Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Read access to read access k8s-artifacts-gcslogs #1966

Merged
merged 1 commit into from
May 4, 2021

Conversation

ameukam
Copy link
Member

@ameukam ameukam commented Apr 22, 2021

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 22, 2021
@k8s-ci-robot k8s-ci-robot requested review from dims and nikhita April 22, 2021 21:00
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 22, 2021
@ameukam
Copy link
Member Author

ameukam commented Apr 22, 2021

/hold
Need approval from chairs and TLs.
/assign @dims @spiffxp @thockin
cc @hh @Riaankl

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 22, 2021
@hh
Copy link
Member

hh commented Apr 22, 2021

Thanks @ameukam

Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit otherwise LGTM

@spiffxp
Copy link
Member

spiffxp commented Apr 22, 2021

I still feel like moving the bucket to its own project might better accomplish the access rules laid out in #904 (comment) but if this gets us started for now so be it

@ameukam ameukam force-pushed the empower-ii-group-auditlogs branch from 0d26e6c to dd7ea6a Compare April 22, 2021 21:47
Copy link
Member

@thockin thockin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No objections to this alone, but I suspect it will just be the start

@hh
Copy link
Member

hh commented Apr 23, 2021 via email

Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm
I'll merge and deploy this as-is

Can migrate to a different bucket as followup, which I will track under the umbrella issue for GCS access logs: #904

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 4, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ameukam, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ameukam
Copy link
Member Author

ameukam commented May 4, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 4, 2021
@k8s-ci-robot k8s-ci-robot merged commit 163acfd into kubernetes:main May 4, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone May 4, 2021
@spiffxp
Copy link
Member

spiffxp commented May 4, 2021

Ran ./infra/gcp/ensure-prod-storage.sh but it stopped with this error before getting to the new binding

ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) NOT_FOUND: Not found; Gaia id not found for email k8s-infra-gcr-auditor@k8s-artifacts-prod.iam.gserviceaccount.com

@spiffxp
Copy link
Member

spiffxp commented May 4, 2021

OK this is #1730 rearing its head. Time to tackle that to unblock us here

@spiffxp
Copy link
Member

spiffxp commented May 4, 2021

A rerun appears to have successfully deployed these changes: #1998 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants