Skip to content

Commit

Permalink
Read access to read access k8s-artifacts-gcslogs
Browse files Browse the repository at this point in the history 
Ref: #1945

Inital request:
https://groups.google.com/g/kubernetes-wg-k8s-infra/c/Wkw0uyMKSXk/m/QLVIAMZzAAAJ.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
  • Loading branch information
@ameukam
ameukam committed Apr 22, 2021
1 parent 494c07d commit 56c5025
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions infra/gcp/ensure-prod-storage.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -359,6 +359,12 @@ color 6 "Handling special cases"
$(svc_acct_email "${GCR_BACKUP_TEST_PRODBAK_PROJECT}" "${PROMOTER_SVCACCT}")
done

# Special case: empower k8s-infra-gcs-access-logs@kubernetes.io to read k8s-artifacts-gcslogs
# k8s-artifacts-gcslogs receive and store Cloud Audit logs for k8s-artificats-prod.
ensure_gcs_role_binding "gs://k8s-artifacts-gcslogs" \
"group:k8s-infra-gcs-access-logs@kubernetes.io" \
"objectViewer"

color 6 "Ensuring prod promoter vuln scanning svcacct exists"
ensure_service_account \
"${PROD_PROJECT}" \
Expand Down

0 comments on commit 56c5025

Please sign in to comment.