diff --git a/audit/org_kubernetes.io/iam.json b/audit/org_kubernetes.io/iam.json index c04d8d81029..32bb1f4b0fb 100644 --- a/audit/org_kubernetes.io/iam.json +++ b/audit/org_kubernetes.io/iam.json @@ -95,12 +95,6 @@ ], "role": "roles/resourcemanager.organizationViewer" }, - { - "members": [ - "group:k8s-infra-gcp-auditors@kubernetes.io" - ], - "role": "roles/secretmanager.viewer" - }, { "members": [ "user:davanum@gmail.com", diff --git a/audit/org_kubernetes.io/roles/audit.viewer.json b/audit/org_kubernetes.io/roles/audit.viewer.json index dae7ce81343..8c511fb7a6c 100644 --- a/audit/org_kubernetes.io/roles/audit.viewer.json +++ b/audit/org_kubernetes.io/roles/audit.viewer.json @@ -24,6 +24,7 @@ "aiplatform.modelEvaluationSlices.list", "aiplatform.modelEvaluations.list", "aiplatform.models.list", + "aiplatform.nasJobs.list", "aiplatform.operations.list", "aiplatform.specialistPools.list", "aiplatform.studies.list", @@ -146,6 +147,7 @@ "clientauthconfig.brands.list", "clientauthconfig.clients.list", "cloudasset.assets.analyzeIamPolicy", + "cloudasset.assets.analyzeMove", "cloudasset.assets.exportAccessLevel", "cloudasset.assets.exportAccessPolicy", "cloudasset.assets.exportAllAccessPolicy", @@ -237,6 +239,7 @@ "cloudasset.assets.exportSpannerInstances", "cloudasset.assets.exportSqladminInstances", "cloudasset.assets.exportStorageBuckets", + "cloudasset.assets.listCloudkmsCryptoKeys", "cloudasset.assets.searchAllIamPolicies", "cloudasset.assets.searchAllResources", "cloudasset.feeds.list", @@ -636,18 +639,23 @@ "dialogflow.participants.list", "dialogflow.phoneNumberOrders.list", "dialogflow.phoneNumbers.list", + "dialogflow.securitySettings.list", "dialogflow.sessionEntityTypes.list", "dialogflow.smartMessagingEntries.list", "dialogflow.transitionRouteGroups.list", "dialogflow.versions.list", "dialogflow.webhooks.list", "dlp.analyzeRiskTemplates.list", + "dlp.columnDataProfiles.list", "dlp.deidentifyTemplates.list", + "dlp.estimates.list", "dlp.inspectFindings.list", "dlp.inspectTemplates.list", "dlp.jobTriggers.list", "dlp.jobs.list", + "dlp.projectDataProfiles.list", "dlp.storedInfoTypes.list", + "dlp.tableDataProfiles.list", "dns.changes.get", "dns.changes.list", "dns.dnsKeys.get", @@ -660,6 +668,7 @@ "dns.policies.getIamPolicy", "dns.policies.list", "dns.projects.get", + "dns.resourceRecordSets.get", "dns.resourceRecordSets.list", "documentai.evaluations.list", "documentai.labelerPools.list", @@ -932,6 +941,7 @@ "resourcemanager.tagKeys.list", "resourcemanager.tagValues.getIamPolicy", "resourcemanager.tagValues.list", + "resourcesettings.settings.list", "retail.catalogs.list", "retail.operations.list", "retail.products.list", @@ -948,9 +958,12 @@ "runtimeconfig.variables.list", "runtimeconfig.waiters.getIamPolicy", "runtimeconfig.waiters.list", + "secretmanager.locations.get", "secretmanager.locations.list", + "secretmanager.secrets.get", "secretmanager.secrets.getIamPolicy", "secretmanager.secrets.list", + "secretmanager.versions.get", "secretmanager.versions.list", "securitycenter.assets.list", "securitycenter.findings.list", diff --git a/audit/projects/k8s-conform/secrets/service-cri-o-key/description.json b/audit/projects/k8s-conform/secrets/service-cri-o-key/description.json index 636bea2f32c..d463c6d31c9 100644 --- a/audit/projects/k8s-conform/secrets/service-cri-o-key/description.json +++ b/audit/projects/k8s-conform/secrets/service-cri-o-key/description.json @@ -1,5 +1,6 @@ { "createTime": "2021-04-08T20:32:11.215176Z", + "etag": "\"15bf7bf125b148\"", "name": "projects/228988630781/secrets/service-cri-o-key", "replication": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-cri-o-key/versions.json b/audit/projects/k8s-conform/secrets/service-cri-o-key/versions.json index bd342425090..033d1803db4 100644 --- a/audit/projects/k8s-conform/secrets/service-cri-o-key/versions.json +++ b/audit/projects/k8s-conform/secrets/service-cri-o-key/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2021-04-08T20:32:13.362805Z", + "etag": "\"15bf7bf1467675\"", "name": "projects/228988630781/secrets/service-cri-o-key/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-huaweicloud-key/description.json b/audit/projects/k8s-conform/secrets/service-huaweicloud-key/description.json index dac88b8cc6e..31ba1c3dc4c 100644 --- a/audit/projects/k8s-conform/secrets/service-huaweicloud-key/description.json +++ b/audit/projects/k8s-conform/secrets/service-huaweicloud-key/description.json @@ -1,5 +1,6 @@ { "createTime": "2021-04-08T20:43:10.411934Z", + "etag": "\"15bf7c18703c9e\"", "name": "projects/228988630781/secrets/service-huaweicloud-key", "replication": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-huaweicloud-key/versions.json b/audit/projects/k8s-conform/secrets/service-huaweicloud-key/versions.json index 0068ef7a588..cbe7ad6c9b6 100644 --- a/audit/projects/k8s-conform/secrets/service-huaweicloud-key/versions.json +++ b/audit/projects/k8s-conform/secrets/service-huaweicloud-key/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2021-04-08T20:43:12.768840Z", + "etag": "\"15bf7c18943348\"", "name": "projects/228988630781/secrets/service-huaweicloud-key/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-inspur-key/description.json b/audit/projects/k8s-conform/secrets/service-inspur-key/description.json index 343e01a5b94..940f2574725 100644 --- a/audit/projects/k8s-conform/secrets/service-inspur-key/description.json +++ b/audit/projects/k8s-conform/secrets/service-inspur-key/description.json @@ -1,5 +1,6 @@ { "createTime": "2021-02-23T06:37:04.961097Z", + "etag": "\"15bbfb25906e49\"", "name": "projects/228988630781/secrets/service-inspur-key", "replication": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-inspur-key/versions.json b/audit/projects/k8s-conform/secrets/service-inspur-key/versions.json index d80a0b98635..8703a37f20b 100644 --- a/audit/projects/k8s-conform/secrets/service-inspur-key/versions.json +++ b/audit/projects/k8s-conform/secrets/service-inspur-key/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2021-02-23T06:37:06.236110Z", + "etag": "\"15bbfb25a3e2ce\"", "name": "projects/228988630781/secrets/service-inspur-key/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-provider-openstack-key/description.json b/audit/projects/k8s-conform/secrets/service-provider-openstack-key/description.json index fa19d6025c3..9f9a32fc544 100644 --- a/audit/projects/k8s-conform/secrets/service-provider-openstack-key/description.json +++ b/audit/projects/k8s-conform/secrets/service-provider-openstack-key/description.json @@ -1,5 +1,6 @@ { "createTime": "2021-02-15T15:18:08.840992Z", + "etag": "\"15bb617e4e6120\"", "name": "projects/228988630781/secrets/service-provider-openstack-key", "replication": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-provider-openstack-key/versions.json b/audit/projects/k8s-conform/secrets/service-provider-openstack-key/versions.json index 103f0db6769..0244143f7e3 100644 --- a/audit/projects/k8s-conform/secrets/service-provider-openstack-key/versions.json +++ b/audit/projects/k8s-conform/secrets/service-provider-openstack-key/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2021-02-15T15:18:09.874889Z", + "etag": "\"15bb617e5e27c9\"", "name": "projects/228988630781/secrets/service-provider-openstack-key/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/description.json b/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/description.json index 6d54fb4f53c..e49386a95e6 100644 --- a/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/description.json +++ b/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-09-23T21:18:11.941957Z", + "etag": "\"15b3ed7a94947b\"", "name": "projects/228988630781/secrets/service-s390x-k8s-key", "replication": { "automatic": {} diff --git a/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/versions.json b/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/versions.json index 0762b355283..cfe3e9039b8 100644 --- a/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/versions.json +++ b/audit/projects/k8s-conform/secrets/service-s390x-k8s-key/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-09-23T21:18:13.601114Z", + "etag": "\"15b3ed80db70cb\"", "name": "projects/228988630781/secrets/service-s390x-k8s-key/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/description.json b/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/description.json index 67d029e2a2a..81d58f703f6 100644 --- a/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/description.json +++ b/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-04-30T04:24:22.976608Z", + "etag": "\"15b3ed7c79f8c0\"", "name": "projects/91610859379/secrets/gsuite-groups-manager_key", "replication": { "automatic": {} diff --git a/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/versions.json b/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/versions.json index 8ebe6d94d6f..46e53d1740f 100644 --- a/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/versions.json +++ b/audit/projects/k8s-gsuite/secrets/gsuite-groups-manager_key/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-04-30T04:24:24.019226Z", + "etag": "\"15b3ed8120606f\"", "name": "projects/91610859379/secrets/gsuite-groups-manager_key/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/description.json b/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/description.json index 51ca1cc1026..4c0fc2c4e8e 100644 --- a/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/description.json +++ b/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-05-11T16:52:59.141275Z", + "etag": "\"15b3ed7b29f480\"", "name": "projects/91610859379/secrets/wg-k8s-infra-billing_pw", "replication": { "automatic": {} diff --git a/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/versions.json b/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/versions.json index df274a92542..e7c37da5740 100644 --- a/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/versions.json +++ b/audit/projects/k8s-gsuite/secrets/wg-k8s-infra-billing_pw/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-05-11T16:52:59.792712Z", + "etag": "\"15b3ed7fa1fa3c\"", "name": "projects/91610859379/secrets/wg-k8s-infra-billing_pw/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/bucketpolicyonly.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/bucketpolicyonly.txt new file mode 100644 index 00000000000..e554da954ae --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://export-c2e4nmc5jmg9n5nacc60: + Enabled: False + diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/cors.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/cors.txt new file mode 100644 index 00000000000..3752ce95b8f --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/cors.txt @@ -0,0 +1 @@ +gs://export-c2e4nmc5jmg9n5nacc60/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/iam.json b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/iam.json new file mode 100644 index 00000000000..c02e6f33470 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-ii-sandbox", + "projectOwner:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/logging.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/logging.txt new file mode 100644 index 00000000000..2312d01afd6 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/export-c2e4nmc5jmg9n5nacc60/logging.txt @@ -0,0 +1 @@ +gs://export-c2e4nmc5jmg9n5nacc60/ has no logging configuration. diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/bucketpolicyonly.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/bucketpolicyonly.txt new file mode 100644 index 00000000000..ed41b50062e --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/bucketpolicyonly.txt @@ -0,0 +1,4 @@ +Bucket Policy Only setting for gs://ii_bq_scratch_dump: + Enabled: True + LockedTime: 2021-08-09 23:05:03.678000+00:00 + diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/cors.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/cors.txt new file mode 100644 index 00000000000..35cca4e2f3d --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/cors.txt @@ -0,0 +1 @@ +gs://ii_bq_scratch_dump/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/iam.json b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/iam.json new file mode 100644 index 00000000000..db136a7dcff --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/iam.json @@ -0,0 +1,30 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-ii-sandbox", + "projectOwner:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketReader" + }, + { + "members": [ + "projectEditor:k8s-infra-ii-sandbox", + "projectOwner:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyObjectOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyObjectReader" + } + ] +} diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/logging.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/logging.txt new file mode 100644 index 00000000000..56cc2306ed3 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/ii_bq_scratch_dump/logging.txt @@ -0,0 +1 @@ +gs://ii_bq_scratch_dump/ has no logging configuration. diff --git a/audit/projects/k8s-infra-ii-sandbox/iam.json b/audit/projects/k8s-infra-ii-sandbox/iam.json index 0b422daea51..8bf11b2feaa 100644 --- a/audit/projects/k8s-infra-ii-sandbox/iam.json +++ b/audit/projects/k8s-infra-ii-sandbox/iam.json @@ -1,5 +1,17 @@ { "bindings": [ + { + "members": [ + "serviceAccount:service-631771264409@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com" + ], + "role": "roles/bigquerydatatransfer.serviceAgent" + }, + { + "members": [ + "serviceAccount:service-631771264409@gcp-sa-cloudasset.iam.gserviceaccount.com" + ], + "role": "roles/cloudasset.serviceAgent" + }, { "members": [ "serviceAccount:631771264409@cloudbuild.gserviceaccount.com" @@ -43,9 +55,31 @@ ], "role": "roles/editor" }, + { + "members": [ + "deleted:serviceAccount:ii-sandbox-bobymcbobs-qtyp@k8s-infra-ii-sandbox.iam.gserviceaccount.com?uid=114495406038893813562", + "serviceAccount:ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com" + ], + "role": "roles/logging.logWriter" + }, + { + "members": [ + "deleted:serviceAccount:ii-sandbox-bobymcbobs-qtyp@k8s-infra-ii-sandbox.iam.gserviceaccount.com?uid=114495406038893813562", + "serviceAccount:ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com" + ], + "role": "roles/monitoring.metricWriter" + }, + { + "members": [ + "deleted:serviceAccount:ii-sandbox-bobymcbobs-qtyp@k8s-infra-ii-sandbox.iam.gserviceaccount.com?uid=114495406038893813562", + "serviceAccount:ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com" + ], + "role": "roles/monitoring.viewer" + }, { "members": [ "group:k8s-infra-ii-coop@kubernetes.io", + "serviceAccount:bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com", "user:ameukam@gmail.com" ], "role": "roles/owner" diff --git a/audit/projects/k8s-infra-ii-sandbox/service-accounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com/description.json b/audit/projects/k8s-infra-ii-sandbox/service-accounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com/description.json new file mode 100644 index 00000000000..671d6faf13d --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/service-accounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com/description.json @@ -0,0 +1,7 @@ +{ + "email": "bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com", + "name": "projects/k8s-infra-ii-sandbox/serviceAccounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com", + "oauth2ClientId": "100919040677853295625", + "projectId": "k8s-infra-ii-sandbox", + "uniqueId": "100919040677853295625" +} diff --git a/audit/projects/k8s-infra-ii-sandbox/service-accounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com/iam.json b/audit/projects/k8s-infra-ii-sandbox/service-accounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com/iam.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/service-accounts/bobymcbobs@k8s-infra-ii-sandbox.iam.gserviceaccount.com/iam.json @@ -0,0 +1 @@ +{} diff --git a/audit/projects/k8s-infra-ii-sandbox/service-accounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com/description.json b/audit/projects/k8s-infra-ii-sandbox/service-accounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com/description.json new file mode 100644 index 00000000000..f163ae739a8 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/service-accounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com/description.json @@ -0,0 +1,8 @@ +{ + "displayName": "Nodes in GKE cluster 'ii-sandbox-bobymcbobs-oitq'", + "email": "ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com", + "name": "projects/k8s-infra-ii-sandbox/serviceAccounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com", + "oauth2ClientId": "108714319235542196622", + "projectId": "k8s-infra-ii-sandbox", + "uniqueId": "108714319235542196622" +} diff --git a/audit/projects/k8s-infra-ii-sandbox/service-accounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com/iam.json b/audit/projects/k8s-infra-ii-sandbox/service-accounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com/iam.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/service-accounts/ii-sandbox-bobymcbobs-oitq@k8s-infra-ii-sandbox.iam.gserviceaccount.com/iam.json @@ -0,0 +1 @@ +{} diff --git a/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json b/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json index cb35ac26534..ddbcdcd7de9 100644 --- a/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json +++ b/audit/projects/k8s-infra-ii-sandbox/services/compute/project-info.json @@ -1,5 +1,19 @@ { "commonInstanceMetadata": { + "items": [ + { + "key": "ssh-keys", + "value": "ii:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUdHD+LyG+4cFT4oa/gklZf6sba4hJsQAK1ue6J2M5pLPFzuaGXmBKaydDg8oq85lB/fFhpigWFD9crHzcM7OYcXZX03zZBehH+e9y5V++LZhAtHWb4a625Hr9VDxkWa8olQQHbrtKRuhDp6lsXNfpNGiO/HScesVuR2WN8ns/zvkKuEkojQsdMv/Gwm4qhyL8BAQXieFG7J+6NQjNxp49Yy5dqNvw55M7bcLZE83vubWnaqkG9LU58PkEvxqVKHhgXh85UsuQRSMz8j/bXojpKc6obtxjINZsYlrn3T98rQx7tbcPBxDXwzBDayoSr0Oa8gmkpMSwgfK8sYhoN0nPGmeWKYNZXVN/ePTmzUpqOe9Edfs1e7ckHHrlMAvNPiYS0dWke2s+03SxRlJxmgST4mv7aKOhNsay2bmdRaPQQJZ/v9mKVRhdoyfHE8AlwoNdsciZMdE1xaHDPEUtzCjALIamo/brH+hfpqLro5snJFY6HB2CKSunn4tZhAgiKt0= ii@bobymcbobs-humacs-0\nroot:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO5HnHUJBZrRrR8HWKfNjaVGhSe7/Jm8C+fo/xj1Cl8mIx4KEyix9PJbhxgLasXYJxgjH8XbnrVoT8Y3hfzxetOuQMb7XfSjaBkBM5N8aPkBe2GgljDXMapBvXK8o1A0VFxW1H5N9zy6Z1Y6KGon6rlExH6f4+9WfY0mG3pYN/CsMZhGOrFVU5j6fNndzUYDqIQ0F5n2b8KIzn9IrezQEoC7VwLdu1slZ1nuc0VQclYZkK3uYlZ3msB/vzqdaYPlkk/n0bDdJpQGoEyYWQr09AxXzT7/KVJFuIPIQYyfwwPx/kTr4lLwW9brWaXmO87A0eHSQLkFDnrvn0o48lY0HpsyFlW6eaOhulwrZZuSJS1U2GtWTo2pWKwmTmvHu6oBuZewrMGryEaDsEgNbhHYMmIDpgYYd1UIkfIpqrUjbTRB8nz6Nc2sWDom5DL8B75rqWH88QX48p4nLgQIjYkevDQfycWnkM31yjnrs27OLa/X96X7VaAg4bA1azBbAcL3s= caleb@atlaslt\ncaleb:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO5HnHUJBZrRrR8HWKfNjaVGhSe7/Jm8C+fo/xj1Cl8mIx4KEyix9PJbhxgLasXYJxgjH8XbnrVoT8Y3hfzxetOuQMb7XfSjaBkBM5N8aPkBe2GgljDXMapBvXK8o1A0VFxW1H5N9zy6Z1Y6KGon6rlExH6f4+9WfY0mG3pYN/CsMZhGOrFVU5j6fNndzUYDqIQ0F5n2b8KIzn9IrezQEoC7VwLdu1slZ1nuc0VQclYZkK3uYlZ3msB/vzqdaYPlkk/n0bDdJpQGoEyYWQr09AxXzT7/KVJFuIPIQYyfwwPx/kTr4lLwW9brWaXmO87A0eHSQLkFDnrvn0o48lY0HpsyFlW6eaOhulwrZZuSJS1U2GtWTo2pWKwmTmvHu6oBuZewrMGryEaDsEgNbhHYMmIDpgYYd1UIkfIpqrUjbTRB8nz6Nc2sWDom5DL8B75rqWH88QX48p4nLgQIjYkevDQfycWnkM31yjnrs27OLa/X96X7VaAg4bA1azBbAcL3s= caleb@atlaslt" + }, + { + "key": "sshKeys", + "value": "\ngke-1b36f519e8e743f18546:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwmar7BaW0i91sjoISML1Uxq66HmOoI/8cmX4obuChdQY7hD0D+ZTY75CUPd2JuUZGZZXsiD34N/RXDatjCQRb7n3qepBwhM0DliO12758Tawev04nM8qWwZnSBjQFP2KMUwPdpGbZTKzLXZHBnYMWPqe3cEPKjVWRPZ92STnLcN0m5Zr8j7tsH1S++plT88/bz3UeirO/TyRRDDtRFCwv0fV13k0F/00JATLKOU2kj8tfDBoIgl01XSrK8hRn4x5SDQ6zk7IqoCWO3ibZSBLUq8SwphoY+Bb789Gib3k0uYpNSfwuC3QHOmLhB6axuzo3vio7yRwgUeYPpSuf9s7b gke-1b36f519e8e743f18546@gke-1b36f519e8e743f18546\ngke-1b36f519e8e743f18546:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pLKBuvJXkpJwEWdhBqDgaTK9wlEkAOj+A85kZADTH/gz7yllMFntnRwcakmTm9D/zfBlCLkZkoMoTxZTpUANOlfb7qoQY+ij0sbdKA1ST3Om4WRxu6dwPjMUyQkKRYIJc0hn9qQL9zJcfYVLHCvKihj1R5N7mDyWkmlpJ7TO6tMHIEXRT2sxuzvajKPVZpALl+EPasKQyEgetV6TUHQje+DfZ+Du1ET/iSZUPlOUI2ioRuwxtippHKJCNxpgC+PpsHouo+EWPna/so7H4ZvGPWxvtCqooafI1RBJb0rZq1DLBg1TTBcnJ44CqMDJpS4nY3fWyF7lNQcM3e0NFUDB gke-1b36f519e8e743f18546@gke-1b36f519e8e743f18546\ngke-1b36f519e8e743f18546:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNBBArKYbWXkuif/RcaE/eQRMpMN/+3xDbEoksxq3NpbJjrrHRNN1o4m3FNViLbKE516ekv63Hmy6bVVeE0vxHMwkzd5gO2emm5cF3qB3O92MWf2mfEjXYsSG7hxl21LPenElmTNHa9wm8kYBGZZvKDg+Mgo4TzTLwSTwzlfX9O8QhgsBnwy2PrOYohGlZ+XDSUDZ9FZKIMRmjh2ddvMyImNYOa6P7AiL1FO1/i1vnA/2C4zsfO9qhnFQz9B4nlHM9hIieDCPZrFNJOZvI77MAbJj7jW63eULCsEOE+dkYR8B+u1lDRjsyv9TJab6FSpLIsCCDVUPazH+uBaaeZIbx gke-1b36f519e8e743f18546@gke-1b36f519e8e743f18546" + }, + { + "key": "gke-ii-sandbox-bobymcbobs-oitq-1b36f519-secondary-ranges", + "value": "services:default:default:gke-ii-sandbox-bobymcbobs-oitq-services-1b36f519,pods:default:default:gke-ii-sandbox-bobymcbobs-oitq-pods-1b36f519" + } + ], "kind": "compute#metadata" }, "creationTimestamp": "2021-04-26T06:50:01.865-07:00", diff --git a/audit/projects/k8s-infra-ii-sandbox/services/container/clusters.txt b/audit/projects/k8s-infra-ii-sandbox/services/container/clusters.txt index e69de29bb2d..baa51c79ed8 100644 --- a/audit/projects/k8s-infra-ii-sandbox/services/container/clusters.txt +++ b/audit/projects/k8s-infra-ii-sandbox/services/container/clusters.txt @@ -0,0 +1 @@ +ii-sandbox-bobymcbobs-oitq us-central1 us-central1-c;us-central1-f;us-central1-b RUNNING diff --git a/audit/projects/k8s-infra-ii-sandbox/services/enabled.txt b/audit/projects/k8s-infra-ii-sandbox/services/enabled.txt index c47edf6bfcc..7c3e151a661 100644 --- a/audit/projects/k8s-infra-ii-sandbox/services/enabled.txt +++ b/audit/projects/k8s-infra-ii-sandbox/services/enabled.txt @@ -1,16 +1,22 @@ -NAME TITLE -bigquery.googleapis.com BigQuery API -bigquerystorage.googleapis.com BigQuery Storage API -cloudbuild.googleapis.com Cloud Build API -compute.googleapis.com Compute Engine API -container.googleapis.com Kubernetes Engine API -containeranalysis.googleapis.com Container Analysis API -containerregistry.googleapis.com Container Registry API -iam.googleapis.com Identity and Access Management (IAM) API -iamcredentials.googleapis.com IAM Service Account Credentials API -logging.googleapis.com Cloud Logging API -monitoring.googleapis.com Cloud Monitoring API -oslogin.googleapis.com Cloud OS Login API -pubsub.googleapis.com Cloud Pub/Sub API -storage-api.googleapis.com Google Cloud Storage JSON API -storage-component.googleapis.com Cloud Storage +NAME TITLE +bigquery.googleapis.com BigQuery API +bigqueryconnection.googleapis.com BigQuery Connection API +bigquerydatatransfer.googleapis.com BigQuery Data Transfer API +bigqueryreservation.googleapis.com BigQuery Reservation API +bigquerystorage.googleapis.com BigQuery Storage API +cloudasset.googleapis.com Cloud Asset API +cloudbuild.googleapis.com Cloud Build API +cloudresourcemanager.googleapis.com Cloud Resource Manager API +compute.googleapis.com Compute Engine API +container.googleapis.com Kubernetes Engine API +containeranalysis.googleapis.com Container Analysis API +containerregistry.googleapis.com Container Registry API +iam.googleapis.com Identity and Access Management (IAM) API +iamcredentials.googleapis.com IAM Service Account Credentials API +logging.googleapis.com Cloud Logging API +monitoring.googleapis.com Cloud Monitoring API +oslogin.googleapis.com Cloud OS Login API +pubsub.googleapis.com Cloud Pub/Sub API +serviceusage.googleapis.com Service Usage API +storage-api.googleapis.com Google Cloud Storage JSON API +storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json index dc44137a3be..027d37ffd6c 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/description.json @@ -1,5 +1,6 @@ { "createTime": "2021-02-11T04:21:30.200768Z", + "etag": "\"15bb07da9956c0\"", "labels": { "sig": "testing" }, diff --git a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json index 6f3774332be..01165578826 100644 --- a/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json +++ b/audit/projects/k8s-infra-prow-build-trusted/secrets/cncf-ci-github-token/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2021-02-11T20:01:09.472963Z", + "etag": "\"15bb14fb10c2c3\"", "name": "projects/180382678033/secrets/cncf-ci-github-token/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/k8s-infra-public-pii/description.json b/audit/projects/k8s-infra-public-pii/description.json new file mode 100644 index 00000000000..4cccf960800 --- /dev/null +++ b/audit/projects/k8s-infra-public-pii/description.json @@ -0,0 +1,11 @@ +{ + "createTime": "2021-05-12T09:38:46.426Z", + "lifecycleState": "ACTIVE", + "name": "k8s-infra-public-pii", + "parent": { + "id": "758905017065", + "type": "organization" + }, + "projectId": "k8s-infra-public-pii", + "projectNumber": "226195303281" +} diff --git a/audit/projects/k8s-infra-public-pii/iam.json b/audit/projects/k8s-infra-public-pii/iam.json new file mode 100644 index 00000000000..d801b21c749 --- /dev/null +++ b/audit/projects/k8s-infra-public-pii/iam.json @@ -0,0 +1,11 @@ +{ + "bindings": [ + { + "members": [ + "user:ameukam@gmail.com" + ], + "role": "roles/owner" + } + ], + "version": 1 +} diff --git a/audit/projects/k8s-infra-public-pii/services/bigquery/bigquery.datasets.json b/audit/projects/k8s-infra-public-pii/services/bigquery/bigquery.datasets.json new file mode 100644 index 00000000000..e69de29bb2d diff --git a/audit/projects/k8s-infra-public-pii/services/enabled.txt b/audit/projects/k8s-infra-public-pii/services/enabled.txt new file mode 100644 index 00000000000..38fbc8cec93 --- /dev/null +++ b/audit/projects/k8s-infra-public-pii/services/enabled.txt @@ -0,0 +1,5 @@ +NAME TITLE +bigquery.googleapis.com BigQuery API +bigquerystorage.googleapis.com BigQuery Storage API +logging.googleapis.com Cloud Logging API +storage-component.googleapis.com Cloud Storage diff --git a/audit/projects/k8s-staging-cluster-api-gcp/buckets/artifacts.k8s-staging-cluster-api-gcp.appspot.com/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/buckets/artifacts.k8s-staging-cluster-api-gcp.appspot.com/iam.json index 725dad07826..545611e7d1e 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/buckets/artifacts.k8s-staging-cluster-api-gcp.appspot.com/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/buckets/artifacts.k8s-staging-cluster-api-gcp.appspot.com/iam.json @@ -17,14 +17,16 @@ }, { "members": [ - "group:k8s-infra-staging-cluster-api-gcp@kubernetes.io" + "group:k8s-infra-staging-cluster-api-gcp@kubernetes.io", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" ], "role": "roles/storage.legacyBucketWriter" }, { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", - "group:k8s-infra-staging-cluster-api-gcp@kubernetes.io" + "group:k8s-infra-staging-cluster-api-gcp@kubernetes.io", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" ], "role": "roles/storage.objectAdmin" }, diff --git a/audit/projects/k8s-staging-cluster-api-gcp/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/iam.json index 3c5c86374df..222941acad6 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/iam.json @@ -4,6 +4,7 @@ "members": [ "serviceAccount:606075400249@cloudbuild.gserviceaccount.com", "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" @@ -20,6 +21,12 @@ ], "role": "roles/cloudbuild.serviceAgent" }, + { + "members": [ + "serviceAccount:service-606075400249@compute-system.iam.gserviceaccount.com" + ], + "role": "roles/compute.serviceAgent" + }, { "members": [ "serviceAccount:service-606075400249@container-analysis.iam.gserviceaccount.com" @@ -40,6 +47,8 @@ }, { "members": [ + "serviceAccount:606075400249-compute@developer.gserviceaccount.com", + "serviceAccount:606075400249@cloudservices.gserviceaccount.com", "serviceAccount:service-606075400249@containerregistry.iam.gserviceaccount.com" ], "role": "roles/editor" diff --git a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/606075400249-compute@developer.gserviceaccount.com/description.json b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/606075400249-compute@developer.gserviceaccount.com/description.json new file mode 100644 index 00000000000..a7bbdc685c1 --- /dev/null +++ b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/606075400249-compute@developer.gserviceaccount.com/description.json @@ -0,0 +1,8 @@ +{ + "displayName": "Compute Engine default service account", + "email": "606075400249-compute@developer.gserviceaccount.com", + "name": "projects/k8s-staging-cluster-api-gcp/serviceAccounts/606075400249-compute@developer.gserviceaccount.com", + "oauth2ClientId": "100071067010720040798", + "projectId": "k8s-staging-cluster-api-gcp", + "uniqueId": "100071067010720040798" +} diff --git a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/606075400249-compute@developer.gserviceaccount.com/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/606075400249-compute@developer.gserviceaccount.com/iam.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/606075400249-compute@developer.gserviceaccount.com/iam.json @@ -0,0 +1 @@ +{} diff --git a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json new file mode 100644 index 00000000000..07491c95192 --- /dev/null +++ b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json @@ -0,0 +1,8 @@ +{ + "displayName": "used by k8s-infra-prow-build to trigger GCB, write to GCR for k8s-staging-cluster-api-gcp", + "email": "gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", + "name": "projects/k8s-staging-cluster-api-gcp/serviceAccounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", + "oauth2ClientId": "108043822519400192439", + "projectId": "k8s-staging-cluster-api-gcp", + "uniqueId": "108043822519400192439" +} diff --git a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/iam.json new file mode 100644 index 00000000000..4418da2af84 --- /dev/null +++ b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/iam.json @@ -0,0 +1,11 @@ +{ + "bindings": [ + { + "members": [ + "serviceAccount:k8s-infra-prow-build-trusted.svc.id.goog[test-pods/gcb-builder-cluster-api-gcp]" + ], + "role": "roles/iam.workloadIdentityUser" + } + ], + "version": 1 +} diff --git a/audit/projects/k8s-staging-cluster-api-gcp/services/compute/project-info.json b/audit/projects/k8s-staging-cluster-api-gcp/services/compute/project-info.json new file mode 100644 index 00000000000..b9775cfa351 --- /dev/null +++ b/audit/projects/k8s-staging-cluster-api-gcp/services/compute/project-info.json @@ -0,0 +1,171 @@ +{ + "commonInstanceMetadata": { + "kind": "compute#metadata" + }, + "creationTimestamp": "2021-05-18T21:33:14.142-07:00", + "defaultNetworkTier": "PREMIUM", + "defaultServiceAccount": "606075400249-compute@developer.gserviceaccount.com", + "id": "3274567178003229670", + "kind": "compute#project", + "name": "k8s-staging-cluster-api-gcp", + "quotas": [ + { + "limit": 10000, + "metric": "SNAPSHOTS" + }, + { + "limit": 30, + "metric": "NETWORKS" + }, + { + "limit": 500, + "metric": "FIREWALLS" + }, + { + "limit": 5000, + "metric": "IMAGES" + }, + { + "limit": 175, + "metric": "STATIC_ADDRESSES" + }, + { + "limit": 300, + "metric": "ROUTES" + }, + { + "limit": 150, + "metric": "FORWARDING_RULES" + }, + { + "limit": 500, + "metric": "TARGET_POOLS" + }, + { + "limit": 500, + "metric": "HEALTH_CHECKS" + }, + { + "limit": 575, + "metric": "IN_USE_ADDRESSES" + }, + { + "limit": 500, + "metric": "TARGET_INSTANCES" + }, + { + "limit": 100, + "metric": "TARGET_HTTP_PROXIES" + }, + { + "limit": 100, + "metric": "URL_MAPS" + }, + { + "limit": 30, + "metric": "BACKEND_SERVICES" + }, + { + "limit": 1000, + "metric": "INSTANCE_TEMPLATES" + }, + { + "limit": 50, + "metric": "TARGET_VPN_GATEWAYS" + }, + { + "limit": 100, + "metric": "VPN_TUNNELS" + }, + { + "limit": 30, + "metric": "BACKEND_BUCKETS" + }, + { + "limit": 20, + "metric": "ROUTERS" + }, + { + "limit": 100, + "metric": "TARGET_SSL_PROXIES" + }, + { + "limit": 100, + "metric": "TARGET_HTTPS_PROXIES" + }, + { + "limit": 100, + "metric": "SSL_CERTIFICATES" + }, + { + "limit": 275, + "metric": "SUBNETWORKS" + }, + { + "limit": 100, + "metric": "TARGET_TCP_PROXIES" + }, + { + "limit": 10, + "metric": "SECURITY_POLICIES" + }, + { + "limit": 200, + "metric": "SECURITY_POLICY_RULES" + }, + { + "limit": 1000, + "metric": "XPN_SERVICE_PROJECTS" + }, + { + "limit": 150, + "metric": "PACKET_MIRRORINGS" + }, + { + "limit": 1000, + "metric": "NETWORK_ENDPOINT_GROUPS" + }, + { + "limit": 6, + "metric": "INTERCONNECTS" + }, + { + "limit": 5000, + "metric": "GLOBAL_INTERNAL_ADDRESSES" + }, + { + "limit": 50, + "metric": "VPN_GATEWAYS" + }, + { + "limit": 5000, + "metric": "MACHINE_IMAGES" + }, + { + "limit": 20, + "metric": "SECURITY_POLICY_CEVAL_RULES" + }, + { + "limit": 50, + "metric": "EXTERNAL_VPN_GATEWAYS" + }, + { + "limit": 1, + "metric": "PUBLIC_ADVERTISED_PREFIXES" + }, + { + "limit": 10, + "metric": "PUBLIC_DELEGATED_PREFIXES" + }, + { + "limit": 1024, + "metric": "STATIC_BYOIP_ADDRESSES" + }, + { + "limit": 150, + "metric": "INTERNAL_TRAFFIC_DIRECTOR_FORWARDING_RULES" + } + ], + "selfLink": "https://www.googleapis.com/compute/v1/projects/k8s-staging-cluster-api-gcp", + "xpnProjectStatus": "UNSPECIFIED_XPN_PROJECT_STATUS" +} diff --git a/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt index 30cdd842f18..661451636fa 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt @@ -1,10 +1,12 @@ NAME TITLE cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API +compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API +oslogin.googleapis.com Cloud OS Login API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API storage-api.googleapis.com Google Cloud Storage JSON API diff --git a/audit/projects/kubernetes-public/secrets/recaptcha/description.json b/audit/projects/kubernetes-public/secrets/recaptcha/description.json index 39c4787217c..3ca1db6a34d 100644 --- a/audit/projects/kubernetes-public/secrets/recaptcha/description.json +++ b/audit/projects/kubernetes-public/secrets/recaptcha/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-05-28T03:40:25.639524Z", + "etag": "\"15b3ed7b9a9bd9\"", "labels": { "app": "slack-infra" }, diff --git a/audit/projects/kubernetes-public/secrets/recaptcha/versions.json b/audit/projects/kubernetes-public/secrets/recaptcha/versions.json index 0731173716c..a98b1be6b87 100644 --- a/audit/projects/kubernetes-public/secrets/recaptcha/versions.json +++ b/audit/projects/kubernetes-public/secrets/recaptcha/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-05-28T03:40:26.335853Z", + "etag": "\"15b3ed7f506e57\"", "name": "projects/127754664067/secrets/recaptcha/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json b/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json index 837060ef23a..1dadc0eeee9 100644 --- a/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-event-log-config/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-05-28T03:40:22.230224Z", + "etag": "\"15b3ed7cfb8003\"", "labels": { "app": "slack-infra" }, diff --git a/audit/projects/kubernetes-public/secrets/slack-event-log-config/versions.json b/audit/projects/kubernetes-public/secrets/slack-event-log-config/versions.json index af914a2726e..9fd132bc953 100644 --- a/audit/projects/kubernetes-public/secrets/slack-event-log-config/versions.json +++ b/audit/projects/kubernetes-public/secrets/slack-event-log-config/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-05-28T03:40:22.855508Z", + "etag": "\"15b3ed8006200a\"", "name": "projects/127754664067/secrets/slack-event-log-config/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json b/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json index 670b744ce26..14aaff56ffb 100644 --- a/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-moderator-config/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-05-28T03:40:18.073437Z", + "etag": "\"15b3ed7cc3799a\"", "labels": { "app": "slack-infra" }, diff --git a/audit/projects/kubernetes-public/secrets/slack-moderator-config/versions.json b/audit/projects/kubernetes-public/secrets/slack-moderator-config/versions.json index c8cb96d93fe..100d363fd39 100644 --- a/audit/projects/kubernetes-public/secrets/slack-moderator-config/versions.json +++ b/audit/projects/kubernetes-public/secrets/slack-moderator-config/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-05-28T03:40:18.876516Z", + "etag": "\"15b3ed7fd2d15b\"", "name": "projects/127754664067/secrets/slack-moderator-config/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json b/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json index 0357d279923..ebec117be9d 100644 --- a/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/description.json @@ -1,5 +1,6 @@ { "createTime": "2021-02-23T23:53:36.776896Z", + "etag": "\"15bc09a07c3ac0\"", "labels": { "app": "slack-infra" }, diff --git a/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/versions.json b/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/versions.json index a8da8895c5e..13a346c007e 100644 --- a/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/versions.json +++ b/audit/projects/kubernetes-public/secrets/slack-moderator-words-config/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2021-03-24T15:55:51.324556Z", + "etag": "\"15be4a554a038c\"", "name": "projects/127754664067/secrets/slack-moderator-words-config/versions/3", "replicationStatus": { "automatic": {} @@ -9,6 +10,7 @@ }, { "createTime": "2021-02-25T16:11:14.044771Z", + "etag": "\"15bc2b66927b63\"", "name": "projects/127754664067/secrets/slack-moderator-words-config/versions/2", "replicationStatus": { "automatic": {} @@ -18,6 +20,7 @@ { "createTime": "2021-02-25T16:05:18.014992Z", "destroyTime": "2021-02-25T16:11:33.616220913Z", + "etag": "\"15bc2b67bd6542\"", "name": "projects/127754664067/secrets/slack-moderator-words-config/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json b/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json index 7dca4f0be7c..bdfb220e601 100644 --- a/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json +++ b/audit/projects/kubernetes-public/secrets/slack-welcomer-config/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-05-28T03:40:14.323185Z", + "etag": "\"15b3ed7cf58969\"", "labels": { "app": "slack-infra" }, diff --git a/audit/projects/kubernetes-public/secrets/slack-welcomer-config/versions.json b/audit/projects/kubernetes-public/secrets/slack-welcomer-config/versions.json index 7fa43662b9d..9ddaf1c2e67 100644 --- a/audit/projects/kubernetes-public/secrets/slack-welcomer-config/versions.json +++ b/audit/projects/kubernetes-public/secrets/slack-welcomer-config/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-05-28T03:40:15.317636Z", + "etag": "\"15b3ed7ffcdd66\"", "name": "projects/127754664067/secrets/slack-welcomer-config/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/kubernetes-public/secrets/slackin-token/description.json b/audit/projects/kubernetes-public/secrets/slackin-token/description.json index 5cdcf889595..bd44999be10 100644 --- a/audit/projects/kubernetes-public/secrets/slackin-token/description.json +++ b/audit/projects/kubernetes-public/secrets/slackin-token/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-05-28T03:40:30.811539Z", + "etag": "\"15b3ed7c510c5a\"", "labels": { "app": "slack-infra" }, diff --git a/audit/projects/kubernetes-public/secrets/slackin-token/versions.json b/audit/projects/kubernetes-public/secrets/slackin-token/versions.json index a81809e8d91..7bd6dd58107 100644 --- a/audit/projects/kubernetes-public/secrets/slackin-token/versions.json +++ b/audit/projects/kubernetes-public/secrets/slackin-token/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-05-28T03:40:31.541692Z", + "etag": "\"15b3ed810a2c86\"", "name": "projects/127754664067/secrets/slackin-token/versions/1", "replicationStatus": { "automatic": {} diff --git a/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json b/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json index 3fbfbe0b0c8..b6fdaf50818 100644 --- a/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json +++ b/audit/projects/kubernetes-public/secrets/triage-party-github-token/description.json @@ -1,5 +1,6 @@ { "createTime": "2020-06-25T19:14:21.868654Z", + "etag": "\"15bc07c702e4bb\"", "labels": { "app": "triage-party" }, diff --git a/audit/projects/kubernetes-public/secrets/triage-party-github-token/versions.json b/audit/projects/kubernetes-public/secrets/triage-party-github-token/versions.json index 36b437d20c1..b141f5d6a1d 100644 --- a/audit/projects/kubernetes-public/secrets/triage-party-github-token/versions.json +++ b/audit/projects/kubernetes-public/secrets/triage-party-github-token/versions.json @@ -1,6 +1,7 @@ [ { "createTime": "2020-06-25T19:14:22.485364Z", + "etag": "\"15b3ed807e2197\"", "name": "projects/127754664067/secrets/triage-party-github-token/versions/1", "replicationStatus": { "automatic": {}