", diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json index 88345e09455..a6d9eb99416 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/iam.json @@ -2,6 +2,7 @@ "bindings": [ { "members": [ + "group:k8s-infra-ii-coop@kubernetes.io", "group:k8s-infra-prow-oncall@kubernetes.io", "user:hh@ii.coop" ], diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/description.json new file mode 100644 index 00000000000..c40b6dc117b --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/description.json @@ -0,0 +1,8 @@ +{ + "createTime": "2021-05-21T18:03:26.516649Z", + "etag": "\"15c2dae05eb9a9\"", + "name": "projects/180382678033/secrets/cncf-ci-token", + "replication": { + "automatic": {} + } +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/iam.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/iam.json @@ -0,0 +1 @@ +{} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/versions.json new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-token/versions.json @@ -0,0 +1 @@ +[] diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/description.json new file mode 100644 index 00000000000..a9a572f02cc --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/description.json @@ -0,0 +1,11 @@ +{ + "createTime": "2021-05-21T18:04:38.236182Z", + "etag": "\"15c2db0d6c4886\"", + "labels": { + "group": "sig-architecture" + }, + "name": "projects/180382678033/secrets/snyk-token", + "replication": { + "automatic": {} + } +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/iam.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/iam.json new file mode 100644 index 00000000000..85477e58417 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/iam.json @@ -0,0 +1,11 @@ +{ + "bindings": [ + { + "members": [ + "group:k8s-infra-prow-oncall@kubernetes.io" + ], + "role": "roles/secretmanager.admin" + } + ], + "version": 1 +} diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/versions.json new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/snyk-token/versions.json @@ -0,0 +1 @@ +[] diff --git a/audit/projects/kubernetes-public/secrets/recaptcha/description.json b/audit/projects/kubernetes-public/secrets/recaptcha/description.json index 3ca1db6a34d..d5ac93728c6 100644 --- a/audit/projects/kubernetes-public/secrets/recaptcha/description.json +++ b/audit/projects/kubernetes-public/secrets/recaptcha/description.json @@ -1,8 +1,9 @@ { "createTime": "2020-05-28T03:40:25.639524Z", - "etag": "\"15b3ed7b9a9bd9\"", + "etag": "\"15c2daf9f9cb32\"", "labels": { - "app": "slack-infra" + "app": "slack-infra", + "group": "sig-contributor-experience" }, "name": "projects/127754664067/secrets/recaptcha", "replication": { diff --git a/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json b/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json index 1dadc0eeee9..2dc9198f9bb 100644 --- a/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json @@ -1,8 +1,9 @@ { "createTime": "2020-05-28T03:40:22.230224Z", - "etag": "\"15b3ed7cfb8003\"", + "etag": "\"15c2dafa2a19c5\"", "labels": { - "app": "slack-infra" + "app": "slack-infra", + "group": "sig-contributor-experience" }, "name": "projects/127754664067/secrets/slack-event-log-config", "replication": { diff --git a/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json b/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json index 14aaff56ffb..ccdbd8c08be 100644 --- a/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json @@ -1,8 +1,9 @@ { "createTime": "2020-05-28T03:40:18.073437Z", - "etag": "\"15b3ed7cc3799a\"", + "etag": "\"15c2dafa5c50da\"", "labels": { - "app": "slack-infra" + "app": "slack-infra", + "group": "sig-contributor-experience" }, "name": "projects/127754664067/secrets/slack-moderator-config", "replication": { diff --git a/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json b/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json index ebec117be9d..164d7cc3ca8 100644 --- a/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json @@ -1,8 +1,9 @@ { "createTime": "2021-02-23T23:53:36.776896Z", - "etag": "\"15bc09a07c3ac0\"", + "etag": "\"15c2dafa97e06b\"", "labels": { - "app": "slack-infra" + "app": "slack-infra", + "group": "sig-contributor-experience" }, "name": "projects/127754664067/secrets/slack-moderator-words-config", "replication": { diff --git a/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json b/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json index bdfb220e601..e69dd8d872a 100644 --- a/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json @@ -1,8 +1,9 @@ { "createTime": "2020-05-28T03:40:14.323185Z", - "etag": "\"15b3ed7cf58969\"", + "etag": "\"15c2dafac631cd\"", "labels": { - "app": "slack-infra" + "app": "slack-infra", + "group": "sig-contributor-experience" }, "name": "projects/127754664067/secrets/slack-welcomer-config", "replication": { diff --git a/audit/projects/kubernetes-public/secrets/slackin-token/description.json b/audit/projects/kubernetes-public/secrets/slackin-token/description.json index bd44999be10..8522dc4c295 100644 --- a/audit/projects/kubernetes-public/secrets/slackin-token/description.json +++ b/audit/projects/kubernetes-public/secrets/slackin-token/description.json @@ -1,8 +1,9 @@ { "createTime": "2020-05-28T03:40:30.811539Z", - "etag": "\"15b3ed7c510c5a\"", + "etag": "\"15c2dafaf6a3b1\"", "labels": { - "app": "slack-infra" + "app": "slack-infra", + "group": "sig-contributor-experience" }, "name": "projects/127754664067/secrets/slackin-token", "replication": { diff --git a/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json b/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json index b6fdaf50818..69f88c7ae69 100644 --- a/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json +++ b/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json @@ -1,8 +1,9 @@ { "createTime": "2020-06-25T19:14:21.868654Z", - "etag": "\"15bc07c702e4bb\"", + "etag": "\"15c2dafb274b21\"", "labels": { - "app": "triage-party" + "app": "triageparty-release", + "group": "sig-release" }, "name": "projects/127754664067/secrets/triage-party-github-token", "replication": {