Update Prow to v20240517-14144c079

[kyma-bot]

gcr.io/k8s-prow/ changes: https://github.com/kyma-project/k8s-prow/compare/1d0ea98c9...14144c079 (2024‑05‑17 → 2024‑05‑17)

Nobody is currently oncall, so falling back to Blunderbuss.

[kyma-bot]

Plan Result

CI link

Plan: 0 to add, 1 to change, 0 to destroy.

• Update
  • module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner

Change Result (Click me)

```hcl # module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner will be updated in-place ~ resource "google_cloud_scheduler_job" "service_account_keys_cleaner" { id = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner" name = "service-account-keys-cleaner" # (8 unchanged attributes hidden) ~ http_target { ~ uri = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24" -> "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24" # (2 unchanged attributes hidden) # (1 unchanged block hidden) } } Plan: 0 to add, 1 to change, 0 to destroy. ```

[kyma-bot]

@kyma-bot: Updated the following 2 configmaps:

• job-config configmap in namespace default at cluster default using the following files:
  • key reconciler.yaml using file prow/jobs/kyma-incubator/reconciler/reconciler.yaml
  • key branchprotector.yaml using file prow/jobs/kyma-project/test-infra/branchprotector.yaml
  • key prow-periodics.yaml using file prow/jobs/kyma-project/test-infra/prow-periodics.yaml
• config configmap in namespace default at cluster default using the following files:
  • key config.yaml using file prow/config.yaml

In response to [this](https://github.com/kyma-project/test-infra/pull/10720): >gcr.io/k8s-prow/ changes: https://github.com/kyma-project/k8s-prow/compare/1d0ea98c9...14144c079 (2024‑05‑17 → 2024‑05‑17) > > >Nobody is currently oncall, so falling back to Blunderbuss. > > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[kyma-bot]

:white_check_mark: Apply Result

CI link

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Details (Click me)

```hcl Acquiring state lock. This may take a few moments... data.kubectl_file_documents.automated_approver_rules: Reading... data.kubectl_file_documents.automated_approver_rules: Read complete after 0s [id=48d07f870c26a37d3a48229fcc9cd29ae14bea83cf200e4e8326e5d755a1e790] data.kubectl_file_documents.automated_approver: Reading... data.kubectl_file_documents.automated_approver: Read complete after 0s [id=cf5d7cc04870feab68b49e7ab395143380a04cdbc3158d66754229752aea2935] github_actions_variable.github_terraform_planner_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_PLANNER_SECRET_NAME] github_actions_variable.gcp_kyma_project_project_id: Refreshing state... [id=test-infra:GCP_KYMA_PROJECT_PROJECT_ID] data.github_organization.kyma-project: Reading... data.github_repository.test_infra: Reading... data.github_repository.gitleaks_repository["test-infra"]: Reading... github_actions_variable.github_terraform_executor_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_EXECUTOR_SECRET_NAME] module.service_account_keys_rotator.data.google_project.project: Reading... data.google_container_cluster.untrusted_workload_k8s_cluster: Reading... google_dns_managed_zone.build_kyma: Refreshing state... [id=projects/sap-kyma-prow/managedZones/build-kyma] module.cors_proxy.data.google_project.project: Reading... module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Reading... data.google_pubsub_topic.secret-manager-notifications-topic: Reading... module.github_webhook_gateway.google_pubsub_topic.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled] module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret] module.security_dashboard_token.data.google_iam_policy.noauth: Reading... module.security_dashboard_token.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] data.google_container_cluster.prow_k8s_cluster: Reading... data.google_pubsub_topic.secret-manager-notifications-topic: Read complete after 0s [id=projects/sap-kyma-prow/topics/secret-manager-notifications] data.google_container_cluster.trusted_workload_k8s_cluster: Reading... data.google_client_config.gcp: Reading... module.cors_proxy.data.google_iam_policy.noauth: Reading... module.cors_proxy.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] module.github_webhook_gateway.data.google_iam_policy.noauth: Reading... module.github_webhook_gateway.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] module.slack_message_sender.google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] module.cors_proxy.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] module.cors_proxy.google_cloud_run_service.cors_proxy: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy] data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/] google_pubsub_topic.secrets_rotator_dead_letter: Refreshing state... [id=projects/sap-kyma-prow/topics/secrets-rotator-dead-letter] module.security_dashboard_token.data.google_project.project: Reading... data.github_repository.gitleaks_repository["test-infra"]: Read complete after 1s [id=test-infra] module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Reading... module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading... module.service_account_keys_rotator.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] google_service_account.terraform_planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token] module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token] module.github_webhook_gateway.data.google_project.project: Reading... data.github_repository.test_infra: Read complete after 1s [id=test-infra] google_service_account.secrets-rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.security_dashboard_token.google_cloud_run_service.security_dashboard_token: Refreshing state... [id=locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token] module.service_account_keys_rotator.google_service_account.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.google_service_account.github_webhook_gateway: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/17360148176148949136] module.security_dashboard_token.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] module.service_account_keys_cleaner.google_service_account.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa_gke_kyma_integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.data.google_project.project: Reading... google_service_account.gitleaks_secret_accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com] module.artifact_registry["modules-internal"].data.google_client_config.this: Reading... google_container_cluster.trusted_workload: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow] module.github_webhook_gateway.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] module.service_account_keys_rotator.google_project_service_identity.pubsub_identity_agent: Refreshing state... [id=projects/sap-kyma-prow/services/pubsub.googleapis.com] module.slack_message_sender.google_project_iam_member.project_run_invoker: Refreshing state... [id=sap-kyma-prow/roles/run.invoker/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] module.artifact_registry["modules-internal"].data.google_client_config.this: Read complete after 0s [id=projects/"kyma-project"/regions/"europe-west4"/zones/] module.slack_message_sender.data.google_iam_policy.run_invoker: Reading... module.slack_message_sender.data.google_iam_policy.run_invoker: Read complete after 0s [id=1526577908] github_actions_variable.gcp_terraform_executor_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL] data.google_container_cluster.prow_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow] google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser] module.service_account_keys_cleaner.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] google_project_iam_member.terraform_executor_workloads_project_owner: Refreshing state... [id=sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_executor_prow_project_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.google_secret_manager_secret_iam_member.slack_msg_sender_common_slack_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/common-slack-bot-token/roles/secretmanager.secretAccessor/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] google_service_account_iam_binding.terraform_planner_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser] google_storage_bucket_iam_binding.planner_state_bucket_write_access: Refreshing state... [id=b/tf-state-kyma-project/roles/storage.objectUser] google_project_iam_member.terraform_planner_workloads_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow-workloads/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] github_actions_variable.gcp_terraform_planner_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_PLANNER_SERVICE_ACCOUNT_EMAIL] google_project_iam_member.terraform_planner_prow_project_read_access["roles/storage.objectViewer"]: Refreshing state... [id=sap-kyma-prow/roles/storage.objectViewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow] google_project_iam_member.terraform_planner_prow_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/container.developer"]: Refreshing state... [id=sap-kyma-prow/roles/container.developer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/iam.securityReviewer"]: Refreshing state... [id=sap-kyma-prow/roles/iam.securityReviewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_adder: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionAdder/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_cloud_run_service.service_account_keys_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator] data.google_container_cluster.trusted_workload_k8s_cluster: Read complete after 2s [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_accessor: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretAccessor/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.google_pubsub_topic_iam_binding.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled/roles/pubsub.publisher] module.github_webhook_gateway.google_secret_manager_secret_iam_member.gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.google_secret_manager_secret_iam_member.webhook_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner] google_project_iam_binding.dns_collector_bucket_get: Refreshing state... [id=sap-kyma-prow/projects/sap-kyma-prow/roles/BucketGet] google_project_iam_binding.dns_collector_container_analysis_occurrences_viewer: Refreshing state... [id=sap-kyma-prow/roles/containeranalysis.occurrences.viewer] google_project_iam_binding.dns_collector_dns_reader: Refreshing state... [id=sap-kyma-prow/roles/dns.reader] module.service_account_keys_rotator.google_project_iam_binding.pubsub_project_token_creator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountTokenCreator] module.artifact_registry["modules-internal"].google_artifact_registry_repository.artifact_registry: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/modules-internal] module.gh_com_kyma_project_workload_identity_federation.google_iam_workload_identity_pool.main: Refreshing state... [id=projects/sap-kyma-prow/locations/global/workloadIdentityPools/github-com-kyma-project] module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_sa_keys_admin: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secrets_versions_manager: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionManager/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secret_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] module.cors_proxy.google_cloud_run_service_iam_policy.noauth: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/cors-proxy] module.security_dashboard_token.google_cloud_run_service_iam_policy.noauth: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west1/services/security-dashboard-token] module.slack_message_sender.google_cloud_run_service.slack_message_sender: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/slack-message-sender] google_project_iam_member.service_account_keys_rotator_workloads_project: Refreshing state... [id=sap-kyma-prow-workloads/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.service_account_keys_cleaner_workloads_project: Refreshing state... [id=sap-kyma-prow-workloads/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_cloud_run_service_iam_member.service_account_keys_rotator_invoker: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west4/services/service-account-keys-rotator/roles/run.invoker/serviceAccount:secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_pubsub_subscription.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/subscriptions/secrets-rotator-service-account-keys-rotator] module.github_webhook_gateway.google_cloud_run_service.github_webhook_gateway: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-webhook-gateway] google_container_node_pool.components_pool: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow/nodePools/components-pool] google_container_node_pool.prowjobs_pool: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow/nodePools/prowjobs-pool] module.gh_com_kyma_project_workload_identity_federation.google_iam_workload_identity_pool_provider.main: Refreshing state... [id=projects/sap-kyma-prow/locations/global/workloadIdentityPools/github-com-kyma-project/providers/github-com-kyma-project] module.gh_com_kyma_project_workload_identity_federation.google_service_account_iam_member.service_account["terraform_planner_pull_prod_plan"]: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principal://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/subject/repository_id:147495537:repository_owner_id:39153523:workflow:Pull Plan Prod Terraform] module.gh_com_kyma_project_workload_identity_federation.google_service_account_iam_member.service_account["terraform_executor_post_prod_apply"]: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principal://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/subject/repository_id:147495537:repository_owner_id:39153523:workflow:Post Apply Prod Terraform] module.prow_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading... module.prow_gatekeeper.data.kubectl_file_documents.gatekeeper: Read complete after 0s [id=dd3443633a39325c8656d232ea51eb8515040007156fb9e6433fddd5276456b6] kubectl_manifest.automated_approver_rules["/api/v1/namespaces/default/configmaps/automated-approver-rules"]: Refreshing state... [id=/api/v1/namespaces/default/configmaps/automated-approver-rules] module.prow_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/prow/**.yaml"]: Reading... module.prow_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/prow/**.yaml"]: Read complete after 0s [id=fe6c196204f8952d3d6e65206e74a3fa6119f7817849a35ede28516d8bd3591b] module.prow_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Reading... module.prow_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Read complete after 0s [id=e50de6cd8b3d11489bad14b87ac5c305505c8ac8753f18797b8b9f540973419a] kubectl_manifest.automated_approver["/apis/apps/v1/namespaces/default/deployments/automated-approver"]: Refreshing state... [id=/apis/apps/v1/namespaces/default/deployments/automated-approver] kubectl_manifest.automated_approver["/api/v1/namespaces/default/services/automated-approver"]: Refreshing state... [id=/api/v1/namespaces/default/services/automated-approver] module.service_account_keys_cleaner.google_cloud_run_service_iam_member.service_account_keys_cleaner_invoker: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west4/services/service-account-keys-cleaner/roles/run.invoker/serviceAccount:secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner] kubernetes_network_policy.prow_cluster_default: Refreshing state... [id # ... # ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt. # ... s/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "111348641835057382688" } secrets_rotator_dead_letter_topic = { "effective_labels" = tomap({ "application" = "secrets-rotator" }) "id" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter" "ingestion_data_source_settings" = tolist([]) "kms_key_name" = "" "labels" = tomap({ "application" = "secrets-rotator" }) "message_retention_duration" = "86600s" "message_storage_policy" = tolist([ { "allowed_persistence_regions" = tolist([ "africa-south1", "asia-east1", "asia-east2", "asia-northeast1", "asia-northeast2", "asia-northeast3", "asia-south1", "asia-south2", "asia-southeast1", "asia-southeast2", "australia-southeast1", "australia-southeast2", "europe-central2", "europe-north1", "europe-southwest1", "europe-west1", "europe-west10", "europe-west12", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "europe-west8", "europe-west9", "me-central1", "me-central2", "me-west1", "northamerica-northeast1", "northamerica-northeast2", "southamerica-east1", "southamerica-west1", "us-central1", "us-central2", "us-east1", "us-east4", "us-east5", "us-east7", "us-south1", "us-west1", "us-west2", "us-west3", "us-west4", "us-west8", ]) }, ]) "name" = "secrets-rotator-dead-letter" "project" = "sap-kyma-prow" "schema_settings" = tolist([]) "terraform_labels" = tomap({ "application" = "secrets-rotator" }) "timeouts" = null /* object */ } service_account_keys_cleaner = { "service_account_keys_cleaner_cloud_run_service" = { "autogenerate_revision_name" = false "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner" "location" = "europe-west4" "metadata" = tolist([ { "annotations" = tomap({}) "effective_annotations" = tomap({ "run.googleapis.com/ingress" = "all" "run.googleapis.com/ingress-status" = "all" "run.googleapis.com/operation-id" = "0d0ee912-0c6d-444f-9957-1fc4883967a9" "serving.knative.dev/creator" = "kacper.malachowski@sap.com" "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" }) "effective_labels" = tomap({ "cloud.googleapis.com/location" = "europe-west4" }) "generation" = 4 "labels" = tomap({}) "namespace" = "sap-kyma-prow" "resource_version" = "AAYX47ydIQU" "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-cleaner" "terraform_labels" = tomap({}) "uid" = "b294b2a5-1c7d-4ab2-a8e3-ad27bbb0b00c" }, ]) "name" = "service-account-keys-cleaner" "project" = "sap-kyma-prow" "status" = tolist([ { "conditions" = tolist([ { "message" = "" "reason" = "" "status" = "True" "type" = "Ready" }, { "message" = "" "reason" = "" "status" = "True" "type" = "ConfigurationsReady" }, { "message" = "" "reason" = "" "status" = "True" "type" = "RoutesReady" }, ]) "latest_created_revision_name" = "service-account-keys-cleaner-00004-zw8" "latest_ready_revision_name" = "service-account-keys-cleaner-00004-zw8" "observed_generation" = 4 "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "service-account-keys-cleaner-00004-zw8" "tag" = "" "url" = "" }, ]) "url" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app" }, ]) "template" = tolist([ { "metadata" = tolist([ { "annotations" = tomap({ "autoscaling.knative.dev/maxScale" = "100" }) "generation" = 0 "labels" = tomap({ "run.googleapis.com/startupProbeType" = "Default" }) "name" = "" "namespace" = "" "resource_version" = "" "self_link" = "" "uid" = "" }, ]) "spec" = tolist([ { "container_concurrency" = 80 "containers" = tolist([ { "args" = tolist([]) "command" = tolist([]) "env" = toset([ { "name" = "APPLICATION_NAME" "value" = "secrets-rotator" "value_from" = tolist([]) }, { "name" = "COMPONENT_NAME" "value" = "service-account-keys-cleaner" "value_from" = tolist([]) }, { "name" = "LISTEN_PORT" "value" = "8080" "value_from" = tolist([]) }, ]) "env_from" = tolist([]) "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240507-c78f8932" "liveness_probe" = tolist([]) "name" = "" "ports" = tolist([ { "container_port" = 8080 "name" = "http1" "protocol" = "" }, ]) "resources" = tolist([ { "limits" = tomap({ "cpu" = "1000m" "memory" = "512Mi" }) "requests" = tomap({}) }, ]) "startup_probe" = tolist([ { "failure_threshold" = 1 "grpc" = tolist([]) "http_get" = tolist([]) "initial_delay_seconds" = 0 "period_seconds" = 240 "tcp_socket" = tolist([ { "port" = 8080 }, ]) "timeout_seconds" = 240 }, ]) "volume_mounts" = tolist([]) "working_dir" = "" }, ]) "service_account_name" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "serving_state" = "" "timeout_seconds" = 300 "volumes" = tolist([]) }, ]) }, ]) "timeouts" = null /* object */ "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "" "tag" = "" "url" = "" }, ]) } "service_account_keys_cleaner_secheduler" = { "app_engine_http_target" = tolist([]) "attempt_deadline" = "320s" "description" = "Call service account keys cleaner service, to remove old versions of secrets" "http_target" = tolist([ { "body" = "" "headers" = tomap({}) "http_method" = "GET" "oauth_token" = tolist([]) "oidc_token" = tolist([ { "audience" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app" "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" }, ]) "uri" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24" }, ]) "id" = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner" "name" = "service-account-keys-cleaner" "paused" = false "project" = "sap-kyma-prow" "pubsub_target" = tolist([]) "region" = "europe-west3" "retry_config" = tolist([]) "schedule" = "0 0 * * 1-5" "state" = "ENABLED" "time_zone" = "Etc/UTC" "timeouts" = null /* object */ } "service_account_keys_cleaner_service_account" = { "account_id" = "sa-keys-cleaner" "create_ignore_already_exists" = tobool(null) "description" = "Identity of the service account keys rotator service." "disabled" = false "display_name" = "" "email" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "101317727774651823048" } } service_account_keys_rotator = { "service_account_keys_rotator_cloud_run_service" = { "autogenerate_revision_name" = false "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator" "location" = "europe-west4" "metadata" = tolist([ { "annotations" = tomap({}) "effective_annotations" = tomap({ "run.googleapis.com/ingress" = "all" "run.googleapis.com/ingress-status" = "all" "run.googleapis.com/operation-id" = "240cebee-534b-4d0d-8f26-3f26ebf02f2e" "serving.knative.dev/creator" = "kacper.malachowski@sap.com" "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" }) "effective_labels" = tomap({ "cloud.googleapis.com/location" = "europe-west4" }) "generation" = 4 "labels" = tomap({}) "namespace" = "sap-kyma-prow" "resource_version" = "AAYX47yjaPM" "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-rotator" "terraform_labels" = tomap({}) "uid" = "c91dbea8-bbbb-4f82-99f5-1f40befe699c" }, ]) "name" = "service-account-keys-rotator" "project" = "sap-kyma-prow" "status" = tolist([ { "conditions" = tolist([ { "message" = "" "reason" = "" "status" = "True" "type" = "Ready" }, { "message" = "" "reason" = "" "status" = "True" "type" = "ConfigurationsReady" }, { "message" = "" "reason" = "" "status" = "True" "type" = "RoutesReady" }, ]) "latest_created_revision_name" = "service-account-keys-rotator-00004-p4t" "latest_ready_revision_name" = "service-account-keys-rotator-00004-p4t" "observed_generation" = 4 "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "service-account-keys-rotator-00004-p4t" "tag" = "" "url" = "" }, ]) "url" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app" }, ]) "template" = tolist([ { "metadata" = tolist([ { "annotations" = tomap({ "autoscaling.knative.dev/maxScale" = "100" }) "generation" = 0 "labels" = tomap({ "run.googleapis.com/startupProbeType" = "Default" }) "name" = "" "namespace" = "" "resource_version" = "" "self_link" = "" "uid" = "" }, ]) "spec" = tolist([ { "container_concurrency" = 80 "containers" = tolist([ { "args" = tolist([]) "command" = tolist([]) "env" = toset([ { "name" = "APPLICATION_NAME" "value" = "secrets-rotator" "value_from" = tolist([]) }, { "name" = "COMPONENT_NAME" "value" = "service-account-keys-rotator" "value_from" = tolist([]) }, { "name" = "LISTEN_PORT" "value" = "8080" "value_from" = tolist([]) }, ]) "env_from" = tolist([]) "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240507-116278d6" "liveness_probe" = tolist([]) "name" = "" "ports" = tolist([ { "container_port" = 8080 "name" = "http1" "protocol" = "" }, ]) "resources" = tolist([ { "limits" = tomap({ "cpu" = "1000m" "memory" = "512Mi" }) "requests" = tomap({}) }, ]) "startup_probe" = tolist([ { "failure_threshold" = 1 "grpc" = tolist([]) "http_get" = tolist([]) "initial_delay_seconds" = 0 "period_seconds" = 240 "tcp_socket" = tolist([ { "port" = 8080 }, ]) "timeout_seconds" = 240 }, ]) "volume_mounts" = tolist([]) "working_dir" = "" }, ]) "service_account_name" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "serving_state" = "" "timeout_seconds" = 300 "volumes" = tolist([]) }, ]) }, ]) "timeouts" = null /* object */ "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "" "tag" = "" "url" = "" }, ]) } "service_account_keys_rotator_service_account" = { "account_id" = "sa-keys-rotator" "create_ignore_already_exists" = tobool(null) "description" = "Identity of the service account keys rotator service." "disabled" = false "display_name" = "" "email" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "116267434130697196528" } "service_account_keys_rotator_service_account_iam" = { "condition" = tolist([]) "etag" = "BwYYl+WXwkg=" "id" = "sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "role" = "roles/iam.serviceAccountKeyAdmin" } "service_account_keys_rotator_subscription" = { "ack_deadline_seconds" = 20 "bigquery_config" = tolist([]) "cloud_storage_config" = tolist([]) "dead_letter_policy" = tolist([ { "dead_letter_topic" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter" "max_delivery_attempts" = 15 }, ]) "effective_labels" = tomap({ "application_name" = "secrets-rotator" }) "enable_exactly_once_delivery" = false "enable_message_ordering" = false "expiration_policy" = tolist([ { "ttl" = "31556952s" }, ]) "filter" = "attributes.eventType = \"SECRET_ROTATE\"" "id" = "projects/sap-kyma-prow/subscriptions/secrets-rotator-service-account-keys-rotator" "labels" = tomap({ "application_name" = "secrets-rotator" }) "message_retention_duration" = "604800s" "name" = "secrets-rotator-service-account-keys-rotator" "project" = "sap-kyma-prow" "push_config" = tolist([ { "attributes" = tomap({}) "no_wrapper" = tolist([]) "oidc_token" = tolist([ { "audience" = "" "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" }, ]) "push_endpoint" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app" }, ]) "retain_acked_messages" = false "retry_policy" = tolist([ { "maximum_backoff" = "600s" "minimum_backoff" = "300s" }, ]) "terraform_labels" = tomap({ "application_name" = "secrets-rotator" }) "timeouts" = null /* object */ "topic" = "projects/sap-kyma-prow/topics/secret-manager-notifications" } } terraform_executor_gcp_prow_project_iam_member = { "condition" = tolist([]) "etag" = "BwYYl+WXwkg=" "id" = "sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "role" = "roles/owner" } terraform_executor_gcp_service_account = { "account_id" = "terraform-executor" "create_ignore_already_exists" = tobool(null) "description" = "Identity of terraform executor. It's mapped to k8s service account through workload identity." "disabled" = false "display_name" = "terraform-executor" "email" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "109665069699011807029" } terraform_executor_gcp_workload_identity = { "condition" = tolist([]) "etag" = "BwYSslcC1II=" "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser" "members" = toset([ "principal://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/subject/repository_id:147495537:repository_owner_id:39153523:workflow:Post Apply Prod Terraform", ]) "role" = "roles/iam.workloadIdentityUser" "service_account_id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" } terraform_executor_gcp_workloads_project_iam_member = { "condition" = tolist([]) "etag" = "BwYTGMyrKI4=" "id" = "sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow-workloads" "role" = "roles/owner" } trusted_workload_gatekeeper = untrusted_workload_gatekeeper = ```

`