-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update audit #848
Update audit #848
Conversation
same permissions as deployer@k8s-prow
and a few gcb-builder stragglers
the groups reconciler now gets the service account it needs to do its thing from a secret stored in this project, instead of git-crypt
created via ensure-e2e-projects.sh
sshKeys: deleted dev2 cluster ssh-keys: accidental deletion, but they expired so not replacing
this looks like a full run of ensure-staging-storage.sh refresh some things for this bucket, or maybe previous audits missed this bucket
/cc @thockin |
@@ -8,8 +8,11 @@ clouddebugger.googleapis.com Cloud Debugger API | |||
cloudkms.googleapis.com Cloud Key Management Service (KMS) API | |||
cloudtrace.googleapis.com Cloud Trace API | |||
compute.googleapis.com Compute Engine API | |||
container.googleapis.com Kubernetes Engine API |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was @dims. It's sadly easy to enable just by clicking the UI wrong. Not harmful, but I manually reverted this anyway.
We need Hourly runs of audit and PRs :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whoa! Sorry again
The legacy bucket writer stuff is odd. Activity shows it was you on April 30, 2020 at 10:20:48 PM GMT-7 |
Glad we have this to keep us honest! :) |
I don't have the history to prove when I ran it, but I suspect I ran ./ensure-staging-storage.sh to hit all buckets, and this was likely after some refactoring you had done (I just couldn't identify the PR) |
Are we fine merging this as is and having a followup audit catch us cleaning up? |
Sounds good @spiffxp ! |
/approve /hold for @thockin |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dims, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold cancel |
I would not recommend trying to review all files at once.
This was primarily intended to pick up everything from #830 (prow build clusters and related infra), and demonstrate that #806 (prototype prow build cluster) has nothing hanging around (most of which was picked up from unmerged audit #807)
This picks up:
and then two commits at the end where I'm not entirely sure what happened