Request: GCS bucket to store official CVE list

[PushkarJ]

In support of KEP-3203: kubernetes/enhancements#3204

We need GCS bucket to store generated JSON blob of official CVE list, which needs to be public readable (http get should work)

• The google group this can be linked to for membership is security-tooling-private@kubernetes.io
• We will also need a service account with credentials that we can use to write to bucket

Reference PR I have seen that does something very similar is #2570

/sig security k8s-infra docs testing

[ameukam]

/milestone v1.24
/assign

[ameukam]

Sorry for not taking care of this now. The main effort is focused on 1.24 out in 2 weeks. I'll get back when 1.25 start.

/milestone v1.25

[nehaLohia27]

@ameukam Any updates on this issue ?

[ameukam]

@ameukam Any updates on this issue ?

@nehaLohia27 Sorry. I didn't have the bandwidth to take care of this. Should be take care before end of the milestone.

[PushkarJ]

@ameukam (when you are back) This is part of kubernetes/enhancements#3203 tracked for v1.25.

Much of our implementation depends on having this GCS bucket created. What's the best way we can help you get this created?

[PushkarJ]

Just confirmed a few things post merge of #4009

• A user(me) from security-tooling-private is able to write to the bucket
• View access is public for all
• Anonymous users are not able to write to the bucket and get this error ServiceException: 401 Anonymous caller does not have storage.objects.create access to the Google Cloud Storage object.

So I think it is safe to close this one!!

Thank you for your help in implementing this @ameukam
/close

[k8s-ci-robot]

@PushkarJ: Closing this issue.

In response to this:

Just confirmed a few things post merge of #4009

• A user(me) from security-tooling-private is able to write to the bucket
• View access is public for all
• Anonymous users are not able to write to the bucket and get this error ServiceException: 401 Anonymous caller does not have storage.objects.create access to the Google Cloud Storage object.

So I think it is safe to close this one!!

Thank you for your help in implementing this @ameukam
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.