WIP. Members of k8s-infra-gcp-auditors should be able to run this script to submit an audit PR. Note this is an Audit of current configuration, not a request for change.
Admin access is granted via googlegroups.
You must have a Google account that will let you access the Google Cloud Console.
To volunteer for this effort, contact the main k8s-infra-team.
The process for sumbitting an audit uses Github PRs.
Run ./audit.sh to generate a current audit configuration dump. Submit a PR to this repo with any new or updated files.
In the PR please review the following details:
- The reason for any updates.
- Discuss / link related PRs / issues.
Once this PR is created, it should be acknowledged by a secondary auditor.
Note that this is an AUDIT, not a request for change. The audits can be used to generate discussion for reviewing the changes that have already occured.
First, the requesting auditor opens a PR with any updates applied to the appropriate YAML/JSON file.
Next, the requesting auditor validates that the PR looks correct for their request and responds /lgtm
The a secondary auditor merges the PR once it has been LGTM'd
Administrative:
- Who should be in OWNERS file
- Audit report
How to automate:
- How do we audit for iam changes as they happen, rather than polling
- iam change triggers PR to github, notifies / tags the user who made the change