-
Notifications
You must be signed in to change notification settings - Fork 796
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update audit as of 2020-04-27 #807
Conversation
remove groups from projectViewer role
... mea culpa, I accidentally nuked kubernetes-public's project-wide ssh-keys metadata, dims will need to re-add
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
"bindings": [ | ||
{ | ||
"members": [ | ||
"serviceAccount:kubernetes-public.svc.id.goog[test-pods/boskos-janitor]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it still called "test-pods"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #806 (comment)
@@ -1,22 +1,22 @@ | |||
{ | |||
"commonInstanceMetadata": { | |||
"fingerprint": "9_em4FUS_lU=", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another candidate for being removed @bartsmykla
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done: #809
{ | ||
"createTime": "2020-04-26T17:09:06.114Z", | ||
"lifecycleState": "ACTIVE", | ||
"name": "spiffxp-boskos-project-01", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's not forget to clean these up :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is exactly why I put my name on them
/close |
@spiffxp: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This was intended to pick up the results of running scripts/terraform introduced in #806
It also picked up:
projectView
permissions onk8s-conform
bucketskubernetes-public
project-widessh-keys
metadataspiffxp-node-e2e-project
but forgot the--project
flag and was defaulted tokubernetes-public
2020-01-28
/cc @dims
to ack the ssh-keys removal
/cc @thockin @bartsmykla @cblecker
whomever is interested in reviewing the audit