Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update audit #848

Merged
merged 14 commits into from
May 9, 2020
Merged

Update audit #848

merged 14 commits into from
May 9, 2020

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented May 6, 2020

I would not recommend trying to review all files at once.

This was primarily intended to pick up everything from #830 (prow build clusters and related infra), and demonstrate that #806 (prototype prow build cluster) has nothing hanging around (most of which was picked up from unmerged audit #807)

This picks up:

and then two commits at the end where I'm not entirely sure what happened

spiffxp added 14 commits May 6, 2020 16:50
same permissions as deployer@k8s-prow
and a few gcb-builder stragglers
the groups reconciler now gets the service account it needs to do its
thing from a secret stored in this project, instead of git-crypt
created via ensure-e2e-projects.sh
sshKeys: deleted dev2 cluster

ssh-keys: accidental deletion, but they expired so not replacing
this looks like a full run of ensure-staging-storage.sh refresh some
things for this bucket, or maybe previous audits missed this bucket
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/audit Audit of project resources, audit followup issues, code in audit/ labels May 6, 2020
@k8s-ci-robot k8s-ci-robot requested review from bartsmykla and dims May 6, 2020 23:51
@k8s-ci-robot k8s-ci-robot added wg/k8s-infra approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 6, 2020
@spiffxp spiffxp mentioned this pull request May 7, 2020
@spiffxp
Copy link
Member Author

spiffxp commented May 7, 2020

/cc @thockin

@k8s-ci-robot k8s-ci-robot requested a review from thockin May 7, 2020 00:38
@@ -8,8 +8,11 @@ clouddebugger.googleapis.com Cloud Debugger API
cloudkms.googleapis.com Cloud Key Management Service (KMS) API
cloudtrace.googleapis.com Cloud Trace API
compute.googleapis.com Compute Engine API
container.googleapis.com Kubernetes Engine API
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was @dims. It's sadly easy to enable just by clicking the UI wrong. Not harmful, but I manually reverted this anyway.

We need Hourly runs of audit and PRs :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoa! Sorry again

@thockin
Copy link
Member

thockin commented May 7, 2020

The legacy bucket writer stuff is odd. Activity shows it was you on April 30, 2020 at 10:20:48 PM GMT-7

@dims
Copy link
Member

dims commented May 7, 2020

Glad we have this to keep us honest! :)

@spiffxp
Copy link
Member Author

spiffxp commented May 7, 2020

@thockin

The legacy bucket writer stuff is odd. Activity shows it was you on April 30, 2020 at 10:20:48 PM GMT-7

I don't have the history to prove when I ran it, but I suspect I ran ./ensure-staging-storage.sh to hit all buckets, and this was likely after some refactoring you had done (I just couldn't identify the PR)

@spiffxp
Copy link
Member Author

spiffxp commented May 7, 2020

Are we fine merging this as is and having a followup audit catch us cleaning up?

@dims
Copy link
Member

dims commented May 7, 2020

Sounds good @spiffxp !

@dims
Copy link
Member

dims commented May 7, 2020

/approve
/lgtm

/hold for @thockin

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 7, 2020
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 7, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@spiffxp
Copy link
Member Author

spiffxp commented May 9, 2020

/hold cancel
(spoke with @thockin offline)

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 9, 2020
@k8s-ci-robot k8s-ci-robot merged commit d3a4194 into kubernetes:master May 9, 2020
@spiffxp spiffxp deleted the audit-update branch May 9, 2020 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/audit Audit of project resources, audit followup issues, code in audit/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants