search

kyma-project / test-infra

Test infrastructure for the Kyma project.
https://status.build.kyma-project.io/
Apache License 2.0
37 stars 180 forks source link

Update sec-scanners-config.yaml #12365

Closed kyma-bot closed 3 days ago

kyma-bot commented 3 days ago

Plan Result

CI link

Only Outputs will be changed.
Change Result (Click me) ```hcl Changes to Outputs: ~ service_account_keys_cleaner = { ~ service_account_keys_cleaner_cloud_run_service = { id = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner" ~ metadata = [ ~ { ~ effective_annotations = { ~ "run.googleapis.com/operation-id" = "d740489b-b837-4a2c-972f-82101929f874" -> "2edf80c0-6746-4b63-a25b-b753bd970d3a" # (5 unchanged attributes hidden) } ~ generation = 122 -> 123 ~ resource_version = "AAYnNHVa7Aw" -> "AAYnSJOLMfQ" # (7 unchanged attributes hidden) }, ] name = "service-account-keys-cleaner" ~ status = [ ~ { ~ latest_created_revision_name = "service-account-keys-cleaner-00122-qc8" -> "service-account-keys-cleaner-00123-2tl" ~ latest_ready_revision_name = "service-account-keys-cleaner-00122-qc8" -> "service-account-keys-cleaner-00123-2tl" ~ observed_generation = 122 -> 123 ~ traffic = [ ~ { ~ revision_name = "service-account-keys-cleaner-00122-qc8" -> "service-account-keys-cleaner-00123-2tl" # (4 unchanged attributes hidden) }, ] # (2 unchanged attributes hidden) }, ] # (6 unchanged attributes hidden) } # (2 unchanged attributes hidden) } ~ service_account_keys_rotator = { ~ service_account_keys_rotator_cloud_run_service = { id = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator" ~ metadata = [ ~ { ~ effective_annotations = { ~ "run.googleapis.com/operation-id" = "c7e6cd6f-3e74-4ac5-8f30-2e53365b7e2c" -> "492660b8-349a-4959-a59c-1c9f290c6c11" # (5 unchanged attributes hidden) } ~ generation = 121 -> 122 ~ resource_version = "AAYnNHVkgKo" -> "AAYnSJOfUBM" # (7 unchanged attributes hidden) }, ] name = "service-account-keys-rotator" ~ status = [ ~ { ~ latest_created_revision_name = "service-account-keys-rotator-00121-srf" -> "service-account-keys-rotator-00122-rsc" ~ latest_ready_revision_name = "service-account-keys-rotator-00121-srf" -> "service-account-keys-rotator-00122-rsc" ~ observed_generation = 121 -> 122 ~ traffic = [ ~ { ~ revision_name = "service-account-keys-rotator-00121-srf" -> "service-account-keys-rotator-00122-rsc" # (4 unchanged attributes hidden) }, ] # (2 unchanged attributes hidden) }, ] # (6 unchanged attributes hidden) } # (3 unchanged attributes hidden) } You can apply this plan to save these new output values to the OpenTofu state, without changing any real infrastructure. ```
kyma-bot commented 3 days ago

:white_check_mark: Apply Result

CI link

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Details (Click me) ```hcl Acquiring state lock. This may take a few moments... data.kubectl_file_documents.automated_approver: Reading... data.kubectl_file_documents.automated_approver_rules: Reading... data.kubectl_file_documents.automated_approver: Read complete after 0s [id=16d9ded0f6fe163c155fe08741bd5960922071d7b0067ee788046266a2f55a27] data.kubectl_file_documents.automated_approver_rules: Read complete after 0s [id=bf70e95238af237c504895dc5a1fda764e0501d635c5fc67d0a39fd3208dc85d] data.github_organization.kyma-project: Reading... data.github_repository.gitleaks_repository["test-infra"]: Reading... github_actions_variable.github_terraform_planner_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_PLANNER_SECRET_NAME] github_actions_variable.github_terraform_executor_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_EXECUTOR_SECRET_NAME] github_actions_organization_variable.gcp_kyma_project_project_id: Refreshing state... [id=GCP_KYMA_PROJECT_PROJECT_ID] data.github_repository.test_infra: Reading... github_actions_organization_variable.image_builder_ado_pat_gcp_secret_name: Refreshing state... [id=IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME] module.service_account_keys_rotator.google_project_service_identity.pubsub_identity_agent: Refreshing state... [id=projects/sap-kyma-prow/services/pubsub.googleapis.com] google_container_cluster.trusted_workload: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow] google_project_iam_member.kyma_developer_admin_editor: Refreshing state... [id=kyma-project/roles/editor/group:kyma_developer_admin@sap.com] google_artifact_registry_repository.dev_modules_internal: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/dev-modules-internal] google_artifact_registry_repository.docker_cache: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/cache] google_artifact_registry_repository.docker_dev: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/dev] module.artifact_registry["modules-internal"].data.google_client_config.this: Reading... google_project_iam_member.kyma_developer_admin_logging_viewer: Refreshing state... [id=kyma-project/roles/logging.viewer/group:kyma_developer_admin@sap.com] module.artifact_registry["modules-internal"].data.google_client_config.this: Read complete after 0s [id=projects/"kyma-project"/regions/"europe-west4"/zones/] google_project_iam_member.kyma_developer_admin_private_logging_viewer: Refreshing state... [id=kyma-project/roles/logging.privateLogViewer/group:kyma_developer_admin@sap.com] google_service_account.kyma_project_image_builder: Refreshing state... [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com] google_service_account.kyma_project_kyma_submission_pipeline: Refreshing state... [id=projects/kyma-project/serviceAccounts/kyma-submission-pipeline@kyma-project.iam.gserviceaccount.com] google_artifact_registry_repository.prod_docker_repository: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod] google_service_account.kyma-compliance-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-compliance-pipeline@sap-kyma-prow.iam.gserviceaccount.com] google_dns_managed_zone.build_kyma: Refreshing state... [id=projects/sap-kyma-prow/managedZones/build-kyma] google_service_account.sa-gcr-kyma-project-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcr-kyma-project-trusted@sap-kyma-prow.iam.gserviceaccount.com] data.google_container_cluster.trusted_workload_k8s_cluster: Reading... google_artifact_registry_repository.dockerhub_mirror: Refreshing state... [id=projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror] google_service_account.kyma-oci-image-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-oci-image-builder@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.neighbors-conduit-cli-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/neighbors-conduit-cli-builder@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.counduit-cli-bucket: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/counduit-cli-bucket@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.google_pubsub_topic.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled] module.signify_secret_rotator.data.google_project.project: Reading... google_service_account.sa-gcs-plank: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcs-plank@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_service_account.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.security_dashboard_token.data.google_project.project: Reading... google_service_account.firebase-adminsdk-udzxq: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/firebase-adminsdk-udzxq@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Reading... data.github_repository.gitleaks_repository["test-infra"]: Read complete after 2s [id=test-infra] google_service_account.kyma-submission-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-submission-pipeline@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-security-dashboard-oauth: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-security-dashboard-oauth@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-dev-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-dev-kyma-project@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token] google_service_account.secret-manager-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-trusted@sap-kyma-prow.iam.gserviceaccount.com] data.github_repository.test_infra: Read complete after 2s [id=test-infra] google_service_account.sa-prow-pubsub: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-pubsub@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-prow-deploy: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-deploy@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] google_service_account.terraform-executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.gencred-refresher: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gencred-refresher@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.control-plane: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/control-plane@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.data.google_project.project: Reading... module.github_webhook_gateway.google_service_account.github_webhook_gateway: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.terraform-planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/17360148176148949136] data.google_container_cluster.prow_k8s_cluster: Reading... module.cors_proxy.data.google_iam_policy.noauth: Reading... module.cors_proxy.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] data.google_pubsub_topic.secret-manager-notifications-topic: Reading... module.cors_proxy.google_cloud_run_service.cors_proxy: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy] module.security_dashboard_token.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] google_service_account.secret-manager-prow: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-prow@sap-kyma-prow.iam.gserviceaccount.com] data.google_pubsub_topic.secret-manager-notifications-topic: Read complete after 0s [id=projects/sap-kyma-prow/topics/secret-manager-notifications] module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Reading... module.service_account_keys_cleaner.google_service_account.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.data.google_project.project: Reading... google_service_account.secret-manager-untrusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-untrusted@sap-kyma-prow.iam.gserviceaccount.com] google_pubsub_topic.secrets_rotator_dead_letter: Refreshing state... [id=projects/sap-kyma-prow/topics/secrets-rotator-dead-letter] module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Read complete after 1s [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret] module.github_webhook_gateway.data.google_iam_policy.noauth: Reading... module.github_webhook_gateway.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] google_service_account.sa-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-project@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-secret-update: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-secret-update@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.gitleaks-secret-accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.data.google_project.project: Reading... module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading... module.github_webhook_gateway.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] google_service_account.sa-gke-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com] module.cors_proxy.data.google_project.project: Reading... google_service_account.image_syncer_writer: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/image-syncer-writer@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token] google_service_account.terraform_planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] data.google_client_config.gcp: Reading... google_service_account.sa-prowjob-gcp-logging-client: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prowjob-gcp-logging-client@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-kyma-artifacts: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-artifacts@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] google_service_account.sa-vm-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-vm-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.google_service_account.signify_secret_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/signify-rotator@sap-kyma-prow.iam.gserviceaccount.com] data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/] module.slack_message_sender.google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.image_syncer_reader: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/image-syncer-reader@sap-kyma-prow.iam.gserviceaccount.com] data.google_container_cluster.untrusted_workload_k8s_cluster: Reading... module.security_dashboard_token.data.google_iam_policy.noauth: Reading... module.security_dashboard_token.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] module.security_dashboard_token.google_cloud_run_service.security_dashboard_token: Refreshing state... [id=locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token] google_service_account.secrets-rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.gitleaks_secret_accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] google_service_account.kyma-security-scanners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-security-scanners@sap-kyma-prow.iam.gserviceaccount.com] module.artifact_registry["modules-internal"].google_artifact_registry_repository.artifact_registry: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/modules-internal] google_artifact_registry_repository_iam_member.dev_modules_internal_repo_admin: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/dev-modules-internal/roles/artifactregistry.repoAdmin/serviceAccount:kyma-submission-pipeline@kyma-project.iam.gserviceaccount.com] module.service_account_keys_rotator.google_cloud_run_service.service_account_keys_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator] module.cors_proxy.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] github_actions_variable.kyma_autobump_bot_github_token_secret_name: Refreshing state... [id=test-infra:KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME] module.github_webhook_gateway.google_pubsub_topic_iam_binding.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled/roles/pubsub.publisher] google_project_iam_member.terraform_executor_prow_project_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] data.google_container_cluster.prow_k8s_cluster: Read complete after 2s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow] google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser] github_actions_variable.gcp_terraform_executor_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL] google_artifact_registry_repository_iam_member.dockerhub_mirror_access: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/dockerhub-mirror/roles/artifactregistry.reader/serviceAccount:azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner] module.github_webhook_gateway.google_secret_manager_secret_iam_member.webhook_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.google_secret_manager_secret_iam_member.gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod/roles/artifactregistry.createOnPushWriter/serviceAccount:image-syncer-writer@sap-kyma-prow.iam.gserviceaccount.com] github_actions_organization_variable.image_syncer_writer_service_account_email: Refreshing state... [id=IMAGE_SYNCER_WRITER_SERVICE_ACCOUNT_EMAIL] google_storage_bucket_iam_binding.planner_state_bucket_write_access: Refreshing state... [id=b/tf-state-kyma-project/roles/storage.objectUser] google_service_account_iam_binding.terraform_planner_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser] github_actions_variable.gcp_terraform_planner_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_PLANNER_SERVICE_ACCOUNT_EMAIL] google_project_iam_member.terraform_planner_prow_project_read_access["roles/container.developer"]: Refreshing state... [id=sap-kyma-prow/roles/container.developer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] data.github_organization.kyma-project: Read complete after 5s [id=39153523] google_project_iam_member.terraform_planner_prow_project_read_access["roles/iam.securityReviewer"]: Refreshing state... [id=sap-kyma-prow/roles/iam.securityReviewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/storage.objectViewer"]: Refreshing state... [id=sap-kyma-prow/roles/storage.objectViewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_accessor: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretAccessor/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_binding.pubsub_project_token_creator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountTokenCreator] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_adder: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionAdder/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com] data.google_ # ... # ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt. # ... ceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "111348641835057382688" } secrets_rotator_dead_letter_topic = { "effective_labels" = tomap({ "application" = "secrets-rotator" }) "id" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter" "ingestion_data_source_settings" = tolist([]) "kms_key_name" = "" "labels" = tomap({ "application" = "secrets-rotator" }) "message_retention_duration" = "86600s" "message_storage_policy" = tolist([ { "allowed_persistence_regions" = tolist([ "africa-south1", "asia-east1", "asia-east2", "asia-northeast1", "asia-northeast2", "asia-northeast3", "asia-south1", "asia-south2", "asia-southeast1", "asia-southeast2", "australia-southeast1", "australia-southeast2", "europe-central2", "europe-north1", "europe-southwest1", "europe-west1", "europe-west10", "europe-west12", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "europe-west8", "europe-west9", "me-central1", "me-central2", "me-west1", "northamerica-northeast1", "northamerica-northeast2", "southamerica-east1", "southamerica-west1", "us-central1", "us-central2", "us-east1", "us-east4", "us-east5", "us-east7", "us-south1", "us-west1", "us-west2", "us-west3", "us-west4", "us-west8", ]) }, ]) "name" = "secrets-rotator-dead-letter" "project" = "sap-kyma-prow" "schema_settings" = tolist([]) "terraform_labels" = tomap({ "application" = "secrets-rotator" }) "timeouts" = null /* object */ } service_account_keys_cleaner = { "service_account_keys_cleaner_cloud_run_service" = { "autogenerate_revision_name" = false "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner" "location" = "europe-west4" "metadata" = tolist([ { "annotations" = tomap({}) "effective_annotations" = tomap({ "run.googleapis.com/ingress" = "all" "run.googleapis.com/ingress-status" = "all" "run.googleapis.com/operation-id" = "2edf80c0-6746-4b63-a25b-b753bd970d3a" "run.googleapis.com/urls" = "[\"https://service-account-keys-cleaner-351981214969.europe-west4.run.app\",\"https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app\"]" "serving.knative.dev/creator" = "kacper.malachowski@sap.com" "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" }) "effective_labels" = tomap({ "cloud.googleapis.com/location" = "europe-west4" }) "generation" = 123 "labels" = tomap({}) "namespace" = "sap-kyma-prow" "resource_version" = "AAYnSJOLMfQ" "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-cleaner" "terraform_labels" = tomap({}) "uid" = "b294b2a5-1c7d-4ab2-a8e3-ad27bbb0b00c" }, ]) "name" = "service-account-keys-cleaner" "project" = "sap-kyma-prow" "status" = tolist([ { "conditions" = tolist([ { "message" = "" "reason" = "" "status" = "True" "type" = "Ready" }, { "message" = "" "reason" = "" "status" = "True" "type" = "ConfigurationsReady" }, { "message" = "" "reason" = "" "status" = "True" "type" = "RoutesReady" }, ]) "latest_created_revision_name" = "service-account-keys-cleaner-00123-2tl" "latest_ready_revision_name" = "service-account-keys-cleaner-00123-2tl" "observed_generation" = 123 "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "service-account-keys-cleaner-00123-2tl" "tag" = "" "url" = "" }, ]) "url" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app" }, ]) "template" = tolist([ { "metadata" = tolist([ { "annotations" = tomap({ "autoscaling.knative.dev/maxScale" = "100" }) "generation" = 0 "labels" = tomap({ "run.googleapis.com/startupProbeType" = "Default" }) "name" = "" "namespace" = "" "resource_version" = "" "self_link" = "" "uid" = "" }, ]) "spec" = tolist([ { "container_concurrency" = 80 "containers" = tolist([ { "args" = tolist([]) "command" = tolist([]) "env" = toset([ { "name" = "APPLICATION_NAME" "value" = "secrets-rotator" "value_from" = tolist([]) }, { "name" = "COMPONENT_NAME" "value" = "service-account-keys-cleaner" "value_from" = tolist([]) }, { "name" = "LISTEN_PORT" "value" = "8080" "value_from" = tolist([]) }, ]) "env_from" = tolist([]) "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241119-161a463e" "liveness_probe" = tolist([]) "name" = "" "ports" = tolist([ { "container_port" = 8080 "name" = "http1" "protocol" = "" }, ]) "resources" = tolist([ { "limits" = tomap({ "cpu" = "1000m" "memory" = "512Mi" }) "requests" = tomap({}) }, ]) "startup_probe" = tolist([ { "failure_threshold" = 1 "grpc" = tolist([]) "http_get" = tolist([]) "initial_delay_seconds" = 0 "period_seconds" = 240 "tcp_socket" = tolist([ { "port" = 8080 }, ]) "timeout_seconds" = 240 }, ]) "volume_mounts" = tolist([]) "working_dir" = "" }, ]) "service_account_name" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "serving_state" = "" "timeout_seconds" = 300 "volumes" = tolist([]) }, ]) }, ]) "timeouts" = null /* object */ "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "" "tag" = "" "url" = "" }, ]) } "service_account_keys_cleaner_secheduler" = { "app_engine_http_target" = tolist([]) "attempt_deadline" = "320s" "description" = "Call service account keys cleaner service, to remove old versions of secrets" "http_target" = tolist([ { "body" = "" "headers" = tomap({}) "http_method" = "GET" "oauth_token" = tolist([]) "oidc_token" = tolist([ { "audience" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app" "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" }, ]) "uri" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24" }, ]) "id" = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner" "name" = "service-account-keys-cleaner" "paused" = false "project" = "sap-kyma-prow" "pubsub_target" = tolist([]) "region" = "europe-west3" "retry_config" = tolist([]) "schedule" = "0 0 * * 1-5" "state" = "ENABLED" "time_zone" = "Etc/UTC" "timeouts" = null /* object */ } "service_account_keys_cleaner_service_account" = { "account_id" = "sa-keys-cleaner" "create_ignore_already_exists" = tobool(null) "description" = "Identity of the service account keys rotator service." "disabled" = false "display_name" = "" "email" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "101317727774651823048" } } service_account_keys_rotator = { "service_account_keys_rotator_cloud_run_service" = { "autogenerate_revision_name" = false "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator" "location" = "europe-west4" "metadata" = tolist([ { "annotations" = tomap({}) "effective_annotations" = tomap({ "run.googleapis.com/ingress" = "all" "run.googleapis.com/ingress-status" = "all" "run.googleapis.com/operation-id" = "492660b8-349a-4959-a59c-1c9f290c6c11" "run.googleapis.com/urls" = "[\"https://service-account-keys-rotator-351981214969.europe-west4.run.app\",\"https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app\"]" "serving.knative.dev/creator" = "kacper.malachowski@sap.com" "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" }) "effective_labels" = tomap({ "cloud.googleapis.com/location" = "europe-west4" }) "generation" = 122 "labels" = tomap({}) "namespace" = "sap-kyma-prow" "resource_version" = "AAYnSJOfUBM" "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-rotator" "terraform_labels" = tomap({}) "uid" = "c91dbea8-bbbb-4f82-99f5-1f40befe699c" }, ]) "name" = "service-account-keys-rotator" "project" = "sap-kyma-prow" "status" = tolist([ { "conditions" = tolist([ { "message" = "" "reason" = "" "status" = "True" "type" = "Ready" }, { "message" = "" "reason" = "" "status" = "True" "type" = "ConfigurationsReady" }, { "message" = "" "reason" = "" "status" = "True" "type" = "RoutesReady" }, ]) "latest_created_revision_name" = "service-account-keys-rotator-00122-rsc" "latest_ready_revision_name" = "service-account-keys-rotator-00122-rsc" "observed_generation" = 122 "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "service-account-keys-rotator-00122-rsc" "tag" = "" "url" = "" }, ]) "url" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app" }, ]) "template" = tolist([ { "metadata" = tolist([ { "annotations" = tomap({ "autoscaling.knative.dev/maxScale" = "100" }) "generation" = 0 "labels" = tomap({ "run.googleapis.com/startupProbeType" = "Default" }) "name" = "" "namespace" = "" "resource_version" = "" "self_link" = "" "uid" = "" }, ]) "spec" = tolist([ { "container_concurrency" = 80 "containers" = tolist([ { "args" = tolist([]) "command" = tolist([]) "env" = toset([ { "name" = "APPLICATION_NAME" "value" = "secrets-rotator" "value_from" = tolist([]) }, { "name" = "COMPONENT_NAME" "value" = "service-account-keys-rotator" "value_from" = tolist([]) }, { "name" = "LISTEN_PORT" "value" = "8080" "value_from" = tolist([]) }, ]) "env_from" = tolist([]) "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241119-161a463e" "liveness_probe" = tolist([]) "name" = "" "ports" = tolist([ { "container_port" = 8080 "name" = "http1" "protocol" = "" }, ]) "resources" = tolist([ { "limits" = tomap({ "cpu" = "1000m" "memory" = "512Mi" }) "requests" = tomap({}) }, ]) "startup_probe" = tolist([ { "failure_threshold" = 1 "grpc" = tolist([]) "http_get" = tolist([]) "initial_delay_seconds" = 0 "period_seconds" = 240 "tcp_socket" = tolist([ { "port" = 8080 }, ]) "timeout_seconds" = 240 }, ]) "volume_mounts" = tolist([]) "working_dir" = "" }, ]) "service_account_name" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "serving_state" = "" "timeout_seconds" = 300 "volumes" = tolist([]) }, ]) }, ]) "timeouts" = null /* object */ "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "" "tag" = "" "url" = "" }, ]) } "service_account_keys_rotator_service_account" = { "account_id" = "sa-keys-rotator" "create_ignore_already_exists" = tobool(null) "description" = "Identity of the service account keys rotator service." "disabled" = false "display_name" = "" "email" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "116267434130697196528" } "service_account_keys_rotator_service_account_iam" = { "condition" = tolist([]) "etag" = "BwYlrohfiKQ=" "id" = "sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "role" = "roles/iam.serviceAccountKeyAdmin" } "service_account_keys_rotator_subscription" = { "ack_deadline_seconds" = 20 "bigquery_config" = tolist([]) "cloud_storage_config" = tolist([]) "dead_letter_policy" = tolist([ { "dead_letter_topic" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter" "max_delivery_attempts" = 15 }, ]) "effective_labels" = tomap({ "application_name" = "secrets-rotator" }) "enable_exactly_once_delivery" = false "enable_message_ordering" = false "expiration_policy" = tolist([ { "ttl" = "31556952s" }, ]) "filter" = "attributes.eventType = \"SECRET_ROTATE\"" "id" = "projects/sap-kyma-prow/subscriptions/secrets-rotator-service-account-keys-rotator" "labels" = tomap({ "application_name" = "secrets-rotator" }) "message_retention_duration" = "604800s" "name" = "secrets-rotator-service-account-keys-rotator" "project" = "sap-kyma-prow" "push_config" = tolist([ { "attributes" = tomap({}) "no_wrapper" = tolist([]) "oidc_token" = tolist([ { "audience" = "" "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" }, ]) "push_endpoint" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app" }, ]) "retain_acked_messages" = false "retry_policy" = tolist([ { "maximum_backoff" = "600s" "minimum_backoff" = "300s" }, ]) "terraform_labels" = tomap({ "application_name" = "secrets-rotator" }) "timeouts" = null /* object */ "topic" = "projects/sap-kyma-prow/topics/secret-manager-notifications" } } terraform_executor_gcp_prow_project_iam_member = { "condition" = tolist([]) "etag" = "BwYlrohfiKQ=" "id" = "sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "role" = "roles/owner" } terraform_executor_gcp_service_account = { "account_id" = "terraform-executor" "create_ignore_already_exists" = tobool(null) "description" = "Identity of terraform executor. It's mapped to k8s service account through workload identity." "disabled" = false "display_name" = "terraform-executor" "email" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "109665069699011807029" } terraform_executor_gcp_workload_identity = { "condition" = tolist([]) "etag" = "BwYhcY+T+/A=" "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser" "members" = toset([ "principal://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/subject/repository_id:147495537:repository_owner_id:39153523:workflow:Post Apply Prod Terraform", ]) "role" = "roles/iam.workloadIdentityUser" "service_account_id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" } trusted_workload_gatekeeper = untrusted_workload_gatekeeper = ```

`