audit: update as of 2022-08-07

Author: Kubernetes Prow Robot

audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.etl_script_generated_set_20220726.access.json

@@ -0,0 +1,18 @@
+[
+  {
+    "role": "WRITER",
+    "specialGroup": "projectWriters"
+  },
+  {
+    "role": "OWNER",
+    "specialGroup": "projectOwners"
+  },
+  {
+    "role": "OWNER",
+    "userByEmail": "[email protected]"
+  },
+  {
+    "role": "READER",
+    "specialGroup": "projectReaders"
+  }
+]

audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.json

@@ -412,5 +412,14 @@
       "projectId": "k8s-infra-ii-sandbox"
     },
     "location": "US"
+  },
+  {
+    "kind": "bigquery#dataset",
+    "id": "k8s-infra-ii-sandbox:etl_script_generated_set_20220726",
+    "datasetReference": {
+      "datasetId": "etl_script_generated_set_20220726",
+      "projectId": "k8s-infra-ii-sandbox"
+    },
+    "location": "US"
   }
 ]

audit/projects/k8s-infra-oci-proxy-prod/services/logging/logs.json

@@ -1,5 +1,6 @@
 [
   "projects/k8s-infra-oci-proxy-prod/logs/cloudaudit.googleapis.com%2Factivity",
+  "projects/k8s-infra-oci-proxy-prod/logs/cloudaudit.googleapis.com%2Fsystem_event",
   "projects/k8s-infra-oci-proxy-prod/logs/requests",
   "projects/k8s-infra-oci-proxy-prod/logs/run.googleapis.com%2Frequests",
   "projects/k8s-infra-oci-proxy-prod/logs/run.googleapis.com%2Fstderr"

audit/projects/k8s-infra-prow-build-trusted/secrets/registry-k8s-io-s3-writer/description.json

@@ -0,0 +1,10 @@
+{
+  "createTime": "2022-08-02T17:43:54.580612Z",
+  "labels": {
+    "group": "sig-release"
+  },
+  "name": "projects/180382678033/secrets/registry-k8s-io-s3-writer",
+  "replication": {
+    "automatic": {}
+  }
+}

audit/projects/k8s-infra-prow-build-trusted/secrets/registry-k8s-io-s3-writer/iam.json

@@ -0,0 +1,12 @@
+{
+  "bindings": [
+    {
+      "members": [
+        "group:[email protected]",
+        "group:[email protected]"
+      ],
+      "role": "roles/secretmanager.admin"
+    }
+  ],
+  "version": 1
+}

audit/projects/k8s-infra-prow-build-trusted/secrets/registry-k8s-io-s3-writer/versions.json

@@ -0,0 +1,32 @@
+[
+  {
+    "clientSpecifiedPayloadChecksum": true,
+    "createTime": "2022-08-02T22:45:32.574869Z",
+    "etag": "\"15e549dfbc2095\"",
+    "name": "projects/180382678033/secrets/registry-k8s-io-s3-writer/versions/3",
+    "replicationStatus": {
+      "automatic": {}
+    },
+    "state": "ENABLED"
+  },
+  {
+    "clientSpecifiedPayloadChecksum": true,
+    "createTime": "2022-08-02T21:44:49.194237Z",
+    "etag": "\"15e549dfd1b853\"",
+    "name": "projects/180382678033/secrets/registry-k8s-io-s3-writer/versions/2",
+    "replicationStatus": {
+      "automatic": {}
+    },
+    "state": "DISABLED"
+  },
+  {
+    "clientSpecifiedPayloadChecksum": true,
+    "createTime": "2022-08-02T21:44:13.593562Z",
+    "etag": "\"15e549dfd16c69\"",
+    "name": "projects/180382678033/secrets/registry-k8s-io-s3-writer/versions/1",
+    "replicationStatus": {
+      "automatic": {}
+    },
+    "state": "DISABLED"
+  }
+]

audit/projects/k8s-infra-prow-build-trusted/service-accounts/k8s-cve-feed@k8s-infra-prow-build-trusted.iam.gserviceaccount.com/description.json

@@ -0,0 +1,8 @@
+{
+  "displayName": "write to gs://k8s-cve-feed",
+  "email": "k8s-cve-feed@k8s-infra-prow-build-trusted.iam.gserviceaccount.com",
+  "name": "projects/k8s-infra-prow-build-trusted/serviceAccounts/k8s-cve-feed@k8s-infra-prow-build-trusted.iam.gserviceaccount.com",
+  "oauth2ClientId": "104220461166094006825",
+  "projectId": "k8s-infra-prow-build-trusted",
+  "uniqueId": "104220461166094006825"
+}

audit/projects/k8s-infra-prow-build-trusted/service-accounts/k8s-cve-feed@k8s-infra-prow-build-trusted.iam.gserviceaccount.com/iam.json

@@ -0,0 +1,11 @@
+{
+  "bindings": [
+    {
+      "members": [
+        "serviceAccount:k8s-infra-prow-build-trusted.svc.id.goog[test-pods/k8s-cve-feed]"
+      ],
+      "role": "roles/iam.workloadIdentityUser"
+    }
+  ],
+  "version": 1
+}

audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json

@@ -20,8 +20,8 @@
   "binaryAuthorization": {},
   "clusterIpv4Cidr": "10.4.0.0/14",
   "createTime": "2020-04-30T23:44:46+00:00",
-  "currentMasterVersion": "1.22.8-gke.202",
-  "currentNodeVersion": "1.22.8-gke.202",
+  "currentMasterVersion": "1.22.10-gke.600",
+  "currentNodeVersion": "1.22.8-gke.202 *",
   "databaseEncryption": {
     "state": "DECRYPTED"
   },

audit/projects/k8s-infra-prow-build/services/container/clusters/prow-build.json

@@ -20,8 +20,8 @@
   "binaryAuthorization": {},
   "clusterIpv4Cidr": "10.32.0.0/14",
   "createTime": "2020-04-30T21:31:49+00:00",
-  "currentMasterVersion": "1.22.8-gke.202",
-  "currentNodeVersion": "1.22.8-gke.202",
+  "currentMasterVersion": "1.22.10-gke.600",
+  "currentNodeVersion": "1.22.8-gke.202 *",
   "databaseEncryption": {
     "state": "DECRYPTED"
   },

audit/projects/k8s-infra-prow-build/services/logging/logs.json

@@ -2,6 +2,7 @@
   "projects/k8s-infra-prow-build/logs/GCEGuestAgent",
   "projects/k8s-infra-prow-build/logs/OSConfigAgent",
   "projects/k8s-infra-prow-build/logs/cloudaudit.googleapis.com%2Factivity",
+  "projects/k8s-infra-prow-build/logs/cloudaudit.googleapis.com%2Fdata_access",
   "projects/k8s-infra-prow-build/logs/cloudaudit.googleapis.com%2Fsystem_event",
   "projects/k8s-infra-prow-build/logs/compute.googleapis.com%2Fshielded_vm_integrity",
   "projects/k8s-infra-prow-build/logs/container-runtime",

audit/projects/k8s-infra-public-pii/services/logging/logs.json

@@ -1 +1,3 @@
-[]
+[
+  "projects/k8s-infra-public-pii/logs/cloudaudit.googleapis.com%2Fsystem_event"
+]

audit/projects/k8s-infra-sandbox-capg/iam.json

@@ -40,6 +40,7 @@
     {
       "members": [
         "group:[email protected]",
+        "serviceAccount:[email protected]",
         "user:[email protected]"
       ],
       "role": "roles/owner"

audit/projects/k8s-infra-sandbox-capg/service-accounts/[email protected]/description.json

@@ -0,0 +1,8 @@
+{
+  "displayName": "richard-capg",
+  "email": "[email protected]",
+  "name": "projects/k8s-infra-sandbox-capg/serviceAccounts/[email protected]",
+  "oauth2ClientId": "100171940266561657278",
+  "projectId": "k8s-infra-sandbox-capg",
+  "uniqueId": "100171940266561657278"
+}

audit/projects/k8s-infra-sandbox-capg/service-accounts/[email protected]/iam.json

@@ -0,0 +1 @@
+{}

audit/projects/k8s-staging-addon-manager/buckets/artifacts.k8s-staging-addon-manager.appspot.com/metadata.txt

@@ -11,8 +11,8 @@ gs://artifacts.k8s-staging-addon-manager.appspot.com/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Wed, 30 Sep 2020 15:49:57 GMT
-	Time updated:			Mon, 13 Jun 2022 22:52:33 GMT
-	Metageneration:			24
+	Time updated:			Tue, 02 Aug 2022 14:12:30 GMT
+	Metageneration:			28
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager/metadata.txt

@@ -11,8 +11,8 @@ gs://k8s-staging-addon-manager/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Wed, 30 Sep 2020 15:50:33 GMT
-	Time updated:			Mon, 13 Jun 2022 22:52:54 GMT
-	Metageneration:			25
+	Time updated:			Tue, 02 Aug 2022 14:12:51 GMT
+	Metageneration:			29
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-addon-manager/services/enabled.txt

@@ -1,10 +1,14 @@
-NAME                              TITLE
-cloudbuild.googleapis.com         Cloud Build API
-cloudkms.googleapis.com           Cloud Key Management Service (KMS) API
-containerregistry.googleapis.com  Container Registry API
-iamcredentials.googleapis.com     IAM Service Account Credentials API
-logging.googleapis.com            Cloud Logging API
-pubsub.googleapis.com             Cloud Pub/Sub API
-secretmanager.googleapis.com      Secret Manager API
-storage-api.googleapis.com        Google Cloud Storage JSON API
-storage-component.googleapis.com  Cloud Storage
+NAME                                 TITLE
+artifactregistry.googleapis.com      Artifact Registry API
+cloudasset.googleapis.com            Cloud Asset API
+cloudbuild.googleapis.com            Cloud Build API
+cloudkms.googleapis.com              Cloud Key Management Service (KMS) API
+containerregistry.googleapis.com     Container Registry API
+iam.googleapis.com                   Identity and Access Management (IAM) API
+iamcredentials.googleapis.com        IAM Service Account Credentials API
+logging.googleapis.com               Cloud Logging API
+policytroubleshooter.googleapis.com  Policy Troubleshooter API
+pubsub.googleapis.com                Cloud Pub/Sub API
+secretmanager.googleapis.com         Secret Manager API
+storage-api.googleapis.com           Google Cloud Storage JSON API
+storage-component.googleapis.com     Cloud Storage

audit/projects/k8s-staging-addon-manager/services/logging/logs.json

@@ -1 +1,3 @@
-[]
+[
+  "projects/k8s-staging-addon-manager/logs/cloudaudit.googleapis.com%2Factivity"
+]

audit/projects/k8s-staging-apisnoop/buckets/artifacts.k8s-staging-apisnoop.appspot.com/metadata.txt

@@ -11,8 +11,8 @@ gs://artifacts.k8s-staging-apisnoop.appspot.com/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Tue, 21 Jan 2020 18:12:15 GMT
-	Time updated:			Mon, 13 Jun 2022 22:53:48 GMT
-	Metageneration:			28
+	Time updated:			Tue, 02 Aug 2022 14:14:08 GMT
+	Metageneration:			32
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop/metadata.txt

@@ -11,8 +11,8 @@ gs://k8s-staging-apisnoop/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Tue, 21 Jan 2020 18:13:00 GMT
-	Time updated:			Mon, 13 Jun 2022 22:54:09 GMT
-	Metageneration:			40
+	Time updated:			Tue, 02 Aug 2022 14:14:29 GMT
+	Metageneration:			44
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-apisnoop/services/enabled.txt

@@ -1,10 +1,14 @@
-NAME                              TITLE
-cloudbuild.googleapis.com         Cloud Build API
-cloudkms.googleapis.com           Cloud Key Management Service (KMS) API
-containerregistry.googleapis.com  Container Registry API
-iamcredentials.googleapis.com     IAM Service Account Credentials API
-logging.googleapis.com            Cloud Logging API
-pubsub.googleapis.com             Cloud Pub/Sub API
-secretmanager.googleapis.com      Secret Manager API
-storage-api.googleapis.com        Google Cloud Storage JSON API
-storage-component.googleapis.com  Cloud Storage
+NAME                                 TITLE
+artifactregistry.googleapis.com      Artifact Registry API
+cloudasset.googleapis.com            Cloud Asset API
+cloudbuild.googleapis.com            Cloud Build API
+cloudkms.googleapis.com              Cloud Key Management Service (KMS) API
+containerregistry.googleapis.com     Container Registry API
+iam.googleapis.com                   Identity and Access Management (IAM) API
+iamcredentials.googleapis.com        IAM Service Account Credentials API
+logging.googleapis.com               Cloud Logging API
+policytroubleshooter.googleapis.com  Policy Troubleshooter API
+pubsub.googleapis.com                Cloud Pub/Sub API
+secretmanager.googleapis.com         Secret Manager API
+storage-api.googleapis.com           Google Cloud Storage JSON API
+storage-component.googleapis.com     Cloud Storage

audit/projects/k8s-staging-artifact-promoter/buckets/artifacts.k8s-staging-artifact-promoter.appspot.com/metadata.txt

@@ -11,8 +11,8 @@ gs://artifacts.k8s-staging-artifact-promoter.appspot.com/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Tue, 20 Aug 2019 00:06:52 GMT
-	Time updated:			Mon, 13 Jun 2022 22:55:03 GMT
-	Metageneration:			28
+	Time updated:			Tue, 02 Aug 2022 14:15:46 GMT
+	Metageneration:			32
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter/metadata.txt

@@ -11,8 +11,8 @@ gs://k8s-staging-artifact-promoter/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Tue, 20 Aug 2019 00:07:32 GMT
-	Time updated:			Mon, 13 Jun 2022 22:55:24 GMT
-	Metageneration:			43
+	Time updated:			Tue, 02 Aug 2022 14:16:10 GMT
+	Metageneration:			47
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-artifact-promoter/services/enabled.txt

@@ -1,11 +1,14 @@
-NAME                              TITLE
-artifactregistry.googleapis.com   Artifact Registry API
-cloudbuild.googleapis.com         Cloud Build API
-cloudkms.googleapis.com           Cloud Key Management Service (KMS) API
-containerregistry.googleapis.com  Container Registry API
-iamcredentials.googleapis.com     IAM Service Account Credentials API
-logging.googleapis.com            Cloud Logging API
-pubsub.googleapis.com             Cloud Pub/Sub API
-secretmanager.googleapis.com      Secret Manager API
-storage-api.googleapis.com        Google Cloud Storage JSON API
-storage-component.googleapis.com  Cloud Storage
+NAME                                 TITLE
+artifactregistry.googleapis.com      Artifact Registry API
+cloudasset.googleapis.com            Cloud Asset API
+cloudbuild.googleapis.com            Cloud Build API
+cloudkms.googleapis.com              Cloud Key Management Service (KMS) API
+containerregistry.googleapis.com     Container Registry API
+iam.googleapis.com                   Identity and Access Management (IAM) API
+iamcredentials.googleapis.com        IAM Service Account Credentials API
+logging.googleapis.com               Cloud Logging API
+policytroubleshooter.googleapis.com  Policy Troubleshooter API
+pubsub.googleapis.com                Cloud Pub/Sub API
+secretmanager.googleapis.com         Secret Manager API
+storage-api.googleapis.com           Google Cloud Storage JSON API
+storage-component.googleapis.com     Cloud Storage

audit/projects/k8s-staging-autoscaling/buckets/artifacts.k8s-staging-autoscaling.appspot.com/metadata.txt

@@ -11,8 +11,8 @@ gs://artifacts.k8s-staging-autoscaling.appspot.com/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Fri, 20 Mar 2020 19:00:58 GMT
-	Time updated:			Mon, 13 Jun 2022 22:56:19 GMT
-	Metageneration:			26
+	Time updated:			Tue, 02 Aug 2022 14:17:28 GMT
+	Metageneration:			30
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling/metadata.txt

@@ -11,8 +11,8 @@ gs://k8s-staging-autoscaling/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Fri, 20 Mar 2020 19:01:48 GMT
-	Time updated:			Mon, 13 Jun 2022 22:56:40 GMT
-	Metageneration:			37
+	Time updated:			Tue, 02 Aug 2022 14:17:49 GMT
+	Metageneration:			41
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-autoscaling/services/enabled.txt

@@ -1,10 +1,14 @@
-NAME                              TITLE
-cloudbuild.googleapis.com         Cloud Build API
-cloudkms.googleapis.com           Cloud Key Management Service (KMS) API
-containerregistry.googleapis.com  Container Registry API
-iamcredentials.googleapis.com     IAM Service Account Credentials API
-logging.googleapis.com            Cloud Logging API
-pubsub.googleapis.com             Cloud Pub/Sub API
-secretmanager.googleapis.com      Secret Manager API
-storage-api.googleapis.com        Google Cloud Storage JSON API
-storage-component.googleapis.com  Cloud Storage
+NAME                                 TITLE
+artifactregistry.googleapis.com      Artifact Registry API
+cloudasset.googleapis.com            Cloud Asset API
+cloudbuild.googleapis.com            Cloud Build API
+cloudkms.googleapis.com              Cloud Key Management Service (KMS) API
+containerregistry.googleapis.com     Container Registry API
+iam.googleapis.com                   Identity and Access Management (IAM) API
+iamcredentials.googleapis.com        IAM Service Account Credentials API
+logging.googleapis.com               Cloud Logging API
+policytroubleshooter.googleapis.com  Policy Troubleshooter API
+pubsub.googleapis.com                Cloud Pub/Sub API
+secretmanager.googleapis.com         Secret Manager API
+storage-api.googleapis.com           Google Cloud Storage JSON API
+storage-component.googleapis.com     Cloud Storage

audit/projects/k8s-staging-autoscaling/services/logging/logs.json

@@ -1 +1,3 @@
-[]
+[
+  "projects/k8s-staging-autoscaling/logs/cloudaudit.googleapis.com%2Factivity"
+]

audit/projects/k8s-staging-bom/buckets/artifacts.k8s-staging-bom.appspot.com/metadata.txt

@@ -11,8 +11,8 @@ gs://artifacts.k8s-staging-bom.appspot.com/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Wed, 09 Feb 2022 10:25:24 GMT
-	Time updated:			Mon, 13 Jun 2022 22:57:34 GMT
-	Metageneration:			12
+	Time updated:			Tue, 02 Aug 2022 14:19:07 GMT
+	Metageneration:			16
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT

audit/projects/k8s-staging-bom/buckets/k8s-staging-bom/metadata.txt

@@ -11,8 +11,8 @@ gs://k8s-staging-bom/ :
 	Labels:				None
 	Default KMS key:		None
 	Time created:			Wed, 09 Feb 2022 10:26:20 GMT
-	Time updated:			Mon, 13 Jun 2022 22:57:55 GMT
-	Metageneration:			13
+	Time updated:			Tue, 02 Aug 2022 14:19:28 GMT
+	Metageneration:			17
 	Bucket Policy Only enabled:	True
 	Public access prevention:	inherited
 	RPO:				DEFAULT