-
Notifications
You must be signed in to change notification settings - Fork 819
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
audit: update as of 2021-09-20 #2748
audit: update as of 2021-09-20 #2748
Conversation
354fbdd
to
6a619fb
Compare
3b25f25
to
48171ba
Compare
ca8965f
to
61e29a4
Compare
61e29a4
to
1472f7a
Compare
1472f7a
to
9dffa3f
Compare
@@ -15,7 +15,8 @@ | |||
{ | |||
"members": [ | |||
"group:k8s-infra-gcp-accounting@kubernetes.io", | |||
"group:k8s-infra-prod-readiness@kubernetes.io" | |||
"group:k8s-infra-prod-readiness@kubernetes.io", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added by #2744
@@ -15,7 +15,8 @@ | |||
{ | |||
"members": [ | |||
"group:k8s-infra-gcp-accounting@kubernetes.io", | |||
"group:k8s-infra-prod-readiness@kubernetes.io" | |||
"group:k8s-infra-prod-readiness@kubernetes.io", | |||
"serviceAccount:bq-data-transfer-kettle@kubernetes-public.iam.gserviceaccount.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added by #2747
{ | ||
"members": [ | ||
"serviceAccount:service-127754664067@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com" | ||
], | ||
"role": "roles/bigquerydatatransfer.serviceAgent" | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did a manual run of the transfer job. #2749
@@ -0,0 +1,8 @@ | |||
{ | |||
"description": "Service Acccount BigQuery Data Transfer", | |||
"email": "bq-data-transfer-kettle@kubernetes-public.iam.gserviceaccount.com", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added by #2737
@@ -0,0 +1,8 @@ | |||
{ | |||
"displayName": "default service account for pods in aaa", | |||
"email": "kettle@kubernetes-public.iam.gserviceaccount.com", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added by #2737
"members": [ | ||
"serviceAccount:kubernetes-public.svc.id.goog[kettle/kettle]" | ||
], | ||
"role": "roles/iam.workloadIdentityUser" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added by #2737
"role": "WRITER", | ||
"userByEmail": "bq-data-transfer-kettle@kubernetes-public.iam.gserviceaccount.com" | ||
}, | ||
{ | ||
"role": "WRITER", | ||
"userByEmail": "kettle@kubernetes-public.iam.gserviceaccount.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done by #2737
@@ -1,5 +1,6 @@ | |||
NAME TITLE | |||
bigquery.googleapis.com BigQuery API | |||
bigquerydatatransfer.googleapis.com BigQuery Data Transfer API |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Enabled by #2749
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ameukam, k8s-infra-ci-robot The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Audit Updates wg-k8s-infra