audit: update as of 2021-06-11#2193
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @cncf-ci. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
area/audit
k8s-ci-robot
added
the
size/M
cncf-ci
changed the title
k8s-ci-robot
added
size/L
spiffxp
left a comment
spiffxp
left a comment
There was a problem hiding this comment.
/approve
/lgtm
/ok-to-test
| "name": "organizations/758905017065/roles/container.deployer", | ||
| "stage": "GA", | ||
| "title": "Container Deployer" |
| "bigquery.rowAccessPolicies.getIamPolicy", | ||
| "bigquery.rowAccessPolicies.list", |
There was a problem hiding this comment.
Expected, this is from #2156 which picked up a refresh of aggregated permissions for audit.viewer
| Time updated: Thu, 10 Jun 2021 20:21:42 GMT | ||
| Metageneration: 69 |
There was a problem hiding this comment.
... so I suspect these bucket changes are from me running ./infra/gcp/ensure-artifacts-prod.sh k8s-artifacts-prod but I never saw anything change while doing so
I haven't messed with that script much to make it more idempotent / change-only-if-needed, so it's possible this will get bumped every time that script is run
| Time updated: Thu, 10 Jun 2021 20:21:20 GMT | ||
| Metageneration: 43 |
There was a problem hiding this comment.
Same thing, but from running ./infra/gcp/ensure-conformance-storage.sh
| { | ||
| "members": [ | ||
| "serviceAccount:prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" | ||
| ], | ||
| "role": "organizations/758905017065/roles/container.deployer" | ||
| }, |
| { | ||
| "members": [ | ||
| "group:k8s-infra-cluster-admins@kubernetes.io", | ||
| "serviceAccount:prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" |
There was a problem hiding this comment.
Expected, this was me manually removing a workaround (workaround: #2148 (comment), removal: #2190 (comment))
| { | ||
| "members": [ | ||
| "serviceAccount:prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" | ||
| ], | ||
| "role": "roles/container.developer" | ||
| }, |
| { | ||
| "members": [ | ||
| "serviceAccount:prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" | ||
| ], | ||
| "role": "organizations/758905017065/roles/container.deployer" | ||
| }, |
| { | ||
| "members": [ | ||
| "serviceAccount:prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" | ||
| ], | ||
| "role": "roles/container.developer" | ||
| }, |
| [ | ||
| "projects/k8s-staging-test-infra/logs/cloudaudit.googleapis.com%2Factivity" | ||
| "projects/k8s-staging-test-infra/logs/cloudaudit.googleapis.com%2Factivity", | ||
| "projects/k8s-staging-test-infra/logs/cloudbuild" |
There was a problem hiding this comment.
I manually triggered a build in this project, ref: kubernetes/test-infra#22450 (comment)
k8s-ci-robot
added
ok-to-test
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cncf-ci, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
3 participants
Audit Updates wg-k8s-infra