Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Remove template operator assets related code #11771

Merged
merged 1 commit into from
Sep 4, 2024
Merged

chore: Remove template operator assets related code #11771

merged 1 commit into from
Sep 4, 2024

Conversation

ruanxin
Copy link
Contributor

@ruanxin ruanxin commented Sep 3, 2024

Description

Related issue(s)
kyma-project/lifecycle-manager#1811

@ruanxin ruanxin requested review from neighbors-dev-bot and a team as code owners September 3, 2024 14:45
@kyma-bot kyma-bot added cla: yes Indicates the PR's author has signed the CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 3, 2024
@ruanxin ruanxin mentioned this pull request Sep 3, 2024
Closed
3 tasks
@kyma-bot
Copy link
Contributor

kyma-bot commented Sep 3, 2024

Plan Result

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 2 to change, 2 to destroy.
  • Create
    • module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n name: kyma-bot-github-token\nspec:\n enforcementAction: deny\n match:\n kinds:\n - apiGroups: [""]\n kinds: ["Pod"]\n namespaces:\n - "default"\n parameters:\n restrictedSecrets:\n # usually provided with preset-bot-github-token\n - kyma-bot-github-token\n trustedImages:\n # rel-api-gateway-goreleaser\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026 ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.$'\n # rel-kyma-cli\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","ci-release"\],"container_name":"test",.$'\n - image: "eu.gcr.io/kyma-project/test-infra/bootstrap:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.$'\n # pre-main-kyma-gardener-gcp-eventing-upgrade\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.$'\n # skr-aws-upgrade-integration-dev\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.$'\n # post-keda-manager-module-build\n - image: "eu.gcr.io/kyma-project/test-infra/buildpack-golang:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.$'\n # post-telemetry-manager-release-module\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","release"\],"container_name":"test",.$'\n # pre-main-check-users-map\n - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["/ko-app/usersmapchecker"\],"container_name":"test",.}$'\n # release-serverless-module-build\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.}$'\n # sidecar\n - image: "gcr.io/k8s-prow/sidecar:"\n command: []\n args: []"]
    • module.untrusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n name: kyma-bot-github-token\nspec:\n enforcementAction: deny\n match:\n kinds:\n - apiGroups: [""]\n kinds: ["Pod"]\n namespaces:\n - "default"\n parameters:\n restrictedSecrets:\n # usually provided with preset-bot-github-token\n - kyma-bot-github-token\n trustedImages:\n # rel-api-gateway-goreleaser\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026 ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.$'\n # rel-kyma-cli\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","ci-release"\],"container_name":"test",.$'\n - image: "eu.gcr.io/kyma-project/test-infra/bootstrap:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.$'\n # pre-main-kyma-gardener-gcp-eventing-upgrade\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.$'\n # skr-aws-upgrade-integration-dev\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.$'\n # post-keda-manager-module-build\n - image: "eu.gcr.io/kyma-project/test-infra/buildpack-golang:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.$'\n # post-telemetry-manager-release-module\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","release"\],"container_name":"test",.$'\n # pre-main-check-users-map\n - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["/ko-app/usersmapchecker"\],"container_name":"test",.}$'\n # release-serverless-module-build\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.}$'\n # sidecar\n - image: "gcr.io/k8s-prow/sidecar:"\n command: []\n args: []"]
  • Update
    • google_service_account.sa-gke-kyma-integration
    • module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner
  • Delete
    • module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n name: kyma-bot-github-token\nspec:\n enforcementAction: deny\n match:\n kinds:\n - apiGroups: [""]\n kinds: ["Pod"]\n namespaces:\n - "default"\n parameters:\n restrictedSecrets:\n # usually provided with preset-bot-github-token\n - kyma-bot-github-token\n trustedImages:\n # rel-api-gateway-goreleaser\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026 ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.$'\n # rel-kyma-cli\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","ci-release"\],"container_name":"test",.$'\n - image: "eu.gcr.io/kyma-project/test-infra/bootstrap:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.$'\n # pre-main-kyma-gardener-gcp-eventing-upgrade\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.$'\n # skr-aws-upgrade-integration-dev\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.$'\n # post-keda-manager-module-build\n - image: "eu.gcr.io/kyma-project/test-infra/buildpack-golang:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.$'\n # post-telemetry-manager-release-module\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","release"\],"container_name":"test",.$'\n # pre-main-check-users-map\n - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["/ko-app/usersmapchecker"\],"container_name":"test",.}$'\n # release-serverless-module-build\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.}$'\n # sidecar\n - image: "gcr.io/k8s-prow/sidecar:"\n command: []\n args: []\n # Upload template-operator release assets to the GitHub release. https://github.com/release-template-operator-assets pipeline needs access to github secret #9338\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["\.\/scripts\/release\/upload_assets\.sh","ci"\],"container_name":"test",.*}$'"]
    • module.untrusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n name: kyma-bot-github-token\nspec:\n enforcementAction: deny\n match:\n kinds:\n - apiGroups: [""]\n kinds: ["Pod"]\n namespaces:\n - "default"\n parameters:\n restrictedSecrets:\n # usually provided with preset-bot-github-token\n - kyma-bot-github-token\n trustedImages:\n # rel-api-gateway-goreleaser\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026 ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.$'\n # rel-kyma-cli\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","ci-release"\],"container_name":"test",.$'\n - image: "eu.gcr.io/kyma-project/test-infra/bootstrap:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.$'\n # pre-main-kyma-gardener-gcp-eventing-upgrade\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.$'\n # skr-aws-upgrade-integration-dev\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.$'\n # post-keda-manager-module-build\n - image: "eu.gcr.io/kyma-project/test-infra/buildpack-golang:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.$'\n # post-telemetry-manager-release-module\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^."args":\["make","release"\],"container_name":"test",.$'\n # pre-main-check-users-map\n - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["/ko-app/usersmapchecker"\],"container_name":"test",.}$'\n # release-serverless-module-build\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.}$'\n # sidecar\n - image: "gcr.io/k8s-prow/sidecar:"\n command: []\n args: []\n # Upload template-operator release assets to the GitHub release. https://github.com/release-template-operator-assets pipeline needs access to github secret #9338\n - image: "europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:"\n command:\n - /tools/entrypoint\n args: []\n entrypoint_options: '^{."args":\["\.\/scripts\/release\/upload_assets\.sh","ci"\],"container_name":"test",.*}$'"]
Change Result (Click me) 
  # google_service_account.sa-gke-kyma-integration will be updated in-place
  ~ resource "google_service_account" "sa-gke-kyma-integration" {
      ~ description  = "Service account is used by Prow to integrate with GKE." -> "Service account is used by Prow to integrate with GKE. Will be removed with Prow"
        id           = "projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com"
        name         = "projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com"
        # (7 unchanged attributes hidden)
    }

  # module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner will be updated in-place
  ~ resource "google_cloud_scheduler_job" "service_account_keys_cleaner" {
        id               = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner"
        name             = "service-account-keys-cleaner"
        # (8 unchanged attributes hidden)

      ~ http_target {
          ~ uri         = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24" -> "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24"
            # (2 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }
    }

  # module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: kyma-bot-github-token\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-bot-github-token\n      - kyma-bot-github-token\n    trustedImages:\n      # rel-api-gateway-goreleaser\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/bin\\/bash\",\"-c\",\"mkdir -p \\/prow-tools \\\\u0026\\\\u0026 ln -s \\/usr\\/local\\/bin\\/jobguard \\/prow-tools\\/jobguard \\\\u0026\\\\u0026 hack/release.sh\"\\],\"container_name\":\"test\",.*$'\n      # rel-kyma-cli\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"ci-release\"\\],\"container_name\":\"test\",.*$'\n      - image: \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/build-kyma-artifacts\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-kyma-gardener-gcp-eventing-upgrade\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/kyma-integration-gardener-eventing-upgrade\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # skr-aws-upgrade-integration-dev\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/skr-aws-upgrade-integration-dev\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # post-keda-manager-module-build\n      - image: \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\.\\/scripts\\/release.sh\",\"ci\"\\],\"container_name\":\"test\",.*$'\n      # post-telemetry-manager-release-module\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"release\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-check-users-map\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"/ko-app/usersmapchecker\"\\],\"container_name\":\"test\",.*}$'\n      # release-serverless-module-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []"] will be created
  + resource "kubectl_manifest" "constraints" {
      + api_version             = "constraints.gatekeeper.sh/v1beta1"
      + apply_only              = false
      + field_manager           = "kubectl"
      + force_conflicts         = false
      + force_new               = false
      + id                      = (known after apply)
      + kind                    = "SecretTrustedUsage"
      + live_manifest_incluster = (sensitive value)
      + live_uid                = (known after apply)
      + name                    = "kyma-bot-github-token"
      + namespace               = (known after apply)
      + server_side_apply       = false
      + uid                     = (known after apply)
      + validate_schema         = true
      + wait_for_rollout        = true
      + yaml_body               = (sensitive value)
      + yaml_body_parsed        = <<-EOT
            apiVersion: constraints.gatekeeper.sh/v1beta1
            kind: SecretTrustedUsage
            metadata:
              name: kyma-bot-github-token
            spec:
              enforcementAction: deny
              match:
                kinds:
                - apiGroups:
                  - ""
                  kinds:
                  - Pod
                namespaces:
                - default
              parameters:
                restrictedSecrets:
                - kyma-bot-github-token
                trustedImages:
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026
                    ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","ci-release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/bootstrap:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/buildpack-golang:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["/ko-app/usersmapchecker"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command: []
                  image: gcr.io/k8s-prow/sidecar:*
        EOT
      + yaml_incluster          = (sensitive value)
    }

  # module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: kyma-bot-github-token\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-bot-github-token\n      - kyma-bot-github-token\n    trustedImages:\n      # rel-api-gateway-goreleaser\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/bin\\/bash\",\"-c\",\"mkdir -p \\/prow-tools \\\\u0026\\\\u0026 ln -s \\/usr\\/local\\/bin\\/jobguard \\/prow-tools\\/jobguard \\\\u0026\\\\u0026 hack/release.sh\"\\],\"container_name\":\"test\",.*$'\n      # rel-kyma-cli\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"ci-release\"\\],\"container_name\":\"test\",.*$'\n      - image: \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/build-kyma-artifacts\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-kyma-gardener-gcp-eventing-upgrade\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/kyma-integration-gardener-eventing-upgrade\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # skr-aws-upgrade-integration-dev\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/skr-aws-upgrade-integration-dev\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # post-keda-manager-module-build\n      - image: \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\.\\/scripts\\/release.sh\",\"ci\"\\],\"container_name\":\"test\",.*$'\n      # post-telemetry-manager-release-module\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"release\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-check-users-map\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"/ko-app/usersmapchecker\"\\],\"container_name\":\"test\",.*}$'\n      # release-serverless-module-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []\n      # Upload template-operator release assets to the GitHub release. https://github.com/kyma-project/test-infra/issues/9338\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\/upload_assets\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'"] will be destroyed
  # (because key ["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: kyma-bot-github-token\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-bot-github-token\n      - kyma-bot-github-token\n    trustedImages:\n      # rel-api-gateway-goreleaser\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/bin\\/bash\",\"-c\",\"mkdir -p \\/prow-tools \\\\u0026\\\\u0026 ln -s \\/usr\\/local\\/bin\\/jobguard \\/prow-tools\\/jobguard \\\\u0026\\\\u0026 hack/release.sh\"\\],\"container_name\":\"test\",.*$'\n      # rel-kyma-cli\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"ci-release\"\\],\"container_name\":\"test\",.*$'\n      - image: \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/build-kyma-artifacts\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-kyma-gardener-gcp-eventing-upgrade\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/kyma-integration-gardener-eventing-upgrade\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # skr-aws-upgrade-integration-dev\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/skr-aws-upgrade-integration-dev\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # post-keda-manager-module-build\n      - image: \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\.\\/scripts\\/release.sh\",\"ci\"\\],\"container_name\":\"test\",.*$'\n      # post-telemetry-manager-release-module\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"release\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-check-users-map\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"/ko-app/usersmapchecker\"\\],\"container_name\":\"test\",.*}$'\n      # release-serverless-module-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []\n      # Upload template-operator release assets to the GitHub release. https://github.com/kyma-project/test-infra/issues/9338\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\/upload_assets\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'"] is not in for_each map)
  - resource "kubectl_manifest" "constraints" {
      - api_version             = "constraints.gatekeeper.sh/v1beta1" -> null
      - apply_only              = false -> null
      - field_manager           = "kubectl" -> null
      - force_conflicts         = false -> null
      - force_new               = false -> null
      - id                      = "/apis/constraints.gatekeeper.sh/v1beta1/secrettrustedusages/kyma-bot-github-token" -> null
      - kind                    = "SecretTrustedUsage" -> null
      - live_manifest_incluster = (sensitive value) -> null
      - live_uid                = "80741559-494f-4433-9a42-a973622060a2" -> null
      - name                    = "kyma-bot-github-token" -> null
      - server_side_apply       = false -> null
      - uid                     = "80741559-494f-4433-9a42-a973622060a2" -> null
      - validate_schema         = true -> null
      - wait_for_rollout        = true -> null
      - yaml_body               = (sensitive value) -> null
      - yaml_body_parsed        = <<-EOT
            apiVersion: constraints.gatekeeper.sh/v1beta1
            kind: SecretTrustedUsage
            metadata:
              name: kyma-bot-github-token
            spec:
              enforcementAction: deny
              match:
                kinds:
                - apiGroups:
                  - ""
                  kinds:
                  - Pod
                namespaces:
                - default
              parameters:
                restrictedSecrets:
                - kyma-bot-github-token
                trustedImages:
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026
                    ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","ci-release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/bootstrap:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/buildpack-golang:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["/ko-app/usersmapchecker"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command: []
                  image: gcr.io/k8s-prow/sidecar:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["\.\/scripts\/release\/upload_assets\.sh","ci"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
        EOT -> null
      - yaml_incluster          = (sensitive value) -> null
    }

  # module.untrusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: kyma-bot-github-token\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-bot-github-token\n      - kyma-bot-github-token\n    trustedImages:\n      # rel-api-gateway-goreleaser\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/bin\\/bash\",\"-c\",\"mkdir -p \\/prow-tools \\\\u0026\\\\u0026 ln -s \\/usr\\/local\\/bin\\/jobguard \\/prow-tools\\/jobguard \\\\u0026\\\\u0026 hack/release.sh\"\\],\"container_name\":\"test\",.*$'\n      # rel-kyma-cli\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"ci-release\"\\],\"container_name\":\"test\",.*$'\n      - image: \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/build-kyma-artifacts\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-kyma-gardener-gcp-eventing-upgrade\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/kyma-integration-gardener-eventing-upgrade\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # skr-aws-upgrade-integration-dev\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/skr-aws-upgrade-integration-dev\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # post-keda-manager-module-build\n      - image: \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\.\\/scripts\\/release.sh\",\"ci\"\\],\"container_name\":\"test\",.*$'\n      # post-telemetry-manager-release-module\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"release\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-check-users-map\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"/ko-app/usersmapchecker\"\\],\"container_name\":\"test\",.*}$'\n      # release-serverless-module-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []"] will be created
  + resource "kubectl_manifest" "constraints" {
      + api_version             = "constraints.gatekeeper.sh/v1beta1"
      + apply_only              = false
      + field_manager           = "kubectl"
      + force_conflicts         = false
      + force_new               = false
      + id                      = (known after apply)
      + kind                    = "SecretTrustedUsage"
      + live_manifest_incluster = (sensitive value)
      + live_uid                = (known after apply)
      + name                    = "kyma-bot-github-token"
      + namespace               = (known after apply)
      + server_side_apply       = false
      + uid                     = (known after apply)
      + validate_schema         = true
      + wait_for_rollout        = true
      + yaml_body               = (sensitive value)
      + yaml_body_parsed        = <<-EOT
            apiVersion: constraints.gatekeeper.sh/v1beta1
            kind: SecretTrustedUsage
            metadata:
              name: kyma-bot-github-token
            spec:
              enforcementAction: deny
              match:
                kinds:
                - apiGroups:
                  - ""
                  kinds:
                  - Pod
                namespaces:
                - default
              parameters:
                restrictedSecrets:
                - kyma-bot-github-token
                trustedImages:
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026
                    ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","ci-release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/bootstrap:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/buildpack-golang:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["/ko-app/usersmapchecker"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command: []
                  image: gcr.io/k8s-prow/sidecar:*
        EOT
      + yaml_incluster          = (sensitive value)
    }

  # module.untrusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: kyma-bot-github-token\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-bot-github-token\n      - kyma-bot-github-token\n    trustedImages:\n      # rel-api-gateway-goreleaser\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/bin\\/bash\",\"-c\",\"mkdir -p \\/prow-tools \\\\u0026\\\\u0026 ln -s \\/usr\\/local\\/bin\\/jobguard \\/prow-tools\\/jobguard \\\\u0026\\\\u0026 hack/release.sh\"\\],\"container_name\":\"test\",.*$'\n      # rel-kyma-cli\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"ci-release\"\\],\"container_name\":\"test\",.*$'\n      - image: \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/build-kyma-artifacts\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-kyma-gardener-gcp-eventing-upgrade\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/kyma-integration-gardener-eventing-upgrade\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # skr-aws-upgrade-integration-dev\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/skr-aws-upgrade-integration-dev\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # post-keda-manager-module-build\n      - image: \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\.\\/scripts\\/release.sh\",\"ci\"\\],\"container_name\":\"test\",.*$'\n      # post-telemetry-manager-release-module\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"release\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-check-users-map\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"/ko-app/usersmapchecker\"\\],\"container_name\":\"test\",.*}$'\n      # release-serverless-module-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []\n      # Upload template-operator release assets to the GitHub release. https://github.com/kyma-project/test-infra/issues/9338\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\/upload_assets\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'"] will be destroyed
  # (because key ["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: kyma-bot-github-token\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-bot-github-token\n      - kyma-bot-github-token\n    trustedImages:\n      # rel-api-gateway-goreleaser\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/bin\\/bash\",\"-c\",\"mkdir -p \\/prow-tools \\\\u0026\\\\u0026 ln -s \\/usr\\/local\\/bin\\/jobguard \\/prow-tools\\/jobguard \\\\u0026\\\\u0026 hack/release.sh\"\\],\"container_name\":\"test\",.*$'\n      # rel-kyma-cli\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"ci-release\"\\],\"container_name\":\"test\",.*$'\n      - image: \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/build-kyma-artifacts\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-kyma-gardener-gcp-eventing-upgrade\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/kyma-integration-gardener-eventing-upgrade\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # skr-aws-upgrade-integration-dev\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\/home\\/prow\\/go\\/src\\/github\\.com\\/kyma-project\\/test-infra\\/prow\\/scripts\\/cluster-integration\\/skr-aws-upgrade-integration-dev\\.sh\"\\],\"container_name\":\"test\",.*$'\n      # post-keda-manager-module-build\n      - image: \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"\\.\\/scripts\\/release.sh\",\"ci\"\\],\"container_name\":\"test\",.*$'\n      # post-telemetry-manager-release-module\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^.*\"args\":\\[\"make\",\"release\"\\],\"container_name\":\"test\",.*$'\n      # pre-main-check-users-map\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"/ko-app/usersmapchecker\"\\],\"container_name\":\"test\",.*}$'\n      # release-serverless-module-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []\n      # Upload template-operator release assets to the GitHub release. https://github.com/kyma-project/test-infra/issues/9338\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\.\\/scripts\\/release\\/upload_assets\\.sh\",\"ci\"\\],\"container_name\":\"test\",.*}$'"] is not in for_each map)
  - resource "kubectl_manifest" "constraints" {
      - api_version             = "constraints.gatekeeper.sh/v1beta1" -> null
      - apply_only              = false -> null
      - field_manager           = "kubectl" -> null
      - force_conflicts         = false -> null
      - force_new               = false -> null
      - id                      = "/apis/constraints.gatekeeper.sh/v1beta1/secrettrustedusages/kyma-bot-github-token" -> null
      - kind                    = "SecretTrustedUsage" -> null
      - live_manifest_incluster = (sensitive value) -> null
      - live_uid                = "a38a845c-00e5-44ff-bc24-b828d762084c" -> null
      - name                    = "kyma-bot-github-token" -> null
      - server_side_apply       = false -> null
      - uid                     = "a38a845c-00e5-44ff-bc24-b828d762084c" -> null
      - validate_schema         = true -> null
      - wait_for_rollout        = true -> null
      - yaml_body               = (sensitive value) -> null
      - yaml_body_parsed        = <<-EOT
            apiVersion: constraints.gatekeeper.sh/v1beta1
            kind: SecretTrustedUsage
            metadata:
              name: kyma-bot-github-token
            spec:
              enforcementAction: deny
              match:
                kinds:
                - apiGroups:
                  - ""
                  kinds:
                  - Pod
                namespaces:
                - default
              parameters:
                restrictedSecrets:
                - kyma-bot-github-token
                trustedImages:
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/bin\/bash","-c","mkdir -p \/prow-tools \\u0026\\u0026
                    ln -s \/usr\/local\/bin\/jobguard \/prow-tools\/jobguard \\u0026\\u0026 hack/release.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","ci-release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/build-kyma-artifacts\.sh"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/bootstrap:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/kyma-integration-gardener-eventing-upgrade\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-garden:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\/home\/prow\/go\/src\/github\.com\/kyma-project\/test-infra\/prow\/scripts\/cluster-integration\/skr-aws-upgrade-integration-dev\.sh"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["\.\/scripts\/release.sh","ci"\],"container_name":"test",.*$
                  image: eu.gcr.io/kyma-project/test-infra/buildpack-golang:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^.*"args":\["make","release"\],"container_name":"test",.*$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["/ko-app/usersmapchecker"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["\.\/scripts\/release\.sh","ci"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
                - args: []
                  command: []
                  image: gcr.io/k8s-prow/sidecar:*
                - args: []
                  command:
                  - /tools/entrypoint
                  entrypoint_options: ^{.*"args":\["\.\/scripts\/release\/upload_assets\.sh","ci"\],"container_name":"test",.*}$
                  image: europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*
        EOT -> null
      - yaml_incluster          = (sensitive value) -> null
    }

Plan: 2 to add, 2 to change, 2 to destroy.

@kyma-bot kyma-bot added the lgtm Looks good to me! label Sep 3, 2024
@amritanshusikdar amritanshusikdar mentioned this pull request Sep 3, 2024
Closed
78 tasks
@kyma-bot kyma-bot merged commit a8b8dd2 into kyma-project:main Sep 4, 2024
7 checks passed
@kyma-bot
Copy link
Contributor

kyma-bot commented Sep 4, 2024

@ruanxin: Updated the job-config configmap in namespace default at cluster default using the following files:

  • key template-operator.yaml using file ``

In response to this:

Description

Related issue(s)
kyma-project/lifecycle-manager#1811

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kyma-bot
Copy link
Contributor

kyma-bot commented Sep 4, 2024

✅ Apply Result

CI link

Apply complete! Resources: 2 added, 2 changed, 2 destroyed.
Details (Click me) 
Acquiring state lock. This may take a few moments...
data.kubectl_file_documents.automated_approver_rules: Reading...
data.kubectl_file_documents.automated_approver: Reading...
data.kubectl_file_documents.automated_approver: Read complete after 0s [id=041bae835d515e1b5fc067d8d90150655f2f98cb96027a14eecf3f50cbe7c938]
data.kubectl_file_documents.automated_approver_rules: Read complete after 0s [id=48d07f870c26a37d3a48229fcc9cd29ae14bea83cf200e4e8326e5d755a1e790]
github_actions_organization_variable.image_builder_ado_pat_gcp_secret_name: Refreshing state... [id=IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME]
github_actions_variable.github_terraform_planner_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_PLANNER_SECRET_NAME]
data.github_repository.test_infra: Reading...
github_actions_variable.github_terraform_executor_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_EXECUTOR_SECRET_NAME]
data.github_repository.gitleaks_repository["test-infra"]: Reading...
github_actions_organization_variable.gcp_kyma_project_project_id: Refreshing state... [id=GCP_KYMA_PROJECT_PROJECT_ID]
data.github_organization.kyma-project: Reading...
module.service_account_keys_rotator.google_project_service_identity.pubsub_identity_agent: Refreshing state... [id=projects/sap-kyma-prow/services/pubsub.googleapis.com]
module.artifact_registry["modules-internal"].data.google_client_config.this: Reading...
google_container_cluster.trusted_workload: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow]
google_service_account.sa-gcs-plank: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcs-plank@sap-kyma-prow.iam.gserviceaccount.com]
module.artifact_registry["modules-internal"].data.google_client_config.this: Read complete after 0s [id=projects/"kyma-project"/regions/"europe-west4"/zones/<null>]
module.github_webhook_gateway.google_pubsub_topic.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled]
module.security_dashboard_token.data.google_project.project: Reading...
google_service_account.sa-security-dashboard-oauth: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-security-dashboard-oauth@sap-kyma-prow.iam.gserviceaccount.com]
google_dns_managed_zone.build_kyma: Refreshing state... [id=projects/sap-kyma-prow/managedZones/build-kyma]
google_service_account.kyma-oci-image-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-oci-image-builder@sap-kyma-prow.iam.gserviceaccount.com]
data.google_pubsub_topic.secret-manager-notifications-topic: Reading...
google_service_account.terraform_planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.google_cloud_run_service.security_dashboard_token: Refreshing state... [id=locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token]
module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Reading...
module.github_webhook_gateway.data.google_iam_policy.noauth: Reading...
module.github_webhook_gateway.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
google_service_account.sa-gke-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
data.google_pubsub_topic.secret-manager-notifications-topic: Read complete after 0s [id=projects/sap-kyma-prow/topics/secret-manager-notifications]
google_service_account.secret-manager-prow: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-prow@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.gitleaks_secret_accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.neighbors-conduit-cli-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/neighbors-conduit-cli-builder@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.gencred-refresher: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gencred-refresher@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret]
google_service_account.gitleaks-secret-accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma-compliance-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-compliance-pipeline@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-secret-update: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-secret-update@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-project@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/17360148176148949136]
data.google_container_cluster.prow_k8s_cluster: Reading...
data.google_container_cluster.trusted_workload_k8s_cluster: Reading...
google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
google_pubsub_topic.secrets_rotator_dead_letter: Refreshing state... [id=projects/sap-kyma-prow/topics/secrets-rotator-dead-letter]
module.github_webhook_gateway.google_service_account.github_webhook_gateway: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.data.google_project.project: Reading...
google_service_account.sa-dev-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-dev-kyma-project@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.data.google_iam_policy.noauth: Reading...
module.security_dashboard_token.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
google_service_account.terraform-planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prow-deploy: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-deploy@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gcr-kyma-project-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcr-kyma-project-trusted@sap-kyma-prow.iam.gserviceaccount.com]
data.github_repository.test_infra: Read complete after 1s [id=test-infra]
google_service_account.sa-prow-pubsub: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-pubsub@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa_gke_kyma_integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.data.google_project.project: Reading...
data.google_client_config.gcp: Reading...
module.cors_proxy.data.google_iam_policy.noauth: Reading...
module.cors_proxy.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
module.cors_proxy.google_cloud_run_service.cors_proxy: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy]
data.github_repository.gitleaks_repository["test-infra"]: Read complete after 1s [id=test-infra]
module.service_account_keys_rotator.data.google_project.project: Reading...
module.github_webhook_gateway.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.sa-kyma-artifacts: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-artifacts@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-vm-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-vm-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/<null>]
google_service_account.sa-prow-job-resource-cleaners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-job-resource-cleaners@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Reading...
module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading...
module.cors_proxy.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.gcr-cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gcr-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.counduit-cli-bucket: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/counduit-cli-bucket@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token]
module.service_account_keys_rotator.google_service_account.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token]
data.google_container_cluster.untrusted_workload_k8s_cluster: Reading...
module.service_account_keys_cleaner.google_service_account.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma-security-scanners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-security-scanners@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.control-plane: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/control-plane@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
module.service_account_keys_cleaner.data.google_project.project: Reading...
google_service_account.secret-manager-untrusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-untrusted@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prowjob-gcp-logging-client: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prowjob-gcp-logging-client@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.secret-manager-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-trusted@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gardener-logs: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gardener-logs@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.secrets-rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.firebase-adminsdk-udzxq: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/firebase-adminsdk-udzxq@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.terraform-executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-kyma-dns-serviceuser: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-dns-serviceuser@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma-submission-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-submission-pipeline@sap-kyma-prow.iam.gserviceaccount.com]
module.artifact_registry["modules-internal"].google_artifact_registry_repository.artifact_registry: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/modules-internal]
module.service_account_keys_cleaner.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow]
github_actions_variable.gcp_terraform_planner_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_PLANNER_SERVICE_ACCOUNT_EMAIL]
google_project_iam_member.terraform_planner_workloads_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow-workloads/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_storage_bucket_iam_binding.planner_state_bucket_write_access: Refreshing state... [id=b/tf-state-kyma-project/roles/storage.objectUser]
data.google_container_cluster.prow_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow]
google_service_account_iam_binding.terraform_planner_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/iam.securityReviewer"]: Refreshing state... [id=sap-kyma-prow/roles/iam.securityReviewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/storage.objectViewer"]: Refreshing state... [id=sap-kyma-prow/roles/storage.objectViewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/container.developer"]: Refreshing state... [id=sap-kyma-prow/roles/container.developer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.data.google_iam_policy.run_invoker: Reading...
module.slack_message_sender.data.google_iam_policy.run_invoker: Read complete after 0s [id=1526577908]
module.slack_message_sender.google_project_iam_member.project_run_invoker: Refreshing state... [id=sap-kyma-prow/roles/run.invoker/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_project_iam_member.terraform_executor_prow_project_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
github_actions_variable.gcp_terraform_executor_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL]
google_project_iam_member.terraform_executor_workloads_project_owner: Refreshing state... [id=sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow]
module.github_webhook_gateway.google_secret_manager_secret_iam_member.webhook_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.trusted_workload_k8s_cluster: Read complete after 2s [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow]
module.github_webhook_gateway.google_pubsub_topic_iam_binding.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled/roles/pubsub.publisher]
google_project_iam_binding.dns_collector_container_analysis_occurrences_viewer: Refreshing state... [id=sap-kyma-prow/roles/containeranalysis.occurrences.viewer]
google_project_iam_binding.dns_collector_dns_reader: Refreshing state... [id=sap-kyma-prow/roles/dns.reader]
google_project_iam_binding.dns_collector_bucket_get: Refreshing state... [id=sap-kyma-prow/projects/sap-kyma-prow/roles/BucketGet]
module.security_dashboard_token.google_cloud_run_service_iam_policy.noauth: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west1/services/security-dashboard-token]
module.slack_message_sender.google_secret_manager_secret_iam_member.slack_msg_sender_common_slack_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/common-slack-bot-token/roles/secretmanager.secretAccessor/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.google_secret_manager_secret_iam_member.gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_cloud_run_service.service_account_keys_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator]
module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_adder: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionAdder/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_iam_binding.pubsub_project_token_creator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountTokenCreator]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_accessor: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretAccessor/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secrets_versions_manager: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionManager/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secret_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_sa_keys_admin: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.google_cloud_run_service_iam_policy.noauth: Refreshi

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

dead_letter_topic = {
  "effective_labels" = tomap({
    "application" = "secrets-rotator"
  })
  "id" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter"
  "ingestion_data_source_settings" = tolist([])
  "kms_key_name" = ""
  "labels" = tomap({
    "application" = "secrets-rotator"
  })
  "message_retention_duration" = "86600s"
  "message_storage_policy" = tolist([
    {
      "allowed_persistence_regions" = tolist([
        "africa-south1",
        "asia-east1",
        "asia-east2",
        "asia-northeast1",
        "asia-northeast2",
        "asia-northeast3",
        "asia-south1",
        "asia-south2",
        "asia-southeast1",
        "asia-southeast2",
        "australia-southeast1",
        "australia-southeast2",
        "europe-central2",
        "europe-north1",
        "europe-southwest1",
        "europe-west1",
        "europe-west10",
        "europe-west12",
        "europe-west2",
        "europe-west3",
        "europe-west4",
        "europe-west6",
        "europe-west8",
        "europe-west9",
        "me-central1",
        "me-central2",
        "me-west1",
        "northamerica-northeast1",
        "northamerica-northeast2",
        "southamerica-east1",
        "southamerica-west1",
        "us-central1",
        "us-central2",
        "us-east1",
        "us-east4",
        "us-east5",
        "us-east7",
        "us-south1",
        "us-west1",
        "us-west2",
        "us-west3",
        "us-west4",
        "us-west8",
      ])
    },
  ])
  "name" = "secrets-rotator-dead-letter"
  "project" = "sap-kyma-prow"
  "schema_settings" = tolist([])
  "terraform_labels" = tomap({
    "application" = "secrets-rotator"
  })
  "timeouts" = null /* object */
}
service_account_keys_cleaner = {
  "service_account_keys_cleaner_cloud_run_service" = {
    "autogenerate_revision_name" = false
    "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner"
    "location" = "europe-west4"
    "metadata" = tolist([
      {
        "annotations" = tomap({})
        "effective_annotations" = tomap({
          "run.googleapis.com/ingress" = "all"
          "run.googleapis.com/ingress-status" = "all"
          "run.googleapis.com/operation-id" = "8c135b9b-201c-4987-b37e-136e735e0008"
          "run.googleapis.com/urls" = "[\"https://service-account-keys-cleaner-351981214969.europe-west4.run.app\",\"https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app\"]"
          "serving.knative.dev/creator" = "kacper.malachowski@sap.com"
          "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "effective_labels" = tomap({
          "cloud.googleapis.com/location" = "europe-west4"
        })
        "generation" = 66
        "labels" = tomap({})
        "namespace" = "sap-kyma-prow"
        "resource_version" = "AAYgzgd1ll8"
        "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-cleaner"
        "terraform_labels" = tomap({})
        "uid" = "b294b2a5-1c7d-4ab2-a8e3-ad27bbb0b00c"
      },
    ])
    "name" = "service-account-keys-cleaner"
    "project" = "sap-kyma-prow"
    "status" = tolist([
      {
        "conditions" = tolist([
          {
            "message" = ""
            "reason" = ""
            "status" = "True"
            "type" = "Ready"
          },
          {
            "message" = ""
            "reason" = ""
            "status" = "True"
            "type" = "ConfigurationsReady"
          },
          {
            "message" = ""
            "reason" = ""
            "status" = "True"
            "type" = "RoutesReady"
          },
        ])
        "latest_created_revision_name" = "service-account-keys-cleaner-00066-nhf"
        "latest_ready_revision_name" = "service-account-keys-cleaner-00066-nhf"
        "observed_generation" = 66
        "traffic" = tolist([
          {
            "latest_revision" = true
            "percent" = 100
            "revision_name" = "service-account-keys-cleaner-00066-nhf"
            "tag" = ""
            "url" = ""
          },
        ])
        "url" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app"
      },
    ])
    "template" = tolist([
      {
        "metadata" = tolist([
          {
            "annotations" = tomap({
              "autoscaling.knative.dev/maxScale" = "100"
            })
            "generation" = 0
            "labels" = tomap({
              "run.googleapis.com/startupProbeType" = "Default"
            })
            "name" = ""
            "namespace" = ""
            "resource_version" = ""
            "self_link" = ""
            "uid" = ""
          },
        ])
        "spec" = tolist([
          {
            "container_concurrency" = 80
            "containers" = tolist([
              {
                "args" = tolist([])
                "command" = tolist([])
                "env" = toset([
                  {
                    "name" = "APPLICATION_NAME"
                    "value" = "secrets-rotator"
                    "value_from" = tolist([])
                  },
                  {
                    "name" = "COMPONENT_NAME"
                    "value" = "service-account-keys-cleaner"
                    "value_from" = tolist([])
                  },
                  {
                    "name" = "LISTEN_PORT"
                    "value" = "8080"
                    "value_from" = tolist([])
                  },
                ])
                "env_from" = tolist([])
                "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240829-69a0a0aa"
                "liveness_probe" = tolist([])
                "name" = ""
                "ports" = tolist([
                  {
                    "container_port" = 8080
                    "name" = "http1"
                    "protocol" = ""
                  },
                ])
                "resources" = tolist([
                  {
                    "limits" = tomap({
                      "cpu" = "1000m"
                      "memory" = "512Mi"
                    })
                    "requests" = tomap({})
                  },
                ])
                "startup_probe" = tolist([
                  {
                    "failure_threshold" = 1
                    "grpc" = tolist([])
                    "http_get" = tolist([])
                    "initial_delay_seconds" = 0
                    "period_seconds" = 240
                    "tcp_socket" = tolist([
                      {
                        "port" = 8080
                      },
                    ])
                    "timeout_seconds" = 240
                  },
                ])
                "volume_mounts" = tolist([])
                "working_dir" = ""
              },
            ])
            "service_account_name" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com"
            "serving_state" = ""
            "timeout_seconds" = 300
            "volumes" = tolist([])
          },
        ])
      },
    ])
    "timeouts" = null /* object */
    "traffic" = tolist([
      {
        "latest_revision" = true
        "percent" = 100
        "revision_name" = ""
        "tag" = ""
        "url" = ""
      },
    ])
  }
  "service_account_keys_cleaner_secheduler" = {
    "app_engine_http_target" = tolist([])
    "attempt_deadline" = "320s"
    "description" = "Call service account keys cleaner service, to remove old versions of secrets"
    "http_target" = tolist([
      {
        "body" = ""
        "headers" = tomap({})
        "http_method" = "GET"
        "oauth_token" = tolist([])
        "oidc_token" = tolist([
          {
            "audience" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app"
            "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com"
          },
        ])
        "uri" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24"
      },
    ])
    "id" = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner"
    "name" = "service-account-keys-cleaner"
    "paused" = false
    "project" = "sap-kyma-prow"
    "pubsub_target" = tolist([])
    "region" = "europe-west3"
    "retry_config" = tolist([])
    "schedule" = "0 0 * * 1-5"
    "state" = "ENABLED"
    "time_zone" = "Etc/UTC"
    "timeouts" = null /* object */
  }
  "service_account_keys_cleaner_service_account" = {
    "account_id" = "sa-keys-cleaner"
    "create_ignore_already_exists" = tobool(null)
    "description" = "Identity of the service account keys rotator service."
    "disabled" = false
    "display_name" = ""
    "email" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com"
    "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com"
    "member" = "serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com"
    "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com"
    "project" = "sap-kyma-prow"
    "timeouts" = null /* object */
    "unique_id" = "101317727774651823048"
  }
}
service_account_keys_rotator = {
  "service_account_keys_rotator_cloud_run_service" = {
    "autogenerate_revision_name" = false
    "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator"
    "location" = "europe-west4"
    "metadata" = tolist([
      {
        "annotations" = tomap({})
        "effective_annotations" = tomap({
          "run.googleapis.com/ingress" = "all"
          "run.googleapis.com/ingress-status" = "all"
          "run.googleapis.com/operation-id" = "55383ed8-b34a-4caf-888b-c9233594fc08"
          "run.googleapis.com/urls" = "[\"https://service-account-keys-rotator-351981214969.europe-west4.run.app\",\"https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app\"]"
          "serving.knative.dev/creator" = "kacper.malachowski@sap.com"
          "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "effective_labels" = tomap({
          "cloud.googleapis.com/location" = "europe-west4"
        })
        "generation" = 65
        "labels" = tomap({})
        "namespace" = "sap-kyma-prow"
        "resource_version" = "AAYgzgd8X7I"
        "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-rotator"
        "terraform_labels" = tomap({})
        "uid" = "c91dbea8-bbbb-4f82-99f5-1f40befe699c"
      },
    ])
    "name" = "service-account-keys-rotator"
    "project" = "sap-kyma-prow"
    "status" = tolist([
      {
        "conditions" = tolist([
          {
            "message" = ""
            "reason" = ""
            "status" = "True"
            "type" = "Ready"
          },
          {
            "message" = ""
            "reason" = ""
            "status" = "True"
            "type" = "ConfigurationsReady"
          },
          {
            "message" = ""
            "reason" = ""
            "status" = "True"
            "type" = "RoutesReady"
          },
        ])
        "latest_created_revision_name" = "service-account-keys-rotator-00065-n8s"
        "latest_ready_revision_name" = "service-account-keys-rotator-00065-n8s"
        "observed_generation" = 65
        "traffic" = tolist([
          {
            "latest_revision" = true
            "percent" = 100
            "revision_name" = "service-account-keys-rotator-00065-n8s"
            "tag" = ""
            "url" = ""
          },
        ])
        "url" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app"
      },
    ])
    "template" = tolist([
      {
        "metadata" = tolist([
          {
            "annotations" = tomap({
              "autoscaling.knative.dev/maxScale" = "100"
            })
            "generation" = 0
            "labels" = tomap({
              "run.googleapis.com/startupProbeType" = "Default"
            })
            "name" = ""
            "namespace" = ""
            "resource_version" = ""
            "self_link" = ""
            "uid" = ""
          },
        ])
        "spec" = tolist([
          {
            "container_concurrency" = 80
            "containers" = tolist([
              {
                "args" = tolist([])
                "command" = tolist([])
                "env" = toset([
                  {
                    "name" = "APPLICATION_NAME"
                    "value" = "secrets-rotator"
                    "value_from" = tolist([])
                  },
                  {
                    "name" = "COMPONENT_NAME"
                    "value" = "service-account-keys-rotator"
                    "value_from" = tolist([])
                  },
                  {
                    "name" = "LISTEN_PORT"
                    "value" = "8080"
                    "value_from" = tolist([])
                  },
                ])
                "env_from" = tolist([])
                "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240829-69a0a0aa"
                "liveness_probe" = tolist([])
                "name" = ""
                "ports" = tolist([
                  {
                    "container_port" = 8080
                    "name" = "http1"
                    "protocol" = ""
                  },
                ])
                "resources" = tolist([
                  {
                    "limits" = tomap({
                      "cpu" = "1000m"
                      "memory" = "512Mi"
                    })
                    "requests" = tomap({})
                  },
                ])
                "startup_probe" = tolist([
                  {
                    "failure_threshold" = 1
                    "grpc" = tolist([])
                    "http_get" = tolist([])
                    "initial_delay_seconds" = 0
                    "period_seconds" = 240
                    "tcp_socket" = tolist([
                      {
                        "port" = 8080
                      },
                    ])
                    "timeout_seconds" = 240
                  },
                ])
                "volume_mounts" = tolist([])
                "working_dir" = ""
              },
            ])
            "service_account_name" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
            "serving_state" = ""
            "timeout_seconds" = 300
            "volumes" = tolist([])
          },
        ])
      },
    ])
    "timeouts" = null /* object */
    "traffic" = tolist([
      {
        "latest_revision" = true
        "percent" = 100
        "revision_name" = ""
        "tag" = ""
        "url" = ""
      },
    ])
  }
  "service_account_keys_rotator_service_account" = {
    "account_id" = "sa-keys-rotator"
    "create_ignore_already_exists" = tobool(null)
    "description" = "Identity of the service account keys rotator service."
    "disabled" = false
    "display_name" = ""
    "email" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
    "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
    "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
    "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
    "project" = "sap-kyma-prow"
    "timeouts" = null /* object */
    "unique_id" = "116267434130697196528"
  }
  "service_account_keys_rotator_service_account_iam" = {
    "condition" = tolist([])
    "etag" = "BwYgCM79eVI="
    "id" = "sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
    "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com"
    "project" = "sap-kyma-prow"
    "role" = "roles/iam.serviceAccountKeyAdmin"
  }
  "service_account_keys_rotator_subscription" = {
    "ack_deadline_seconds" = 20
    "bigquery_config" = tolist([])
    "cloud_storage_config" = tolist([])
    "dead_letter_policy" = tolist([
      {
        "dead_letter_topic" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter"
        "max_delivery_attempts" = 15
      },
    ])
    "effective_labels" = tomap({
      "application_name" = "secrets-rotator"
    })
    "enable_exactly_once_delivery" = false
    "enable_message_ordering" = false
    "expiration_policy" = tolist([
      {
        "ttl" = "31556952s"
      },
    ])
    "filter" = "attributes.eventType = \"SECRET_ROTATE\""
    "id" = "projects/sap-kyma-prow/subscriptions/secrets-rotator-service-account-keys-rotator"
    "labels" = tomap({
      "application_name" = "secrets-rotator"
    })
    "message_retention_duration" = "604800s"
    "name" = "secrets-rotator-service-account-keys-rotator"
    "project" = "sap-kyma-prow"
    "push_config" = tolist([
      {
        "attributes" = tomap({})
        "no_wrapper" = tolist([])
        "oidc_token" = tolist([
          {
            "audience" = ""
            "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com"
          },
        ])
        "push_endpoint" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app"
      },
    ])
    "retain_acked_messages" = false
    "retry_policy" = tolist([
      {
        "maximum_backoff" = "600s"
        "minimum_backoff" = "300s"
      },
    ])
    "terraform_labels" = tomap({
      "application_name" = "secrets-rotator"
    })
    "timeouts" = null /* object */
    "topic" = "projects/sap-kyma-prow/topics/secret-manager-notifications"
  }
}
terraform_executor_gcp_prow_project_iam_member = {
  "condition" = tolist([])
  "etag" = "BwYgCM79eVI="
  "id" = "sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "project" = "sap-kyma-prow"
  "role" = "roles/owner"
}
terraform_executor_gcp_service_account = {
  "account_id" = "terraform-executor"
  "create_ignore_already_exists" = tobool(null)
  "description" = "Identity of terraform executor. It's mapped to k8s service account through workload identity."
  "disabled" = false
  "display_name" = "terraform-executor"
  "email" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "name" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "project" = "sap-kyma-prow"
  "timeouts" = null /* object */
  "unique_id" = "109665069699011807029"
}
terraform_executor_gcp_workload_identity = {
  "condition" = tolist([])
  "etag" = "BwYSslcC1II="
  "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser"
  "members" = toset([
    "principal://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/subject/repository_id:147495537:repository_owner_id:39153523:workflow:Post Apply Prod Terraform",
  ])
  "role" = "roles/iam.workloadIdentityUser"
  "service_account_id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
}
terraform_executor_gcp_workloads_project_iam_member = {
  "condition" = tolist([])
  "etag" = "BwYa6EJDduE="
  "id" = "sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
  "project" = "sap-kyma-prow-workloads"
  "role" = "roles/owner"
}
trusted_workload_gatekeeper = <sensitive>
untrusted_workload_gatekeeper = <sensitive>

`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sawthis Sawthis Sawthis approved these changes

@jeremyharisch jeremyharisch jeremyharisch approved these changes

@amritanshusikdar amritanshusikdar amritanshusikdar approved these changes

@neighbors-dev-bot neighbors-dev-bot Awaiting requested review from neighbors-dev-bot neighbors-dev-bot is a code owner

@dekiel dekiel Awaiting requested review from dekiel dekiel is a code owner automatically assigned from kyma-project/prow

@KacperMalachowski KacperMalachowski Awaiting requested review from KacperMalachowski KacperMalachowski is a code owner automatically assigned from kyma-project/prow

Assignees

@amritanshusikdar amritanshusikdar

@jeremyharisch jeremyharisch

@Sawthis Sawthis

Labels
cla: yes Indicates the PR's author has signed the CLA. destroy lgtm Looks good to me! size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ruanxin @kyma-bot @amritanshusikdar @jeremyharisch @Sawthis