From 2de6fe95b894ae6113a48ddaf39dd7970bc18b24 Mon Sep 17 00:00:00 2001 From: Kubernetes Prow Robot Date: Fri, 10 Sep 2021 20:23:17 +0000 Subject: [PATCH] audit: update as of 2021-09-10 --- .../services/pubsub/subscriptions.json | 18 ------------------ .../k8s-staging-addon-manager/iam.json | 6 ------ audit/projects/k8s-staging-apisnoop/iam.json | 6 ------ .../k8s-staging-artifact-promoter/iam.json | 6 ------ .../projects/k8s-staging-autoscaling/iam.json | 6 ------ audit/projects/k8s-staging-bootkube/iam.json | 6 ------ audit/projects/k8s-staging-boskos/iam.json | 6 ------ .../projects/k8s-staging-build-image/iam.json | 6 ------ .../projects/k8s-staging-capi-docker/iam.json | 6 ------ .../projects/k8s-staging-capi-kubeadm/iam.json | 6 ------ .../k8s-staging-capi-openstack/iam.json | 6 ------ .../projects/k8s-staging-capi-vsphere/iam.json | 6 ------ audit/projects/k8s-staging-ci-images/iam.json | 6 ------ audit/projects/k8s-staging-cip-test/iam.json | 6 ------ .../k8s-staging-cloud-provider-gcp/iam.json | 6 ------ .../k8s-staging-cluster-addons/iam.json | 6 ------ .../k8s-staging-cluster-api-aws/iam.json | 6 ------ .../k8s-staging-cluster-api-azure/iam.json | 6 ------ .../k8s-staging-cluster-api-do/iam.json | 6 ------ .../k8s-staging-cluster-api-gcp/iam.json | 6 ------ .../projects/k8s-staging-cluster-api/iam.json | 6 ------ audit/projects/k8s-staging-coredns/iam.json | 6 ------ audit/projects/k8s-staging-cpa/iam.json | 6 ------ audit/projects/k8s-staging-cri-tools/iam.json | 6 ------ .../k8s-staging-csi-secrets-store/iam.json | 6 ------ audit/projects/k8s-staging-csi/iam.json | 6 ------ .../projects/k8s-staging-descheduler/iam.json | 6 ------ audit/projects/k8s-staging-dns/iam.json | 6 ------ .../k8s-staging-e2e-test-images/iam.json | 6 ------ audit/projects/k8s-staging-etcd/iam.json | 6 ------ audit/projects/k8s-staging-etcdadm/iam.json | 6 ------ audit/projects/k8s-staging-examples/iam.json | 6 ------ .../projects/k8s-staging-experimental/iam.json | 6 ------ .../projects/k8s-staging-external-dns/iam.json | 6 ------ .../projects/k8s-staging-gateway-api/iam.json | 6 ------ audit/projects/k8s-staging-git-sync/iam.json | 6 ------ .../projects/k8s-staging-infra-tools/iam.json | 6 ------ .../k8s-staging-ingress-nginx/iam.json | 6 ------ .../k8s-staging-ingressconformance/iam.json | 6 ------ .../k8s-staging-k8s-gsm-tools/iam.json | 6 ------ .../k8s-staging-kas-network-proxy/iam.json | 6 ------ audit/projects/k8s-staging-kind/iam.json | 6 ------ audit/projects/k8s-staging-kops/iam.json | 6 ------ .../k8s-staging-kube-state-metrics/iam.json | 6 ------ audit/projects/k8s-staging-kubeadm/iam.json | 6 ------ audit/projects/k8s-staging-kubernetes/iam.json | 6 ------ audit/projects/k8s-staging-kubetest2/iam.json | 6 ------ audit/projects/k8s-staging-kustomize/iam.json | 6 ------ .../k8s-staging-metrics-server/iam.json | 6 ------ audit/projects/k8s-staging-mirror/iam.json | 6 ------ .../projects/k8s-staging-multitenancy/iam.json | 6 ------ audit/projects/k8s-staging-networking/iam.json | 6 ------ audit/projects/k8s-staging-nfd/iam.json | 6 ------ audit/projects/k8s-staging-npd/iam.json | 6 ------ .../projects/k8s-staging-provider-aws/iam.json | 6 ------ .../k8s-staging-provider-azure/iam.json | 6 ------ .../k8s-staging-provider-openstack/iam.json | 6 ------ .../k8s-staging-publishing-bot/iam.json | 6 ------ .../projects/k8s-staging-releng-test/iam.json | 6 ------ audit/projects/k8s-staging-releng/iam.json | 6 ------ .../k8s-staging-scheduler-plugins/iam.json | 6 ------ .../k8s-staging-scl-image-builder/iam.json | 6 ------ audit/projects/k8s-staging-sig-docs/iam.json | 6 ------ .../projects/k8s-staging-sig-storage/iam.json | 6 ------ .../projects/k8s-staging-slack-infra/iam.json | 6 ------ .../projects/k8s-staging-sp-operator/iam.json | 6 ------ .../k8s-staging-storage-migrator/iam.json | 6 ------ audit/projects/k8s-staging-test-infra/iam.json | 6 ------ audit/projects/k8s-staging-txtdirect/iam.json | 6 ------ .../iam.json | 12 ++++++++++++ .../k8s-infra-ci-robot-github-token/iam.json | 6 ++++++ 71 files changed, 18 insertions(+), 426 deletions(-) delete mode 100644 audit/projects/k8s-gcr-audit-test-prod/services/pubsub/subscriptions.json diff --git a/audit/projects/k8s-gcr-audit-test-prod/services/pubsub/subscriptions.json b/audit/projects/k8s-gcr-audit-test-prod/services/pubsub/subscriptions.json deleted file mode 100644 index 1ea7139b4f9..00000000000 --- a/audit/projects/k8s-gcr-audit-test-prod/services/pubsub/subscriptions.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "ackDeadlineSeconds": 10, - "expirationPolicy": {}, - "messageRetentionDuration": "604800s", - "name": "projects/k8s-gcr-audit-test-prod/subscriptions/cip-auditor-test-invoker", - "pushConfig": { - "attributes": { - "x-goog-version": "v1" - }, - "oidcToken": { - "serviceAccountEmail": "k8s-infra-gcr-promoter@k8s-gcr-audit-test-prod.iam.gserviceaccount.com" - }, - "pushEndpoint": "https://cip-auditor-test-lhkagr5sjq-uc.a.run.app" - }, - "topic": "projects/k8s-gcr-audit-test-prod/topics/gcr" - } -] diff --git a/audit/projects/k8s-staging-addon-manager/iam.json b/audit/projects/k8s-staging-addon-manager/iam.json index cf515f62fad..2c6d2a2a3da 100644 --- a/audit/projects/k8s-staging-addon-manager/iam.json +++ b/audit/projects/k8s-staging-addon-manager/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-103321906213@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-apisnoop/iam.json b/audit/projects/k8s-staging-apisnoop/iam.json index 58047daf17e..041287510ad 100644 --- a/audit/projects/k8s-staging-apisnoop/iam.json +++ b/audit/projects/k8s-staging-apisnoop/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-782271650518@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-artifact-promoter/iam.json b/audit/projects/k8s-staging-artifact-promoter/iam.json index bb4f5424a8f..684a4ea8f67 100644 --- a/audit/projects/k8s-staging-artifact-promoter/iam.json +++ b/audit/projects/k8s-staging-artifact-promoter/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-675573440409@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-autoscaling/iam.json b/audit/projects/k8s-staging-autoscaling/iam.json index a93d12d6712..6275e5f1592 100644 --- a/audit/projects/k8s-staging-autoscaling/iam.json +++ b/audit/projects/k8s-staging-autoscaling/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-371644685964@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-bootkube/iam.json b/audit/projects/k8s-staging-bootkube/iam.json index a6f835cd082..a64fc92957e 100644 --- a/audit/projects/k8s-staging-bootkube/iam.json +++ b/audit/projects/k8s-staging-bootkube/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-48439280800@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-boskos/iam.json b/audit/projects/k8s-staging-boskos/iam.json index 07fc4571486..21d17bed7fd 100644 --- a/audit/projects/k8s-staging-boskos/iam.json +++ b/audit/projects/k8s-staging-boskos/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-41305360102@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-build-image/iam.json b/audit/projects/k8s-staging-build-image/iam.json index 8395725210f..4d58d101dd9 100644 --- a/audit/projects/k8s-staging-build-image/iam.json +++ b/audit/projects/k8s-staging-build-image/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-960211007710@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-capi-docker/iam.json b/audit/projects/k8s-staging-capi-docker/iam.json index 1e92e05979b..ac957847a27 100644 --- a/audit/projects/k8s-staging-capi-docker/iam.json +++ b/audit/projects/k8s-staging-capi-docker/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-44019431644@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-capi-kubeadm/iam.json b/audit/projects/k8s-staging-capi-kubeadm/iam.json index ae3cf2788d9..41879380139 100644 --- a/audit/projects/k8s-staging-capi-kubeadm/iam.json +++ b/audit/projects/k8s-staging-capi-kubeadm/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-778608689920@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-capi-openstack/iam.json b/audit/projects/k8s-staging-capi-openstack/iam.json index 5412fe8c479..8df053e0283 100644 --- a/audit/projects/k8s-staging-capi-openstack/iam.json +++ b/audit/projects/k8s-staging-capi-openstack/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-129051311436@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-capi-vsphere/iam.json b/audit/projects/k8s-staging-capi-vsphere/iam.json index 1310d46a0b1..2c31bfa46a2 100644 --- a/audit/projects/k8s-staging-capi-vsphere/iam.json +++ b/audit/projects/k8s-staging-capi-vsphere/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-459565607671@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-ci-images/iam.json b/audit/projects/k8s-staging-ci-images/iam.json index 825593befec..9907b9ebb9f 100644 --- a/audit/projects/k8s-staging-ci-images/iam.json +++ b/audit/projects/k8s-staging-ci-images/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-731599680865@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cip-test/iam.json b/audit/projects/k8s-staging-cip-test/iam.json index 0423c7528de..7a1b8e63a34 100644 --- a/audit/projects/k8s-staging-cip-test/iam.json +++ b/audit/projects/k8s-staging-cip-test/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-324460563566@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cloud-provider-gcp/iam.json b/audit/projects/k8s-staging-cloud-provider-gcp/iam.json index e413ca47cc8..fe59ddaec96 100644 --- a/audit/projects/k8s-staging-cloud-provider-gcp/iam.json +++ b/audit/projects/k8s-staging-cloud-provider-gcp/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-67010995753@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cluster-addons/iam.json b/audit/projects/k8s-staging-cluster-addons/iam.json index fe046ca9481..f33acc95598 100644 --- a/audit/projects/k8s-staging-cluster-addons/iam.json +++ b/audit/projects/k8s-staging-cluster-addons/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-239900365888@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cluster-api-aws/iam.json b/audit/projects/k8s-staging-cluster-api-aws/iam.json index 491d2613dd9..4c168c12cf3 100644 --- a/audit/projects/k8s-staging-cluster-api-aws/iam.json +++ b/audit/projects/k8s-staging-cluster-api-aws/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-433651898792@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cluster-api-azure/iam.json b/audit/projects/k8s-staging-cluster-api-azure/iam.json index 06eca7af1c9..07547a244d2 100644 --- a/audit/projects/k8s-staging-cluster-api-azure/iam.json +++ b/audit/projects/k8s-staging-cluster-api-azure/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-1087109869165@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cluster-api-do/iam.json b/audit/projects/k8s-staging-cluster-api-do/iam.json index 531393b9c3c..2c56c85bda7 100644 --- a/audit/projects/k8s-staging-cluster-api-do/iam.json +++ b/audit/projects/k8s-staging-cluster-api-do/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-226017735054@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cluster-api-gcp/iam.json b/audit/projects/k8s-staging-cluster-api-gcp/iam.json index cad58520794..af623155ba9 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/iam.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/iam.json @@ -62,12 +62,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-606075400249@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cluster-api/iam.json b/audit/projects/k8s-staging-cluster-api/iam.json index 3e40235b1bc..f6bbb3db13a 100644 --- a/audit/projects/k8s-staging-cluster-api/iam.json +++ b/audit/projects/k8s-staging-cluster-api/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-190130481896@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-coredns/iam.json b/audit/projects/k8s-staging-coredns/iam.json index 98bb02d8062..124c187f349 100644 --- a/audit/projects/k8s-staging-coredns/iam.json +++ b/audit/projects/k8s-staging-coredns/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-848617618266@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cpa/iam.json b/audit/projects/k8s-staging-cpa/iam.json index 8436038f7a2..505e0150ef6 100644 --- a/audit/projects/k8s-staging-cpa/iam.json +++ b/audit/projects/k8s-staging-cpa/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-644315828680@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-cri-tools/iam.json b/audit/projects/k8s-staging-cri-tools/iam.json index 184f40b31d9..1ec72b2061f 100644 --- a/audit/projects/k8s-staging-cri-tools/iam.json +++ b/audit/projects/k8s-staging-cri-tools/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-565574877728@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-csi-secrets-store/iam.json b/audit/projects/k8s-staging-csi-secrets-store/iam.json index 81c09ffe1cd..243267e2bcf 100644 --- a/audit/projects/k8s-staging-csi-secrets-store/iam.json +++ b/audit/projects/k8s-staging-csi-secrets-store/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-766197520365@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-csi/iam.json b/audit/projects/k8s-staging-csi/iam.json index 59a658cfa90..89b58a557a7 100644 --- a/audit/projects/k8s-staging-csi/iam.json +++ b/audit/projects/k8s-staging-csi/iam.json @@ -31,12 +31,6 @@ ], "role": "roles/container.serviceAgent" }, - { - "members": [ - "serviceAccount:service-874328413592@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-descheduler/iam.json b/audit/projects/k8s-staging-descheduler/iam.json index 18f2a7cb3a4..bb299a22de1 100644 --- a/audit/projects/k8s-staging-descheduler/iam.json +++ b/audit/projects/k8s-staging-descheduler/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-1009880777024@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-dns/iam.json b/audit/projects/k8s-staging-dns/iam.json index d444c68b9b6..e7bb8d4ba6c 100644 --- a/audit/projects/k8s-staging-dns/iam.json +++ b/audit/projects/k8s-staging-dns/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-558098336346@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-e2e-test-images/iam.json b/audit/projects/k8s-staging-e2e-test-images/iam.json index 6282c066105..5d097e259b2 100644 --- a/audit/projects/k8s-staging-e2e-test-images/iam.json +++ b/audit/projects/k8s-staging-e2e-test-images/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-456067983721@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-etcd/iam.json b/audit/projects/k8s-staging-etcd/iam.json index 579a29b4567..704af31d5c7 100644 --- a/audit/projects/k8s-staging-etcd/iam.json +++ b/audit/projects/k8s-staging-etcd/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-329483391043@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-etcdadm/iam.json b/audit/projects/k8s-staging-etcdadm/iam.json index 4ce52040f3a..d53bf5d0f85 100644 --- a/audit/projects/k8s-staging-etcdadm/iam.json +++ b/audit/projects/k8s-staging-etcdadm/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-621671725592@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-examples/iam.json b/audit/projects/k8s-staging-examples/iam.json index c3bf8be18e7..6bba2d1baab 100644 --- a/audit/projects/k8s-staging-examples/iam.json +++ b/audit/projects/k8s-staging-examples/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-315229499758@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-experimental/iam.json b/audit/projects/k8s-staging-experimental/iam.json index 1c44ea43b4d..055efbbb58c 100644 --- a/audit/projects/k8s-staging-experimental/iam.json +++ b/audit/projects/k8s-staging-experimental/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-737067335481@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-external-dns/iam.json b/audit/projects/k8s-staging-external-dns/iam.json index 747c8ce04d7..d4d27875011 100644 --- a/audit/projects/k8s-staging-external-dns/iam.json +++ b/audit/projects/k8s-staging-external-dns/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-548739681389@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-gateway-api/iam.json b/audit/projects/k8s-staging-gateway-api/iam.json index 54c945efc10..a3286779590 100644 --- a/audit/projects/k8s-staging-gateway-api/iam.json +++ b/audit/projects/k8s-staging-gateway-api/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-27800831195@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-git-sync/iam.json b/audit/projects/k8s-staging-git-sync/iam.json index c1e2c218a95..bdb8b2b86f0 100644 --- a/audit/projects/k8s-staging-git-sync/iam.json +++ b/audit/projects/k8s-staging-git-sync/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-998209132534@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-infra-tools/iam.json b/audit/projects/k8s-staging-infra-tools/iam.json index 0acda17e444..0dde5f208e3 100644 --- a/audit/projects/k8s-staging-infra-tools/iam.json +++ b/audit/projects/k8s-staging-infra-tools/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-1017132094926@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-ingress-nginx/iam.json b/audit/projects/k8s-staging-ingress-nginx/iam.json index eab1a239c63..bf96302eba7 100644 --- a/audit/projects/k8s-staging-ingress-nginx/iam.json +++ b/audit/projects/k8s-staging-ingress-nginx/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-971199482687@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-ingressconformance/iam.json b/audit/projects/k8s-staging-ingressconformance/iam.json index 443c47263ec..a059610b032 100644 --- a/audit/projects/k8s-staging-ingressconformance/iam.json +++ b/audit/projects/k8s-staging-ingressconformance/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-320459285183@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-k8s-gsm-tools/iam.json b/audit/projects/k8s-staging-k8s-gsm-tools/iam.json index 44506a3601e..841c70886df 100644 --- a/audit/projects/k8s-staging-k8s-gsm-tools/iam.json +++ b/audit/projects/k8s-staging-k8s-gsm-tools/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-1073099305721@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kas-network-proxy/iam.json b/audit/projects/k8s-staging-kas-network-proxy/iam.json index 7b0b54951ce..e1123fb9419 100644 --- a/audit/projects/k8s-staging-kas-network-proxy/iam.json +++ b/audit/projects/k8s-staging-kas-network-proxy/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-670598002495@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kind/iam.json b/audit/projects/k8s-staging-kind/iam.json index 731102c4451..c0d3027dc6b 100644 --- a/audit/projects/k8s-staging-kind/iam.json +++ b/audit/projects/k8s-staging-kind/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-220811308229@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kops/iam.json b/audit/projects/k8s-staging-kops/iam.json index 8d2960bc225..e1da96e828e 100644 --- a/audit/projects/k8s-staging-kops/iam.json +++ b/audit/projects/k8s-staging-kops/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-889470918518@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kube-state-metrics/iam.json b/audit/projects/k8s-staging-kube-state-metrics/iam.json index 3a9485ef26a..8b96529092c 100644 --- a/audit/projects/k8s-staging-kube-state-metrics/iam.json +++ b/audit/projects/k8s-staging-kube-state-metrics/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-1023797992882@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kubeadm/iam.json b/audit/projects/k8s-staging-kubeadm/iam.json index 45ec9a127d3..d4df36e061e 100644 --- a/audit/projects/k8s-staging-kubeadm/iam.json +++ b/audit/projects/k8s-staging-kubeadm/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-487125676961@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kubernetes/iam.json b/audit/projects/k8s-staging-kubernetes/iam.json index 2e93a43576f..79a687b27e1 100644 --- a/audit/projects/k8s-staging-kubernetes/iam.json +++ b/audit/projects/k8s-staging-kubernetes/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-615281671549@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kubetest2/iam.json b/audit/projects/k8s-staging-kubetest2/iam.json index 09b42f475a5..e66db9798f2 100644 --- a/audit/projects/k8s-staging-kubetest2/iam.json +++ b/audit/projects/k8s-staging-kubetest2/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-4886069902@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-kustomize/iam.json b/audit/projects/k8s-staging-kustomize/iam.json index 07c91591884..62e9003df8a 100644 --- a/audit/projects/k8s-staging-kustomize/iam.json +++ b/audit/projects/k8s-staging-kustomize/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-660796270509@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-metrics-server/iam.json b/audit/projects/k8s-staging-metrics-server/iam.json index 6577c1bb116..ce82e5442ef 100644 --- a/audit/projects/k8s-staging-metrics-server/iam.json +++ b/audit/projects/k8s-staging-metrics-server/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-229033024066@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-mirror/iam.json b/audit/projects/k8s-staging-mirror/iam.json index efc9e27447a..81814a1b663 100644 --- a/audit/projects/k8s-staging-mirror/iam.json +++ b/audit/projects/k8s-staging-mirror/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-98327187586@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-multitenancy/iam.json b/audit/projects/k8s-staging-multitenancy/iam.json index bb4fd6f766a..0918817bdb7 100644 --- a/audit/projects/k8s-staging-multitenancy/iam.json +++ b/audit/projects/k8s-staging-multitenancy/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-817922591645@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-networking/iam.json b/audit/projects/k8s-staging-networking/iam.json index 0eebbfb0785..8b8930a8220 100644 --- a/audit/projects/k8s-staging-networking/iam.json +++ b/audit/projects/k8s-staging-networking/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-235137276492@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-nfd/iam.json b/audit/projects/k8s-staging-nfd/iam.json index f5ab2dde18b..744f92d065b 100644 --- a/audit/projects/k8s-staging-nfd/iam.json +++ b/audit/projects/k8s-staging-nfd/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-5125544917@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-npd/iam.json b/audit/projects/k8s-staging-npd/iam.json index 363f5f1c11e..eade15d0ed1 100644 --- a/audit/projects/k8s-staging-npd/iam.json +++ b/audit/projects/k8s-staging-npd/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-152738448582@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-provider-aws/iam.json b/audit/projects/k8s-staging-provider-aws/iam.json index 4d94cb901bc..83df4ea6e00 100644 --- a/audit/projects/k8s-staging-provider-aws/iam.json +++ b/audit/projects/k8s-staging-provider-aws/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-967205882988@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-provider-azure/iam.json b/audit/projects/k8s-staging-provider-azure/iam.json index 763f463b082..b3004625240 100644 --- a/audit/projects/k8s-staging-provider-azure/iam.json +++ b/audit/projects/k8s-staging-provider-azure/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-83539169056@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-provider-openstack/iam.json b/audit/projects/k8s-staging-provider-openstack/iam.json index d96daca3ad6..1d82f9d751d 100644 --- a/audit/projects/k8s-staging-provider-openstack/iam.json +++ b/audit/projects/k8s-staging-provider-openstack/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-625174557286@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-publishing-bot/iam.json b/audit/projects/k8s-staging-publishing-bot/iam.json index 5162dbb73ba..400d5751b71 100644 --- a/audit/projects/k8s-staging-publishing-bot/iam.json +++ b/audit/projects/k8s-staging-publishing-bot/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-438481731081@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-releng-test/iam.json b/audit/projects/k8s-staging-releng-test/iam.json index 7a089bb918a..ada7ffd203b 100644 --- a/audit/projects/k8s-staging-releng-test/iam.json +++ b/audit/projects/k8s-staging-releng-test/iam.json @@ -20,12 +20,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-86929635859@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-releng/iam.json b/audit/projects/k8s-staging-releng/iam.json index e83b2f3d61e..4ad36105089 100644 --- a/audit/projects/k8s-staging-releng/iam.json +++ b/audit/projects/k8s-staging-releng/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-117157742389@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-scheduler-plugins/iam.json b/audit/projects/k8s-staging-scheduler-plugins/iam.json index 9fc8a4c982e..7eba45cd4d2 100644 --- a/audit/projects/k8s-staging-scheduler-plugins/iam.json +++ b/audit/projects/k8s-staging-scheduler-plugins/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-96918712006@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-scl-image-builder/iam.json b/audit/projects/k8s-staging-scl-image-builder/iam.json index 209f0507507..6046555c7ea 100644 --- a/audit/projects/k8s-staging-scl-image-builder/iam.json +++ b/audit/projects/k8s-staging-scl-image-builder/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-974299031321@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-sig-docs/iam.json b/audit/projects/k8s-staging-sig-docs/iam.json index 000391ac946..9aa33de2878 100644 --- a/audit/projects/k8s-staging-sig-docs/iam.json +++ b/audit/projects/k8s-staging-sig-docs/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-563253410071@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-sig-storage/iam.json b/audit/projects/k8s-staging-sig-storage/iam.json index 26301077021..242000170fc 100644 --- a/audit/projects/k8s-staging-sig-storage/iam.json +++ b/audit/projects/k8s-staging-sig-storage/iam.json @@ -25,12 +25,6 @@ ], "role": "roles/compute.serviceAgent" }, - { - "members": [ - "serviceAccount:service-272675062337@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-slack-infra/iam.json b/audit/projects/k8s-staging-slack-infra/iam.json index 8ddaedf09d5..131dec5c16f 100644 --- a/audit/projects/k8s-staging-slack-infra/iam.json +++ b/audit/projects/k8s-staging-slack-infra/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-470681440884@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-sp-operator/iam.json b/audit/projects/k8s-staging-sp-operator/iam.json index 511aa451bb2..09edda23629 100644 --- a/audit/projects/k8s-staging-sp-operator/iam.json +++ b/audit/projects/k8s-staging-sp-operator/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-448637284062@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-storage-migrator/iam.json b/audit/projects/k8s-staging-storage-migrator/iam.json index 3a15f666b23..8926d36de4f 100644 --- a/audit/projects/k8s-staging-storage-migrator/iam.json +++ b/audit/projects/k8s-staging-storage-migrator/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-687417645981@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-test-infra/iam.json b/audit/projects/k8s-staging-test-infra/iam.json index 7a3fd7f20a2..1345192f947 100644 --- a/audit/projects/k8s-staging-test-infra/iam.json +++ b/audit/projects/k8s-staging-test-infra/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-958928310150@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-staging-txtdirect/iam.json b/audit/projects/k8s-staging-txtdirect/iam.json index b5108f0c073..15de02f2531 100644 --- a/audit/projects/k8s-staging-txtdirect/iam.json +++ b/audit/projects/k8s-staging-txtdirect/iam.json @@ -19,12 +19,6 @@ ], "role": "roles/cloudbuild.serviceAgent" }, - { - "members": [ - "serviceAccount:service-662592719730@container-analysis.iam.gserviceaccount.com" - ], - "role": "roles/containeranalysis.ServiceAgent" - }, { "members": [ "serviceAccount:k8s-infra-gcr-vuln-scanning@k8s-artifacts-prod.iam.gserviceaccount.com" diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-cherrypick-robot-github-token/iam.json b/audit/projects/kubernetes-public/secrets/k8s-infra-cherrypick-robot-github-token/iam.json index 67b884f1c92..500744fb618 100644 --- a/audit/projects/kubernetes-public/secrets/k8s-infra-cherrypick-robot-github-token/iam.json +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-cherrypick-robot-github-token/iam.json @@ -5,6 +5,18 @@ "group:k8s-infra-rbac-prow@kubernetes.io" ], "role": "roles/secretmanager.admin" + }, + { + "members": [ + "serviceAccount:kubernetes-external-secrets-sa@k8s-prow.iam.gserviceaccount.com" + ], + "role": "roles/secretmanager.secretAccessor" + }, + { + "members": [ + "serviceAccount:kubernetes-external-secrets-sa@k8s-prow.iam.gserviceaccount.com" + ], + "role": "roles/secretmanager.viewer" } ], "version": 1 diff --git a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json index 004846b33c3..aa6e1f65260 100644 --- a/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json +++ b/audit/projects/kubernetes-public/secrets/k8s-infra-ci-robot-github-token/iam.json @@ -11,6 +11,12 @@ "serviceAccount:kubernetes-external-secrets@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" ], "role": "roles/secretmanager.secretAccessor" + }, + { + "members": [ + "serviceAccount:kubernetes-external-secrets@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" + ], + "role": "roles/secretmanager.viewer" } ], "version": 1