diff --git a/audit/projects/k8s-artifacts-prod/services/enabled.txt b/audit/projects/k8s-artifacts-prod/services/enabled.txt index 7c8d574d15d2..f2d2bfe53e5d 100644 --- a/audit/projects/k8s-artifacts-prod/services/enabled.txt +++ b/audit/projects/k8s-artifacts-prod/services/enabled.txt @@ -9,7 +9,6 @@ cloudtrace.googleapis.com Cloud Trace API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API datastore.googleapis.com Cloud Datastore API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API diff --git a/audit/projects/k8s-cip-test-prod/services/enabled.txt b/audit/projects/k8s-cip-test-prod/services/enabled.txt index 1aa2d8aef9e5..6cd205e21fc6 100644 --- a/audit/projects/k8s-cip-test-prod/services/enabled.txt +++ b/audit/projects/k8s-cip-test-prod/services/enabled.txt @@ -7,7 +7,6 @@ cloudtrace.googleapis.com Cloud Trace API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API datastore.googleapis.com Cloud Datastore API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API diff --git a/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json b/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json index 9ca428a68b03..64566a1acedf 100644 --- a/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json +++ b/audit/projects/k8s-infra-e2e-boskos-scale-13/services/compute/project-info.json @@ -3,7 +3,7 @@ "items": [ { "key": "ssh-keys", - "value": "prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nprow:prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow" + "value": "prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nprow:prow:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmYxHh/wwcV0P1aChuFLpl28w6DFyc7G5Xrw1F8wH1Re9AdxyemM2bTZ/PhsP3u9VDnNbyOw3UN00VFdumkFLjLf1WQ7Q6rZDlPjlw7urBIvAMqUecY6ae1znqsZ0dMBxOuPXHznlnjLjM5b7O7q5WsQMCA9Szbmz6DsuSyCuX0It2osBTN+8P/Fa6BNh3W8AF60M7L8/aUzLfbXVS2LIQKAHHD8CWqvXhLPuTJ03iSwFvgtAK1/J2XJwUP+OzAFrxj6A9LW5ZZgk3R3kRKr0xT/L7hga41rB1qy8Uz+Xr/PTVMNGW+nmU4bPgFchCK0JBK7B12ZcdVVFUEdpaAiKZ prow\nzawodny:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSesDvaYgkqiBK/5cA6qhNuffwxaEg2KjP80uMi2MRPiMCem5A0vbeSg0/U2KKYpzkNfQkBGfj4vYDCjsQU4J978kL/ppzn9Cgu0gwCLF+w2Z3IdxazBSoV+cG605hishOIKFHJrTECQz2cd9GQpRRUAKaxfd0iz5nGgcxqtHtGwjv2refuPqXGR1DRBUC9R6sPOkwLDDdNHMUDGu5+TDHCLW80wPUCKlk3kMik4O5H9/0oPGvErfGX/WSa/VmOfbTUZOL5bUqPQixZZnh5e4tUcslPJD429Y5Gk/jWd9edn2G/NnpszfmaB1wmwpUVbYPMcTGR+8n/0TUBfTCbnjmBSys+MHHdnVWcT59T19A5rlQKGPBbzmomJdl8N8maCgmQOhi1t1/lMxX9X7A2MWFeaze30P4dFUQq/jqeyVeP+4ROiG3xRr9jxgh2A916gvPF05c7Kk5cLkCgVqHc9HG8cgRBXqVGGIp/3BOwCdho/1JIKDniqwx8Vrv16dOmnM= zawodny" } ], "kind": "compute#metadata" diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/bucketpolicyonly.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/bucketpolicyonly.txt new file mode 100644 index 000000000000..1f0c2cd43e6b --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/bucketpolicyonly.txt @@ -0,0 +1,3 @@ +Bucket Policy Only setting for gs://k8s-infra-ii-sandbox-bb-test: + Enabled: False + diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/cors.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/cors.txt new file mode 100644 index 000000000000..a2fe46ccb960 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/cors.txt @@ -0,0 +1 @@ +gs://k8s-infra-ii-sandbox-bb-test/ has no CORS configuration. diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/iam.json b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/iam.json new file mode 100644 index 000000000000..c02e6f33470c --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/iam.json @@ -0,0 +1,17 @@ +{ + "bindings": [ + { + "members": [ + "projectEditor:k8s-infra-ii-sandbox", + "projectOwner:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketOwner" + }, + { + "members": [ + "projectViewer:k8s-infra-ii-sandbox" + ], + "role": "roles/storage.legacyBucketReader" + } + ] +} diff --git a/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/logging.txt b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/logging.txt new file mode 100644 index 000000000000..b24f97baf849 --- /dev/null +++ b/audit/projects/k8s-infra-ii-sandbox/buckets/k8s-infra-ii-sandbox-bb-test/logging.txt @@ -0,0 +1 @@ +gs://k8s-infra-ii-sandbox-bb-test/ has no logging configuration. diff --git a/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json b/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json index 2e0ccc05af56..307122b79287 100644 --- a/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json +++ b/audit/projects/k8s-release-test-prod/buckets/k8s-release-test-prod-gcb/iam.json @@ -35,7 +35,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -43,7 +42,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-release-test-prod/iam.json b/audit/projects/k8s-release-test-prod/iam.json index 4408007639e6..964532db5816 100644 --- a/audit/projects/k8s-release-test-prod/iam.json +++ b/audit/projects/k8s-release-test-prod/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:925892675446@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json b/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json index 4f8ae0abaaa4..ebfc0efe13e1 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release-gcb/iam.json @@ -31,7 +31,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -39,7 +38,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-release/iam.json b/audit/projects/k8s-release/iam.json index f8cd5ab3d146..a5017c1e7b54 100644 --- a/audit/projects/k8s-release/iam.json +++ b/audit/projects/k8s-release/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:304687256732@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json b/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json index a98593d2a8f5..bc9910ec12e7 100644 --- a/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json +++ b/audit/projects/k8s-staging-addon-manager/buckets/k8s-staging-addon-manager-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-addon-manager/iam.json b/audit/projects/k8s-staging-addon-manager/iam.json index 4a87fc6d949a..cf515f62fade 100644 --- a/audit/projects/k8s-staging-addon-manager/iam.json +++ b/audit/projects/k8s-staging-addon-manager/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:103321906213@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-addon-manager/services/enabled.txt b/audit/projects/k8s-staging-addon-manager/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-addon-manager/services/enabled.txt +++ b/audit/projects/k8s-staging-addon-manager/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json b/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json index 0b16243a3a07..7590816f886e 100644 --- a/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json +++ b/audit/projects/k8s-staging-apisnoop/buckets/k8s-staging-apisnoop-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-apisnoop/iam.json b/audit/projects/k8s-staging-apisnoop/iam.json index 1946d5fce9f5..58047daf17e9 100644 --- a/audit/projects/k8s-staging-apisnoop/iam.json +++ b/audit/projects/k8s-staging-apisnoop/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:782271650518@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-apisnoop/services/enabled.txt b/audit/projects/k8s-staging-apisnoop/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-apisnoop/services/enabled.txt +++ b/audit/projects/k8s-staging-apisnoop/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json b/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json index 3b509f709a36..723fde7057e1 100644 --- a/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json +++ b/audit/projects/k8s-staging-artifact-promoter/buckets/k8s-staging-artifact-promoter-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-artifact-promoter/iam.json b/audit/projects/k8s-staging-artifact-promoter/iam.json index d52f5443a485..bb4f5424a8fc 100644 --- a/audit/projects/k8s-staging-artifact-promoter/iam.json +++ b/audit/projects/k8s-staging-artifact-promoter/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:675573440409@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt b/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt +++ b/audit/projects/k8s-staging-artifact-promoter/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json b/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json index a7ea2603ec47..3134e9fe4fba 100644 --- a/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json +++ b/audit/projects/k8s-staging-autoscaling/buckets/k8s-staging-autoscaling-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-autoscaling/iam.json b/audit/projects/k8s-staging-autoscaling/iam.json index ead10ba0ba1c..a93d12d6712d 100644 --- a/audit/projects/k8s-staging-autoscaling/iam.json +++ b/audit/projects/k8s-staging-autoscaling/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:371644685964@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-autoscaling/services/enabled.txt b/audit/projects/k8s-staging-autoscaling/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-autoscaling/services/enabled.txt +++ b/audit/projects/k8s-staging-autoscaling/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json b/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json index 6525e97c6b11..a1fc57e86ce3 100644 --- a/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json +++ b/audit/projects/k8s-staging-bootkube/buckets/k8s-staging-bootkube-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-bootkube/iam.json b/audit/projects/k8s-staging-bootkube/iam.json index 9c154c41276e..a6f835cd082d 100644 --- a/audit/projects/k8s-staging-bootkube/iam.json +++ b/audit/projects/k8s-staging-bootkube/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:48439280800@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-bootkube/services/enabled.txt b/audit/projects/k8s-staging-bootkube/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-bootkube/services/enabled.txt +++ b/audit/projects/k8s-staging-bootkube/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json b/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json index 344d7718880f..5fb2e07f793b 100644 --- a/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json +++ b/audit/projects/k8s-staging-boskos/buckets/k8s-staging-boskos-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-boskos/iam.json b/audit/projects/k8s-staging-boskos/iam.json index a8d2a5181e97..07fc4571486c 100644 --- a/audit/projects/k8s-staging-boskos/iam.json +++ b/audit/projects/k8s-staging-boskos/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:41305360102@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-boskos/services/enabled.txt b/audit/projects/k8s-staging-boskos/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-boskos/services/enabled.txt +++ b/audit/projects/k8s-staging-boskos/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json b/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json index c7f000af3ac2..d48945dd5dc5 100644 --- a/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json +++ b/audit/projects/k8s-staging-build-image/buckets/k8s-staging-build-image-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-build-image/iam.json b/audit/projects/k8s-staging-build-image/iam.json index 74d2cd22a48b..8395725210f4 100644 --- a/audit/projects/k8s-staging-build-image/iam.json +++ b/audit/projects/k8s-staging-build-image/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:960211007710@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-build-image/services/enabled.txt b/audit/projects/k8s-staging-build-image/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-build-image/services/enabled.txt +++ b/audit/projects/k8s-staging-build-image/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json b/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json index 0ea1228a3169..30e376476d3b 100644 --- a/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-docker/buckets/k8s-staging-capi-docker-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-docker/iam.json b/audit/projects/k8s-staging-capi-docker/iam.json index eb6e826e0964..1e92e05979be 100644 --- a/audit/projects/k8s-staging-capi-docker/iam.json +++ b/audit/projects/k8s-staging-capi-docker/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:44019431644@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-docker/services/enabled.txt b/audit/projects/k8s-staging-capi-docker/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-capi-docker/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-docker/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json b/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json index 7203e40dd76c..0db59cae6604 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-kubeadm/buckets/k8s-staging-capi-kubeadm-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-kubeadm/iam.json b/audit/projects/k8s-staging-capi-kubeadm/iam.json index 89e7f17e16c2..ae3cf2788d9f 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/iam.json +++ b/audit/projects/k8s-staging-capi-kubeadm/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:778608689920@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt b/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-kubeadm/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json b/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json index 496d566d199d..718a420b81b3 100644 --- a/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-openstack/buckets/k8s-staging-capi-openstack-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-openstack/iam.json b/audit/projects/k8s-staging-capi-openstack/iam.json index 14145e2c7e9c..5412fe8c4797 100644 --- a/audit/projects/k8s-staging-capi-openstack/iam.json +++ b/audit/projects/k8s-staging-capi-openstack/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:129051311436@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-openstack/services/enabled.txt b/audit/projects/k8s-staging-capi-openstack/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-capi-openstack/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-openstack/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json b/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json index bfefb55c718d..ddd1e33fca26 100644 --- a/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json +++ b/audit/projects/k8s-staging-capi-vsphere/buckets/k8s-staging-capi-vsphere-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-capi-vsphere/iam.json b/audit/projects/k8s-staging-capi-vsphere/iam.json index c4d4287f5b9a..1310d46a0b18 100644 --- a/audit/projects/k8s-staging-capi-vsphere/iam.json +++ b/audit/projects/k8s-staging-capi-vsphere/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:459565607671@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt b/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt +++ b/audit/projects/k8s-staging-capi-vsphere/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json b/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json index 6f6b961b9f24..264a3b8f509d 100644 --- a/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json +++ b/audit/projects/k8s-staging-ci-images/buckets/k8s-staging-ci-images-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-ci-images/iam.json b/audit/projects/k8s-staging-ci-images/iam.json index 401f1f66d5ec..825593befec8 100644 --- a/audit/projects/k8s-staging-ci-images/iam.json +++ b/audit/projects/k8s-staging-ci-images/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:731599680865@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-ci-images/services/enabled.txt b/audit/projects/k8s-staging-ci-images/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-ci-images/services/enabled.txt +++ b/audit/projects/k8s-staging-ci-images/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json b/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json index c258b1fdaa2b..a7186a689c70 100644 --- a/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json +++ b/audit/projects/k8s-staging-cip-test/buckets/k8s-staging-cip-test-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cip-test/iam.json b/audit/projects/k8s-staging-cip-test/iam.json index fa29dc03f847..0423c7528ded 100644 --- a/audit/projects/k8s-staging-cip-test/iam.json +++ b/audit/projects/k8s-staging-cip-test/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:324460563566@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cip-test/services/enabled.txt b/audit/projects/k8s-staging-cip-test/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cip-test/services/enabled.txt +++ b/audit/projects/k8s-staging-cip-test/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json b/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json index 537a67859c65..f99fb2984509 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json +++ b/audit/projects/k8s-staging-cloud-provider-gcp/buckets/k8s-staging-cloud-provider-gcp-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/iam.json b/audit/projects/k8s-staging-cloud-provider-gcp/iam.json index 386ebf4a8800..e413ca47cc84 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/iam.json +++ b/audit/projects/k8s-staging-cloud-provider-gcp/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:67010995753@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt b/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt +++ b/audit/projects/k8s-staging-cloud-provider-gcp/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json b/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json index 001de2439daf..04b7c8a9fe49 100644 --- a/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-addons/buckets/k8s-staging-cluster-addons-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-addons/iam.json b/audit/projects/k8s-staging-cluster-addons/iam.json index 4c3770f492d6..fe046ca94811 100644 --- a/audit/projects/k8s-staging-cluster-addons/iam.json +++ b/audit/projects/k8s-staging-cluster-addons/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:239900365888@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-addons/services/enabled.txt b/audit/projects/k8s-staging-cluster-addons/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cluster-addons/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-addons/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json index 558b96aea71b..2c82d9d34363 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-aws/buckets/k8s-staging-cluster-api-aws-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-aws/iam.json b/audit/projects/k8s-staging-cluster-api-aws/iam.json index 845d5de2d787..491d2613dd9a 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/iam.json +++ b/audit/projects/k8s-staging-cluster-api-aws/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:433651898792@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-aws/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json index fc7b05558d50..9678f410e4bb 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-azure/buckets/k8s-staging-cluster-api-azure-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-azure/iam.json b/audit/projects/k8s-staging-cluster-api-azure/iam.json index 6e0188319e18..06eca7af1c9f 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/iam.json +++ b/audit/projects/k8s-staging-cluster-api-azure/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1087109869165@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-azure/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json index 8dde774e7b8d..6cf278c80d1f 100644 --- a/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-do/buckets/k8s-staging-cluster-api-do-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-do/iam.json b/audit/projects/k8s-staging-cluster-api-do/iam.json index f64e231d8767..531393b9c3ca 100644 --- a/audit/projects/k8s-staging-cluster-api-do/iam.json +++ b/audit/projects/k8s-staging-cluster-api-do/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:226017735054@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-do/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json index 59f819b346d0..d2b20a63a466 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp-gcb/iam.json @@ -29,7 +29,7 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +37,7 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json index 8de387926b73..90ee0391f680 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/buckets/k8s-staging-cluster-api-gcp/iam.json @@ -29,7 +29,14 @@ }, { "members": [ - "allUsers" + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" + ], + "role": "roles/storage.objectCreator" + }, + { + "members": [ + "allUsers", + "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" } diff --git a/audit/projects/k8s-staging-cluster-api-gcp/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/iam.json index 222941acad61..9d8007710831 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:606075400249@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], diff --git a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json index 07491c951923..6d6e594a7606 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/service-accounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com/description.json @@ -1,5 +1,5 @@ { - "displayName": "used by k8s-infra-prow-build to trigger GCB, write to GCR for k8s-staging-cluster-api-gcp", + "displayName": "used by prow to use GCB, write to GCR and GCS for k8s-staging-cluster-api-gcp", "email": "gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "name": "projects/k8s-staging-cluster-api-gcp/serviceAccounts/gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com", "oauth2ClientId": "108043822519400192439", diff --git a/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt b/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt index 661451636fab..0d782aac9a49 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api-gcp/services/enabled.txt @@ -4,7 +4,6 @@ cloudkms.googleapis.com Cloud Key Management Service (KMS) API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API oslogin.googleapis.com Cloud OS Login API pubsub.googleapis.com Cloud Pub/Sub API diff --git a/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json b/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json index b3cbabf47363..b56a6ae999ef 100644 --- a/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json +++ b/audit/projects/k8s-staging-cluster-api/buckets/k8s-staging-cluster-api-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cluster-api/iam.json b/audit/projects/k8s-staging-cluster-api/iam.json index 355f8e455261..3e40235b1bc4 100644 --- a/audit/projects/k8s-staging-cluster-api/iam.json +++ b/audit/projects/k8s-staging-cluster-api/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:190130481896@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cluster-api/services/enabled.txt b/audit/projects/k8s-staging-cluster-api/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cluster-api/services/enabled.txt +++ b/audit/projects/k8s-staging-cluster-api/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json b/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json index 0662304e0f50..e3da97814924 100644 --- a/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json +++ b/audit/projects/k8s-staging-coredns/buckets/k8s-staging-coredns-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-coredns/iam.json b/audit/projects/k8s-staging-coredns/iam.json index c6409cab5b10..98bb02d8062d 100644 --- a/audit/projects/k8s-staging-coredns/iam.json +++ b/audit/projects/k8s-staging-coredns/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:848617618266@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-coredns/services/enabled.txt b/audit/projects/k8s-staging-coredns/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-coredns/services/enabled.txt +++ b/audit/projects/k8s-staging-coredns/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json b/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json index 9625155743fb..ec6029a79432 100644 --- a/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json +++ b/audit/projects/k8s-staging-cpa/buckets/k8s-staging-cpa-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cpa/iam.json b/audit/projects/k8s-staging-cpa/iam.json index b64fe14a267d..8436038f7a29 100644 --- a/audit/projects/k8s-staging-cpa/iam.json +++ b/audit/projects/k8s-staging-cpa/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:644315828680@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cpa/services/enabled.txt b/audit/projects/k8s-staging-cpa/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cpa/services/enabled.txt +++ b/audit/projects/k8s-staging-cpa/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json b/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json index 1811189d38ca..df9b55545476 100644 --- a/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json +++ b/audit/projects/k8s-staging-cri-tools/buckets/k8s-staging-cri-tools-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-cri-tools/iam.json b/audit/projects/k8s-staging-cri-tools/iam.json index 4fdb3ca3ef3a..184f40b31d9d 100644 --- a/audit/projects/k8s-staging-cri-tools/iam.json +++ b/audit/projects/k8s-staging-cri-tools/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:565574877728@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-cri-tools/services/enabled.txt b/audit/projects/k8s-staging-cri-tools/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-cri-tools/services/enabled.txt +++ b/audit/projects/k8s-staging-cri-tools/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json b/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json index 7a843b07dffe..ffb1434083ed 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json +++ b/audit/projects/k8s-staging-csi-secrets-store/buckets/k8s-staging-csi-secrets-store-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-csi-secrets-store/iam.json b/audit/projects/k8s-staging-csi-secrets-store/iam.json index 0799c26ac161..81c09ffe1cd6 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/iam.json +++ b/audit/projects/k8s-staging-csi-secrets-store/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:766197520365@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt b/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt +++ b/audit/projects/k8s-staging-csi-secrets-store/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json b/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json index 4b0ed0b043ad..d2e973460797 100644 --- a/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json +++ b/audit/projects/k8s-staging-csi/buckets/k8s-staging-csi-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-csi/iam.json b/audit/projects/k8s-staging-csi/iam.json index 586db1e48820..59a658cfa905 100644 --- a/audit/projects/k8s-staging-csi/iam.json +++ b/audit/projects/k8s-staging-csi/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:874328413592@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-csi/services/enabled.txt b/audit/projects/k8s-staging-csi/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-csi/services/enabled.txt +++ b/audit/projects/k8s-staging-csi/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json b/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json index c8cbb60d408c..20842262c78d 100644 --- a/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json +++ b/audit/projects/k8s-staging-descheduler/buckets/k8s-staging-descheduler-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-descheduler/iam.json b/audit/projects/k8s-staging-descheduler/iam.json index 3f9ac8cff7c3..18f2a7cb3a42 100644 --- a/audit/projects/k8s-staging-descheduler/iam.json +++ b/audit/projects/k8s-staging-descheduler/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1009880777024@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-descheduler/services/enabled.txt b/audit/projects/k8s-staging-descheduler/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-descheduler/services/enabled.txt +++ b/audit/projects/k8s-staging-descheduler/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json b/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json index 3c9ccef10d9b..61345947c73c 100644 --- a/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json +++ b/audit/projects/k8s-staging-dns/buckets/k8s-staging-dns-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-dns/iam.json b/audit/projects/k8s-staging-dns/iam.json index 242fbf1286cc..d444c68b9b62 100644 --- a/audit/projects/k8s-staging-dns/iam.json +++ b/audit/projects/k8s-staging-dns/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:558098336346@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-dns/services/enabled.txt b/audit/projects/k8s-staging-dns/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-dns/services/enabled.txt +++ b/audit/projects/k8s-staging-dns/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json b/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json index 70394c224f9c..9754fff5ed1b 100644 --- a/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json +++ b/audit/projects/k8s-staging-e2e-test-images/buckets/k8s-staging-e2e-test-images-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-e2e-test-images/iam.json b/audit/projects/k8s-staging-e2e-test-images/iam.json index 6c58d9d074f5..6282c066105b 100644 --- a/audit/projects/k8s-staging-e2e-test-images/iam.json +++ b/audit/projects/k8s-staging-e2e-test-images/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:456067983721@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt b/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt +++ b/audit/projects/k8s-staging-e2e-test-images/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json b/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json index af9838dbb3c4..4ab283c92fc2 100644 --- a/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json +++ b/audit/projects/k8s-staging-etcd/buckets/k8s-staging-etcd-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-etcd/iam.json b/audit/projects/k8s-staging-etcd/iam.json index aee17c6fe888..579a29b4567d 100644 --- a/audit/projects/k8s-staging-etcd/iam.json +++ b/audit/projects/k8s-staging-etcd/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:329483391043@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-etcd/services/enabled.txt b/audit/projects/k8s-staging-etcd/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-etcd/services/enabled.txt +++ b/audit/projects/k8s-staging-etcd/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json b/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json index 9ffe456a50d1..0e82b4eed6f4 100644 --- a/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json +++ b/audit/projects/k8s-staging-etcdadm/buckets/k8s-staging-etcdadm-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-etcdadm/iam.json b/audit/projects/k8s-staging-etcdadm/iam.json index fa04070b0890..4ce52040f3a5 100644 --- a/audit/projects/k8s-staging-etcdadm/iam.json +++ b/audit/projects/k8s-staging-etcdadm/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:621671725592@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-etcdadm/services/enabled.txt b/audit/projects/k8s-staging-etcdadm/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-etcdadm/services/enabled.txt +++ b/audit/projects/k8s-staging-etcdadm/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json b/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json index 8bf7c201cbc5..8f19099e066e 100644 --- a/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json +++ b/audit/projects/k8s-staging-examples/buckets/k8s-staging-examples-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-examples/iam.json b/audit/projects/k8s-staging-examples/iam.json index ec2db528bac6..c3bf8be18e74 100644 --- a/audit/projects/k8s-staging-examples/iam.json +++ b/audit/projects/k8s-staging-examples/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:315229499758@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-examples/services/enabled.txt b/audit/projects/k8s-staging-examples/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-examples/services/enabled.txt +++ b/audit/projects/k8s-staging-examples/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json b/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json index 54ec2c751d06..487e0b47496d 100644 --- a/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json +++ b/audit/projects/k8s-staging-experimental/buckets/k8s-staging-experimental-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-experimental/iam.json b/audit/projects/k8s-staging-experimental/iam.json index 2d6cdb761891..1c44ea43b4de 100644 --- a/audit/projects/k8s-staging-experimental/iam.json +++ b/audit/projects/k8s-staging-experimental/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:737067335481@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-experimental/services/enabled.txt b/audit/projects/k8s-staging-experimental/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-experimental/services/enabled.txt +++ b/audit/projects/k8s-staging-experimental/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json b/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json index 0d4f6d302d8f..dce8fd3e18de 100644 --- a/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json +++ b/audit/projects/k8s-staging-external-dns/buckets/k8s-staging-external-dns-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-external-dns/iam.json b/audit/projects/k8s-staging-external-dns/iam.json index 341e4c57ba44..747c8ce04d78 100644 --- a/audit/projects/k8s-staging-external-dns/iam.json +++ b/audit/projects/k8s-staging-external-dns/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:548739681389@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-external-dns/services/enabled.txt b/audit/projects/k8s-staging-external-dns/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-external-dns/services/enabled.txt +++ b/audit/projects/k8s-staging-external-dns/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json b/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json index d2625791a5ed..f4f42aea8b62 100644 --- a/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json +++ b/audit/projects/k8s-staging-gateway-api/buckets/k8s-staging-gateway-api-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-gateway-api/iam.json b/audit/projects/k8s-staging-gateway-api/iam.json index 38ff1d50fa2c..54c945efc100 100644 --- a/audit/projects/k8s-staging-gateway-api/iam.json +++ b/audit/projects/k8s-staging-gateway-api/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:27800831195@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-gateway-api/services/enabled.txt b/audit/projects/k8s-staging-gateway-api/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-gateway-api/services/enabled.txt +++ b/audit/projects/k8s-staging-gateway-api/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json b/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json index 796e7cf8bb47..d63bab61ab03 100644 --- a/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json +++ b/audit/projects/k8s-staging-git-sync/buckets/k8s-staging-git-sync-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-git-sync/iam.json b/audit/projects/k8s-staging-git-sync/iam.json index 7528571d9833..c1e2c218a95c 100644 --- a/audit/projects/k8s-staging-git-sync/iam.json +++ b/audit/projects/k8s-staging-git-sync/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:998209132534@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-git-sync/services/enabled.txt b/audit/projects/k8s-staging-git-sync/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-git-sync/services/enabled.txt +++ b/audit/projects/k8s-staging-git-sync/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json b/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json index 2af22e18ce41..9a358aceb031 100644 --- a/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json +++ b/audit/projects/k8s-staging-infra-tools/buckets/k8s-staging-infra-tools-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-infra-tools/iam.json b/audit/projects/k8s-staging-infra-tools/iam.json index 8563df438d9f..0acda17e444d 100644 --- a/audit/projects/k8s-staging-infra-tools/iam.json +++ b/audit/projects/k8s-staging-infra-tools/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1017132094926@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-infra-tools/services/enabled.txt b/audit/projects/k8s-staging-infra-tools/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-infra-tools/services/enabled.txt +++ b/audit/projects/k8s-staging-infra-tools/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json b/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json index 513dbe6f7c56..eb853cc284d9 100644 --- a/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json +++ b/audit/projects/k8s-staging-ingress-nginx/buckets/k8s-staging-ingress-nginx-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-ingress-nginx/iam.json b/audit/projects/k8s-staging-ingress-nginx/iam.json index 4f19f52f0d6f..eab1a239c63a 100644 --- a/audit/projects/k8s-staging-ingress-nginx/iam.json +++ b/audit/projects/k8s-staging-ingress-nginx/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:971199482687@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt b/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt +++ b/audit/projects/k8s-staging-ingress-nginx/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json b/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json index 1be667af9476..b4c1b8053671 100644 --- a/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json +++ b/audit/projects/k8s-staging-ingressconformance/buckets/k8s-staging-ingressconformance-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-ingressconformance/iam.json b/audit/projects/k8s-staging-ingressconformance/iam.json index 29300951b3f8..443c47263ec2 100644 --- a/audit/projects/k8s-staging-ingressconformance/iam.json +++ b/audit/projects/k8s-staging-ingressconformance/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:320459285183@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-ingressconformance/services/enabled.txt b/audit/projects/k8s-staging-ingressconformance/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-ingressconformance/services/enabled.txt +++ b/audit/projects/k8s-staging-ingressconformance/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json b/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json index fc206fddf5e2..a9db497aa439 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json +++ b/audit/projects/k8s-staging-k8s-gsm-tools/buckets/k8s-staging-k8s-gsm-tools-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/iam.json b/audit/projects/k8s-staging-k8s-gsm-tools/iam.json index 33bd43fb2699..44506a3601ea 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/iam.json +++ b/audit/projects/k8s-staging-k8s-gsm-tools/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1073099305721@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt b/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt +++ b/audit/projects/k8s-staging-k8s-gsm-tools/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json b/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json index 01292e3f9136..1eb3a4b19080 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json +++ b/audit/projects/k8s-staging-kas-network-proxy/buckets/k8s-staging-kas-network-proxy-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kas-network-proxy/iam.json b/audit/projects/k8s-staging-kas-network-proxy/iam.json index 26bfcf5a3c5d..7b0b54951ced 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/iam.json +++ b/audit/projects/k8s-staging-kas-network-proxy/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:670598002495@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt b/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt +++ b/audit/projects/k8s-staging-kas-network-proxy/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json b/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json index c599a5ba7bc1..23121b0e51e8 100644 --- a/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json +++ b/audit/projects/k8s-staging-kind/buckets/k8s-staging-kind-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kind/iam.json b/audit/projects/k8s-staging-kind/iam.json index 9255809dee06..731102c4451b 100644 --- a/audit/projects/k8s-staging-kind/iam.json +++ b/audit/projects/k8s-staging-kind/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:220811308229@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kind/services/enabled.txt b/audit/projects/k8s-staging-kind/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kind/services/enabled.txt +++ b/audit/projects/k8s-staging-kind/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json b/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json index 7bf36fdd34bc..7e14606bb72a 100644 --- a/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json +++ b/audit/projects/k8s-staging-kops/buckets/k8s-staging-kops-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kops/iam.json b/audit/projects/k8s-staging-kops/iam.json index 4f57d815c8c7..8d2960bc225a 100644 --- a/audit/projects/k8s-staging-kops/iam.json +++ b/audit/projects/k8s-staging-kops/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:889470918518@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kops/services/enabled.txt b/audit/projects/k8s-staging-kops/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kops/services/enabled.txt +++ b/audit/projects/k8s-staging-kops/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json b/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json index 46160a0e600d..a989eebc7261 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json +++ b/audit/projects/k8s-staging-kube-state-metrics/buckets/k8s-staging-kube-state-metrics-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kube-state-metrics/iam.json b/audit/projects/k8s-staging-kube-state-metrics/iam.json index 98b3310ddd05..3a9485ef26ab 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/iam.json +++ b/audit/projects/k8s-staging-kube-state-metrics/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:1023797992882@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt b/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt +++ b/audit/projects/k8s-staging-kube-state-metrics/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json b/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json index 0c5028f020ea..44a10cf3f665 100644 --- a/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json +++ b/audit/projects/k8s-staging-kubeadm/buckets/k8s-staging-kubeadm-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kubeadm/iam.json b/audit/projects/k8s-staging-kubeadm/iam.json index d5680b73d996..45ec9a127d3e 100644 --- a/audit/projects/k8s-staging-kubeadm/iam.json +++ b/audit/projects/k8s-staging-kubeadm/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:487125676961@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kubeadm/services/enabled.txt b/audit/projects/k8s-staging-kubeadm/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kubeadm/services/enabled.txt +++ b/audit/projects/k8s-staging-kubeadm/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json b/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json index c79066ea28f6..40532910dea2 100644 --- a/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json +++ b/audit/projects/k8s-staging-kubernetes/buckets/k8s-staging-kubernetes-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kubernetes/iam.json b/audit/projects/k8s-staging-kubernetes/iam.json index 4a4961ce434b..2e93a43576f6 100644 --- a/audit/projects/k8s-staging-kubernetes/iam.json +++ b/audit/projects/k8s-staging-kubernetes/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:615281671549@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kubernetes/services/enabled.txt b/audit/projects/k8s-staging-kubernetes/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kubernetes/services/enabled.txt +++ b/audit/projects/k8s-staging-kubernetes/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json b/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json index 7a302a8dbed0..2fcb27de03f9 100644 --- a/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json +++ b/audit/projects/k8s-staging-kubetest2/buckets/k8s-staging-kubetest2-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kubetest2/iam.json b/audit/projects/k8s-staging-kubetest2/iam.json index c43c8310c046..09b42f475a50 100644 --- a/audit/projects/k8s-staging-kubetest2/iam.json +++ b/audit/projects/k8s-staging-kubetest2/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:4886069902@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kubetest2/services/enabled.txt b/audit/projects/k8s-staging-kubetest2/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kubetest2/services/enabled.txt +++ b/audit/projects/k8s-staging-kubetest2/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json b/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json index 4feb9e803f32..7d5a226aa557 100644 --- a/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json +++ b/audit/projects/k8s-staging-kustomize/buckets/k8s-staging-kustomize-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-kustomize/iam.json b/audit/projects/k8s-staging-kustomize/iam.json index 2c94c9908449..07c91591884a 100644 --- a/audit/projects/k8s-staging-kustomize/iam.json +++ b/audit/projects/k8s-staging-kustomize/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:660796270509@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-kustomize/services/enabled.txt b/audit/projects/k8s-staging-kustomize/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-kustomize/services/enabled.txt +++ b/audit/projects/k8s-staging-kustomize/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json b/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json index ba1cdb872883..7738d2864870 100644 --- a/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json +++ b/audit/projects/k8s-staging-metrics-server/buckets/k8s-staging-metrics-server-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-metrics-server/iam.json b/audit/projects/k8s-staging-metrics-server/iam.json index c7d231447bb2..6577c1bb1164 100644 --- a/audit/projects/k8s-staging-metrics-server/iam.json +++ b/audit/projects/k8s-staging-metrics-server/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:229033024066@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-metrics-server/services/enabled.txt b/audit/projects/k8s-staging-metrics-server/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-metrics-server/services/enabled.txt +++ b/audit/projects/k8s-staging-metrics-server/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json b/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json index 6ca93a660878..54fb1e3c55e5 100644 --- a/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json +++ b/audit/projects/k8s-staging-mirror/buckets/k8s-staging-mirror-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-mirror/iam.json b/audit/projects/k8s-staging-mirror/iam.json index 65759e58348f..efc9e27447a3 100644 --- a/audit/projects/k8s-staging-mirror/iam.json +++ b/audit/projects/k8s-staging-mirror/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:98327187586@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-mirror/services/enabled.txt b/audit/projects/k8s-staging-mirror/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-mirror/services/enabled.txt +++ b/audit/projects/k8s-staging-mirror/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json b/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json index 9cf215565a3a..eecfd54841ae 100644 --- a/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json +++ b/audit/projects/k8s-staging-multitenancy/buckets/k8s-staging-multitenancy-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-multitenancy/iam.json b/audit/projects/k8s-staging-multitenancy/iam.json index 3e242e025621..bb4fd6f766a9 100644 --- a/audit/projects/k8s-staging-multitenancy/iam.json +++ b/audit/projects/k8s-staging-multitenancy/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:817922591645@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-multitenancy/services/enabled.txt b/audit/projects/k8s-staging-multitenancy/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-multitenancy/services/enabled.txt +++ b/audit/projects/k8s-staging-multitenancy/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json b/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json index 91e08b99a45a..1adf650863ba 100644 --- a/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json +++ b/audit/projects/k8s-staging-networking/buckets/k8s-staging-networking-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-networking/iam.json b/audit/projects/k8s-staging-networking/iam.json index 04ebe434d2fc..0eebbfb0785f 100644 --- a/audit/projects/k8s-staging-networking/iam.json +++ b/audit/projects/k8s-staging-networking/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:235137276492@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-networking/services/enabled.txt b/audit/projects/k8s-staging-networking/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-networking/services/enabled.txt +++ b/audit/projects/k8s-staging-networking/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json b/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json index 8c8d5b07855f..051c91ba95bb 100644 --- a/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json +++ b/audit/projects/k8s-staging-nfd/buckets/k8s-staging-nfd-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-nfd/iam.json b/audit/projects/k8s-staging-nfd/iam.json index 673b81533f99..f5ab2dde18b5 100644 --- a/audit/projects/k8s-staging-nfd/iam.json +++ b/audit/projects/k8s-staging-nfd/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:5125544917@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-nfd/services/enabled.txt b/audit/projects/k8s-staging-nfd/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-nfd/services/enabled.txt +++ b/audit/projects/k8s-staging-nfd/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json b/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json index 5b89d8ec5b21..eb3fdd8f9658 100644 --- a/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json +++ b/audit/projects/k8s-staging-npd/buckets/k8s-staging-npd-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-npd/iam.json b/audit/projects/k8s-staging-npd/iam.json index 8ffdd9d593d8..363f5f1c11e4 100644 --- a/audit/projects/k8s-staging-npd/iam.json +++ b/audit/projects/k8s-staging-npd/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:152738448582@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-npd/services/enabled.txt b/audit/projects/k8s-staging-npd/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-npd/services/enabled.txt +++ b/audit/projects/k8s-staging-npd/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json b/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json index 47613fa2c8e7..b46007ffeb75 100644 --- a/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json +++ b/audit/projects/k8s-staging-provider-aws/buckets/k8s-staging-provider-aws-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-provider-aws/iam.json b/audit/projects/k8s-staging-provider-aws/iam.json index 353a9182530e..4d94cb901bc6 100644 --- a/audit/projects/k8s-staging-provider-aws/iam.json +++ b/audit/projects/k8s-staging-provider-aws/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:967205882988@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-provider-aws/services/enabled.txt b/audit/projects/k8s-staging-provider-aws/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-provider-aws/services/enabled.txt +++ b/audit/projects/k8s-staging-provider-aws/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json b/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json index 112053bd1683..c3be80da2a52 100644 --- a/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json +++ b/audit/projects/k8s-staging-provider-azure/buckets/k8s-staging-provider-azure-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-provider-azure/iam.json b/audit/projects/k8s-staging-provider-azure/iam.json index af5acd58069d..763f463b0826 100644 --- a/audit/projects/k8s-staging-provider-azure/iam.json +++ b/audit/projects/k8s-staging-provider-azure/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:83539169056@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-provider-azure/services/enabled.txt b/audit/projects/k8s-staging-provider-azure/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-provider-azure/services/enabled.txt +++ b/audit/projects/k8s-staging-provider-azure/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json b/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json index f1a19dacfe70..40b74aeea1b5 100644 --- a/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json +++ b/audit/projects/k8s-staging-provider-openstack/buckets/k8s-staging-provider-openstack-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-provider-openstack/iam.json b/audit/projects/k8s-staging-provider-openstack/iam.json index 2e51ad201784..d96daca3ad6b 100644 --- a/audit/projects/k8s-staging-provider-openstack/iam.json +++ b/audit/projects/k8s-staging-provider-openstack/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:625174557286@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-provider-openstack/services/enabled.txt b/audit/projects/k8s-staging-provider-openstack/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-provider-openstack/services/enabled.txt +++ b/audit/projects/k8s-staging-provider-openstack/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json b/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json index e6d6eeab4f53..9016596f93bc 100644 --- a/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json +++ b/audit/projects/k8s-staging-publishing-bot/buckets/k8s-staging-publishing-bot-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-publishing-bot/iam.json b/audit/projects/k8s-staging-publishing-bot/iam.json index d2fcbdff68be..5162dbb73baf 100644 --- a/audit/projects/k8s-staging-publishing-bot/iam.json +++ b/audit/projects/k8s-staging-publishing-bot/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:438481731081@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-publishing-bot/services/enabled.txt b/audit/projects/k8s-staging-publishing-bot/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-publishing-bot/services/enabled.txt +++ b/audit/projects/k8s-staging-publishing-bot/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json index abf141328c88..f9794c6e84ca 100644 --- a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json +++ b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test-gcb/iam.json @@ -29,7 +29,7 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +37,7 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json index 452dd81e2d37..f379524f99ac 100644 --- a/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json +++ b/audit/projects/k8s-staging-releng-test/buckets/k8s-staging-releng-test/iam.json @@ -29,7 +29,14 @@ }, { "members": [ - "allUsers" + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com" + ], + "role": "roles/storage.objectCreator" + }, + { + "members": [ + "allUsers", + "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" } diff --git a/audit/projects/k8s-staging-releng-test/iam.json b/audit/projects/k8s-staging-releng-test/iam.json index 7c2d0abba4fa..7a089bb918a4 100644 --- a/audit/projects/k8s-staging-releng-test/iam.json +++ b/audit/projects/k8s-staging-releng-test/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:86929635859@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], diff --git a/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json b/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json index a61fdcaf03db..21a9a504a0ba 100644 --- a/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json +++ b/audit/projects/k8s-staging-releng-test/service-accounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com/description.json @@ -1,5 +1,5 @@ { - "displayName": "used by k8s-infra-prow-build to trigger GCB, write to GCR for k8s-staging-releng-test", + "displayName": "used by prow to use GCB, write to GCR and GCS for k8s-staging-releng-test", "email": "gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "name": "projects/k8s-staging-releng-test/serviceAccounts/gcb-builder-releng-test@k8s-staging-releng-test.iam.gserviceaccount.com", "oauth2ClientId": "106077646816281830376", diff --git a/audit/projects/k8s-staging-releng-test/services/enabled.txt b/audit/projects/k8s-staging-releng-test/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-releng-test/services/enabled.txt +++ b/audit/projects/k8s-staging-releng-test/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json b/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json index 8aea9d8c951a..b1425b08f130 100644 --- a/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json +++ b/audit/projects/k8s-staging-releng/buckets/k8s-staging-releng-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-releng/iam.json b/audit/projects/k8s-staging-releng/iam.json index f536b1323e7f..e83b2f3d61e7 100644 --- a/audit/projects/k8s-staging-releng/iam.json +++ b/audit/projects/k8s-staging-releng/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:117157742389@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-releng/services/enabled.txt b/audit/projects/k8s-staging-releng/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-releng/services/enabled.txt +++ b/audit/projects/k8s-staging-releng/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json b/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json index 68c2c599244e..75e6347f9453 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json +++ b/audit/projects/k8s-staging-scheduler-plugins/buckets/k8s-staging-scheduler-plugins-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-scheduler-plugins/iam.json b/audit/projects/k8s-staging-scheduler-plugins/iam.json index b2ae542ea4d6..9fc8a4c982e3 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/iam.json +++ b/audit/projects/k8s-staging-scheduler-plugins/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:96918712006@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt b/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt +++ b/audit/projects/k8s-staging-scheduler-plugins/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json b/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json index 2961275200c6..294835412086 100644 --- a/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json +++ b/audit/projects/k8s-staging-scl-image-builder/buckets/k8s-staging-scl-image-builder-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-scl-image-builder/iam.json b/audit/projects/k8s-staging-scl-image-builder/iam.json index 9609375bb29e..209f05075076 100644 --- a/audit/projects/k8s-staging-scl-image-builder/iam.json +++ b/audit/projects/k8s-staging-scl-image-builder/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:974299031321@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt b/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt +++ b/audit/projects/k8s-staging-scl-image-builder/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json b/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json index aa7a5c0b6a1e..b24a75ff4e34 100644 --- a/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json +++ b/audit/projects/k8s-staging-sig-docs/buckets/k8s-staging-sig-docs-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-sig-docs/iam.json b/audit/projects/k8s-staging-sig-docs/iam.json index 937f48e7d5a2..000391ac9462 100644 --- a/audit/projects/k8s-staging-sig-docs/iam.json +++ b/audit/projects/k8s-staging-sig-docs/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:563253410071@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-sig-docs/services/enabled.txt b/audit/projects/k8s-staging-sig-docs/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-sig-docs/services/enabled.txt +++ b/audit/projects/k8s-staging-sig-docs/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json b/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json index 9b45e02849fd..b6d893b6ae24 100644 --- a/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json +++ b/audit/projects/k8s-staging-sig-storage/buckets/k8s-staging-sig-storage-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-sig-storage/iam.json b/audit/projects/k8s-staging-sig-storage/iam.json index 8d770e85ca23..263010770210 100644 --- a/audit/projects/k8s-staging-sig-storage/iam.json +++ b/audit/projects/k8s-staging-sig-storage/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:272675062337@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-sig-storage/services/enabled.txt b/audit/projects/k8s-staging-sig-storage/services/enabled.txt index 661451636fab..0d782aac9a49 100644 --- a/audit/projects/k8s-staging-sig-storage/services/enabled.txt +++ b/audit/projects/k8s-staging-sig-storage/services/enabled.txt @@ -4,7 +4,6 @@ cloudkms.googleapis.com Cloud Key Management Service (KMS) API compute.googleapis.com Compute Engine API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API oslogin.googleapis.com Cloud OS Login API pubsub.googleapis.com Cloud Pub/Sub API diff --git a/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json b/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json index 49d89cace987..c1b210b6a586 100644 --- a/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json +++ b/audit/projects/k8s-staging-slack-infra/buckets/k8s-staging-slack-infra-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-slack-infra/iam.json b/audit/projects/k8s-staging-slack-infra/iam.json index 7e83874d3917..8ddaedf09d52 100644 --- a/audit/projects/k8s-staging-slack-infra/iam.json +++ b/audit/projects/k8s-staging-slack-infra/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:470681440884@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-slack-infra/services/enabled.txt b/audit/projects/k8s-staging-slack-infra/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-slack-infra/services/enabled.txt +++ b/audit/projects/k8s-staging-slack-infra/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json b/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json index d7371a077e50..6622b496898d 100644 --- a/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json +++ b/audit/projects/k8s-staging-sp-operator/buckets/k8s-staging-sp-operator-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-sp-operator/iam.json b/audit/projects/k8s-staging-sp-operator/iam.json index 52b2405293e3..511aa451bb24 100644 --- a/audit/projects/k8s-staging-sp-operator/iam.json +++ b/audit/projects/k8s-staging-sp-operator/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:448637284062@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-sp-operator/services/enabled.txt b/audit/projects/k8s-staging-sp-operator/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-sp-operator/services/enabled.txt +++ b/audit/projects/k8s-staging-sp-operator/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json b/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json index 9de62f480c2b..85bc4eb29655 100644 --- a/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json +++ b/audit/projects/k8s-staging-storage-migrator/buckets/k8s-staging-storage-migrator-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-storage-migrator/iam.json b/audit/projects/k8s-staging-storage-migrator/iam.json index 27532142d13b..3a15f666b23b 100644 --- a/audit/projects/k8s-staging-storage-migrator/iam.json +++ b/audit/projects/k8s-staging-storage-migrator/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:687417645981@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" @@ -44,12 +43,6 @@ ], "role": "roles/editor" }, - { - "members": [ - "user:davanum@gmail.com" - ], - "role": "roles/owner" - }, { "members": [ "group:k8s-infra-staging-storage-migrator@kubernetes.io" diff --git a/audit/projects/k8s-staging-storage-migrator/services/enabled.txt b/audit/projects/k8s-staging-storage-migrator/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-storage-migrator/services/enabled.txt +++ b/audit/projects/k8s-staging-storage-migrator/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json b/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json index e24020c3b6f2..27f61d407874 100644 --- a/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json +++ b/audit/projects/k8s-staging-test-infra/buckets/k8s-staging-test-infra-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-test-infra/iam.json b/audit/projects/k8s-staging-test-infra/iam.json index 14303ace7d23..7a3fd7f20a2f 100644 --- a/audit/projects/k8s-staging-test-infra/iam.json +++ b/audit/projects/k8s-staging-test-infra/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:958928310150@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-test-infra/services/enabled.txt b/audit/projects/k8s-staging-test-infra/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-test-infra/services/enabled.txt +++ b/audit/projects/k8s-staging-test-infra/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API diff --git a/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json b/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json index 1001451eeff5..1bbe6d075754 100644 --- a/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json +++ b/audit/projects/k8s-staging-txtdirect/buckets/k8s-staging-txtdirect-gcb/iam.json @@ -29,7 +29,6 @@ }, { "members": [ - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectCreator" @@ -37,7 +36,6 @@ { "members": [ "allUsers", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/storage.objectViewer" diff --git a/audit/projects/k8s-staging-txtdirect/iam.json b/audit/projects/k8s-staging-txtdirect/iam.json index e949794f6510..b5108f0c0738 100644 --- a/audit/projects/k8s-staging-txtdirect/iam.json +++ b/audit/projects/k8s-staging-txtdirect/iam.json @@ -3,7 +3,6 @@ { "members": [ "serviceAccount:662592719730@cloudbuild.gserviceaccount.com", - "serviceAccount:deployer@k8s-prow.iam.gserviceaccount.com", "serviceAccount:gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/cloudbuild.builds.builder" diff --git a/audit/projects/k8s-staging-txtdirect/services/enabled.txt b/audit/projects/k8s-staging-txtdirect/services/enabled.txt index 30cdd842f18a..0a7832adcd8d 100644 --- a/audit/projects/k8s-staging-txtdirect/services/enabled.txt +++ b/audit/projects/k8s-staging-txtdirect/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API pubsub.googleapis.com Cloud Pub/Sub API secretmanager.googleapis.com Secret Manager API