search

kyma-project / test-infra

Test infrastructure for the Kyma project.
https://status.build.kyma-project.io/
Apache License 2.0
37 stars 180 forks source link

Update testimages as needed #12379

Closed kyma-bot closed 1 day ago

kyma-bot commented 1 day ago

No eu.gcr.io/kyma-project/test-infra/ changes.

europe-docker.pkg.dev/kyma-project/prod/ changes: https://github.com/kyma-project/test-infra/compare/69f3d6bc...ab2a8cf8 (2024‑11‑21 → 2024‑11‑21)

kyma-bot commented 1 day ago

Plan Result

CI link

Plan: 0 to add, 10 to change, 0 to destroy.
Change Result (Click me) ```hcl # kubectl_manifest.automated_approver["/apis/apps/v1/namespaces/default/deployments/automated-approver"] will be updated in-place ~ resource "kubectl_manifest" "automated_approver" { id = "/apis/apps/v1/namespaces/default/deployments/automated-approver" name = "automated-approver" ~ yaml_body = (sensitive value) ~ yaml_body_parsed = <<-EOT apiVersion: apps/v1 kind: Deployment metadata: labels: app: automated-approver name: automated-approver namespace: default spec: selector: matchLabels: app: automated-approver template: metadata: labels: app: automated-approver spec: containers: - args: - --dry-run=false - --port=8080 - --hmac-secret-file=/etc/webhook/hmac - --log-level=info - --github-endpoint=http://ghproxy - --github-endpoint=https://api.github.com - --github-token-path=/etc/github/oauth - --rules-path=/etc/config/rules.yaml - --wait-for-statuses-timeout=1800 - image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20241121-69f3d6bc + image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20241121-ab2a8cf8 imagePullPolicy: Always name: automated-approver ports: - containerPort: 8080 name: http volumeMounts: - mountPath: /etc/webhook name: hmac readOnly: true - mountPath: /etc/github name: oauth readOnly: true - mountPath: /etc/config name: rules readOnly: true volumes: - name: hmac secret: secretName: hmac-token - name: oauth secret: secretName: neighbors-dev-bot-github-token - configMap: items: - key: rules path: rules.yaml name: automated-approver-rules name: rules EOT # (14 unchanged attributes hidden) } # module.cors_proxy.google_cloud_run_service.cors_proxy will be updated in-place ~ resource "google_cloud_run_service" "cors_proxy" { id = "locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy" name = "cors-proxy" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (6 unchanged blocks hidden) } } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.github_webhook_gateway.google_cloud_run_service.github_webhook_gateway will be updated in-place ~ resource "google_cloud_run_service" "github_webhook_gateway" { id = "locations/europe-west3/namespaces/sap-kyma-prow/services/github-webhook-gateway" name = "github-webhook-gateway" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (12 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.secrets_leaks_log_scanner.google_cloud_run_service.gcs_bucket_mover will be updated in-place ~ resource "google_cloud_run_service" "gcs_bucket_mover" { id = "locations/europe-west3/namespaces/sap-kyma-prow/services/gcs-bucket-mover" name = "gcs-bucket-mover" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (9 unchanged blocks hidden) } } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.secrets_leaks_log_scanner.google_cloud_run_service.github_issue_creator will be updated in-place ~ resource "google_cloud_run_service" "github_issue_creator" { id = "locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-creator" name = "github-issue-creator" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.secrets_leaks_log_scanner.google_cloud_run_service.github_issue_finder will be updated in-place ~ resource "google_cloud_run_service" "github_issue_finder" { id = "locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-finder" name = "github-issue-finder" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.secrets_leaks_log_scanner.google_cloud_run_service.secrets_leak_log_scanner will be updated in-place ~ resource "google_cloud_run_service" "secrets_leak_log_scanner" { id = "locations/europe-west3/namespaces/sap-kyma-prow/services/secrets-leak-log-scanner" name = "secrets-leak-log-scanner" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (7 unchanged blocks hidden) } } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.security_dashboard_token.google_cloud_run_service.security_dashboard_token will be updated in-place ~ resource "google_cloud_run_service" "security_dashboard_token" { id = "locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token" name = "security-dashboard-token" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241121-ab2a8cf8" name = "dashboard-token-proxy-1" # (2 unchanged attributes hidden) # (6 unchanged blocks hidden) } } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner will be updated in-place ~ resource "google_cloud_run_service" "service_account_keys_cleaner" { id = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner" name = "service-account-keys-cleaner" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (6 unchanged blocks hidden) } } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # module.service_account_keys_rotator.google_cloud_run_service.service_account_keys_rotator will be updated in-place ~ resource "google_cloud_run_service" "service_account_keys_rotator" { id = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator" name = "service-account-keys-rotator" # (4 unchanged attributes hidden) ~ template { ~ spec { # (3 unchanged attributes hidden) ~ containers { ~ image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241121-ab2a8cf8" # (2 unchanged attributes hidden) # (6 unchanged blocks hidden) } } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } Plan: 0 to add, 10 to change, 0 to destroy. Changes to Outputs: ~ artifact_registry = { ~ modules-internal = { ~ artifact_registry_collection = { id = "projects/kyma-project/locations/europe/repositories/modules-internal" name = "modules-internal" ~ update_time = "2024-11-20T12:58:54.758763Z" -> "2024-11-21T10:48:25.992743Z" # (18 unchanged attributes hidden) } } } ~ service_account_keys_cleaner = { ~ service_account_keys_cleaner_cloud_run_service = { id = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner" name = "service-account-keys-cleaner" ~ template = [ ~ { ~ spec = [ ~ { ~ containers = [ ~ { ~ image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241121-ab2a8cf8" name = "" # (10 unchanged attributes hidden) }, ] # (5 unchanged attributes hidden) }, ] # (1 unchanged attribute hidden) }, ] # (7 unchanged attributes hidden) } # (2 unchanged attributes hidden) } ~ service_account_keys_rotator = { ~ service_account_keys_rotator_cloud_run_service = { id = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator" name = "service-account-keys-rotator" ~ template = [ ~ { ~ spec = [ ~ { ~ containers = [ ~ { ~ image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241121-69f3d6bc" -> "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241121-ab2a8cf8" name = "" # (10 unchanged attributes hidden) }, ] # (5 unchanged attributes hidden) }, ] # (1 unchanged attribute hidden) }, ] # (7 unchanged attributes hidden) } # (3 unchanged attributes hidden) } ```
:information_source: Objects have changed outside of Terraform _This feature was introduced from [Terraform v0.15.4](https://github.com/hashicorp/terraform/releases/tag/v0.15.4)._ ```hcl OpenTofu detected the following changes made outside of OpenTofu since the last "tofu apply" which may have affected this plan: # module.artifact_registry["modules-internal"].google_artifact_registry_repository.artifact_registry has changed ~ resource "google_artifact_registry_repository" "artifact_registry" { id = "projects/kyma-project/locations/europe/repositories/modules-internal" name = "modules-internal" ~ update_time = "2024-11-20T12:58:54.758763Z" -> "2024-11-21T10:48:25.992743Z" # (11 unchanged attributes hidden) # (1 unchanged block hidden) } Unless you have made equivalent changes to your configuration, or ignored the ```
kyma-bot commented 1 day ago

@kyma-bot: Updated the job-config configmap in namespace default at cluster default using the following files:

In response to [this](https://github.com/kyma-project/test-infra/pull/12379): >No eu.gcr.io/kyma-project/test-infra/ changes. > >europe-docker.pkg.dev/kyma-project/prod/ changes: https://github.com/kyma-project/test-infra/compare/69f3d6bc...ab2a8cf8 (2024‑11‑21 → 2024‑11‑21) > > > > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
kyma-bot commented 1 day ago

:white_check_mark: Apply Result

CI link

Apply complete! Resources: 0 added, 10 changed, 0 destroyed.
Details (Click me) ```hcl Acquiring state lock. This may take a few moments... data.kubectl_file_documents.automated_approver_rules: Reading... data.kubectl_file_documents.automated_approver: Reading... data.kubectl_file_documents.automated_approver: Read complete after 0s [id=1fa97b6e9c4854a299f8376b60d9fff74dee45c6757be04a9b133776a50b1753] data.kubectl_file_documents.automated_approver_rules: Read complete after 0s [id=bf70e95238af237c504895dc5a1fda764e0501d635c5fc67d0a39fd3208dc85d] data.github_organization.kyma-project: Reading... github_actions_variable.github_terraform_executor_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_EXECUTOR_SECRET_NAME] data.github_repository.test_infra: Reading... github_actions_organization_variable.gcp_kyma_project_project_id: Refreshing state... [id=GCP_KYMA_PROJECT_PROJECT_ID] github_actions_variable.github_terraform_planner_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_PLANNER_SECRET_NAME] data.github_repository.gitleaks_repository["test-infra"]: Reading... github_actions_organization_variable.image_builder_ado_pat_gcp_secret_name: Refreshing state... [id=IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME] google_service_account.gencred-refresher: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gencred-refresher@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-prowjob-gcp-logging-client: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prowjob-gcp-logging-client@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-prow-pubsub: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-pubsub@sap-kyma-prow.iam.gserviceaccount.com] google_dns_managed_zone.build_kyma: Refreshing state... [id=projects/sap-kyma-prow/managedZones/build-kyma] module.security_dashboard_token.data.google_iam_policy.noauth: Reading... module.security_dashboard_token.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] google_service_account.image_syncer_writer: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/image-syncer-writer@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-project@sap-kyma-prow.iam.gserviceaccount.com] data.google_client_config.gcp: Reading... data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/] module.slack_message_sender.google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/17360148176148949136] google_service_account.kyma-security-scanners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-security-scanners@sap-kyma-prow.iam.gserviceaccount.com] google_artifact_registry_repository.dockerhub_mirror: Refreshing state... [id=projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror] data.github_repository.test_infra: Read complete after 1s [id=test-infra] google_service_account.sa-dev-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-dev-kyma-project@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.kyma-submission-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-submission-pipeline@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.data.google_project.project: Reading... google_service_account.sa-secret-update: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-secret-update@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.secret-manager-prow: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-prow@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.secret-manager-untrusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-untrusted@sap-kyma-prow.iam.gserviceaccount.com] google_pubsub_topic.secrets_rotator_dead_letter: Refreshing state... [id=projects/sap-kyma-prow/topics/secrets-rotator-dead-letter] google_service_account.sa-gcs-plank: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcs-plank@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-gcr-kyma-project-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcr-kyma-project-trusted@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-prow-deploy: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-deploy@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.image_syncer_reader: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/image-syncer-reader@sap-kyma-prow.iam.gserviceaccount.com] module.cors_proxy.data.google_project.project: Reading... module.github_webhook_gateway.google_pubsub_topic.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled] module.github_webhook_gateway.data.google_iam_policy.noauth: Reading... module.github_webhook_gateway.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] google_service_account.terraform_planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading... module.github_webhook_gateway.google_service_account.github_webhook_gateway: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Reading... module.service_account_keys_rotator.data.google_project.project: Reading... google_service_account.gitleaks_secret_accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.data.google_project.project: Reading... module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token] google_service_account.kyma-compliance-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-compliance-pipeline@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token] data.google_container_cluster.untrusted_workload_k8s_cluster: Reading... google_service_account.secrets-rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.google_service_account.signify_secret_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/signify-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_service_account.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.terraform-executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.gitleaks-secret-accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] data.google_container_cluster.prow_k8s_cluster: Reading... google_service_account.neighbors-conduit-cli-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/neighbors-conduit-cli-builder@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.kyma-oci-image-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-oci-image-builder@sap-kyma-prow.iam.gserviceaccount.com] data.github_repository.gitleaks_repository["test-infra"]: Read complete after 2s [id=test-infra] google_service_account.sa-gke-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.data.google_project.project: Reading... google_service_account.firebase-adminsdk-udzxq: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/firebase-adminsdk-udzxq@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.terraform-planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.counduit-cli-bucket: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/counduit-cli-bucket@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.sa-kyma-artifacts: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-artifacts@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_service_account.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com] module.cors_proxy.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow] google_service_account.sa-vm-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-vm-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com] google_service_account.secret-manager-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-trusted@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Reading... google_service_account.control-plane: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/control-plane@sap-kyma-prow.iam.gserviceaccount.com] data.google_pubsub_topic.secret-manager-notifications-topic: Reading... google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] data.google_pubsub_topic.secret-manager-notifications-topic: Read complete after 0s [id=projects/sap-kyma-prow/topics/secret-manager-notifications] data.google_container_cluster.trusted_workload_k8s_cluster: Reading... google_service_account.sa-security-dashboard-oauth: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-security-dashboard-oauth@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret] module.security_dashboard_token.data.google_project.project: Reading... module.cors_proxy.data.google_iam_policy.noauth: Reading... module.cors_proxy.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414] module.security_dashboard_token.google_cloud_run_service.security_dashboard_token: Refreshing state... [id=locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token] module.cors_proxy.google_cloud_run_service.cors_proxy: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy] module.service_account_keys_rotator.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] google_container_cluster.trusted_workload: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow] module.github_webhook_gateway.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] module.service_account_keys_rotator.google_project_service_identity.pubsub_identity_agent: Refreshing state... [id=projects/sap-kyma-prow/services/pubsub.googleapis.com] google_project_iam_member.kyma_developer_admin_logging_viewer: Refreshing state... [id=kyma-project/roles/logging.viewer/group:kyma_developer_admin@sap.com] module.security_dashboard_token.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] google_artifact_registry_repository.prod_docker_repository: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod] module.service_account_keys_cleaner.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow] google_artifact_registry_repository.dev_modules_internal: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/dev-modules-internal] data.google_container_cluster.prow_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow] google_project_iam_member.kyma_developer_admin_editor: Refreshing state... [id=kyma-project/roles/editor/group:kyma_developer_admin@sap.com] google_project_iam_member.kyma_developer_admin_private_logging_viewer: Refreshing state... [id=kyma-project/roles/logging.privateLogViewer/group:kyma_developer_admin@sap.com] google_artifact_registry_repository.docker_dev: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/dev] google_service_account.kyma_project_kyma_submission_pipeline: Refreshing state... [id=projects/kyma-project/serviceAccounts/kyma-submission-pipeline@kyma-project.iam.gserviceaccount.com] google_artifact_registry_repository.docker_cache: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/cache] module.artifact_registry["modules-internal"].data.google_client_config.this: Reading... google_service_account.kyma_project_image_builder: Refreshing state... [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com] github_actions_variable.kyma_autobump_bot_github_token_secret_name: Refreshing state... [id=test-infra:KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME] github_actions_organization_variable.image_syncer_writer_service_account_email: Refreshing state... [id=IMAGE_SYNCER_WRITER_SERVICE_ACCOUNT_EMAIL] module.artifact_registry["modules-internal"].data.google_client_config.this: Read complete after 0s [id=projects/"kyma-project"/regions/"europe-west4"/zones/] github_actions_organization_variable.image_syncer_reader_service_account_email: Refreshing state... [id=IMAGE_SYNCER_READER_SERVICE_ACCOUNT_EMAIL] google_storage_bucket_iam_binding.planner_state_bucket_write_access: Refreshing state... [id=b/tf-state-kyma-project/roles/storage.objectUser] google_service_account_iam_binding.terraform_planner_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser] data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 2s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow] google_project_iam_member.terraform_planner_prow_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/container.developer"]: Refreshing state... [id=sap-kyma-prow/roles/container.developer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/iam.securityReviewer"]: Refreshing state... [id=sap-kyma-prow/roles/iam.securityReviewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] google_project_iam_member.terraform_planner_prow_project_read_access["roles/storage.objectViewer"]: Refreshing state... [id=sap-kyma-prow/roles/storage.objectViewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com] github_actions_variable.gcp_terraform_planner_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_PLANNER_SERVICE_ACCOUNT_EMAIL] module.slack_message_sender.data.google_iam_policy.run_invoker: Reading... module.slack_message_sender.data.google_iam_policy.run_invoker: Read complete after 0s [id=1526577908] module.slack_message_sender.google_project_iam_member.project_run_invoker: Refreshing state... [id=sap-kyma-prow/roles/run.invoker/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] module.github_webhook_gateway.google_pubsub_topic_iam_binding.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled/roles/pubsub.publisher] module.github_webhook_gateway.google_secret_manager_secret_iam_member.gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] module.slack_message_sender.google_secret_manager_secret_iam_member.slack_msg_sender_common_slack_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/common-slack-bot-token/roles/secretmanager.secretAccessor/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.google_cloud_run_service.signify_secret_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/signify-secret-rotator] data.google_container_cluster.trusted_workload_k8s_cluster: Read complete after 4s [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow] module.service_account_keys_rotator.google_cloud_run_service.service_account_keys_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator] module.signify_secret_rotator.google_project_iam_member.signify_secret_rotator_secret_version_adder: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionAdder/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.signify_secret_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com] data.github_organization.kyma-project: Read complete after 6s [id=39153523] module.signify_secret_rotator.google_project_iam_member.signify_secret_rotator_secret_version_accessor: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretAccessor/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner] module.github_webhook_gateway.google_secret_manager_secret_iam_member.webhook_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com] github_actions_variable.gcp_terraform_executor_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL] google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser] google_project_iam_member.terraform_executor_prow_project_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com] module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshin # ... # ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt. # ... ceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "111348641835057382688" } secrets_rotator_dead_letter_topic = { "effective_labels" = tomap({ "application" = "secrets-rotator" }) "id" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter" "ingestion_data_source_settings" = tolist([]) "kms_key_name" = "" "labels" = tomap({ "application" = "secrets-rotator" }) "message_retention_duration" = "86600s" "message_storage_policy" = tolist([ { "allowed_persistence_regions" = tolist([ "africa-south1", "asia-east1", "asia-east2", "asia-northeast1", "asia-northeast2", "asia-northeast3", "asia-south1", "asia-south2", "asia-southeast1", "asia-southeast2", "australia-southeast1", "australia-southeast2", "europe-central2", "europe-north1", "europe-southwest1", "europe-west1", "europe-west10", "europe-west12", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "europe-west8", "europe-west9", "me-central1", "me-central2", "me-west1", "northamerica-northeast1", "northamerica-northeast2", "southamerica-east1", "southamerica-west1", "us-central1", "us-central2", "us-east1", "us-east4", "us-east5", "us-east7", "us-south1", "us-west1", "us-west2", "us-west3", "us-west4", "us-west8", ]) }, ]) "name" = "secrets-rotator-dead-letter" "project" = "sap-kyma-prow" "schema_settings" = tolist([]) "terraform_labels" = tomap({ "application" = "secrets-rotator" }) "timeouts" = null /* object */ } service_account_keys_cleaner = { "service_account_keys_cleaner_cloud_run_service" = { "autogenerate_revision_name" = false "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner" "location" = "europe-west4" "metadata" = tolist([ { "annotations" = tomap({}) "effective_annotations" = tomap({ "run.googleapis.com/ingress" = "all" "run.googleapis.com/ingress-status" = "all" "run.googleapis.com/operation-id" = "d7a8692e-1758-4659-a05f-6e335910e74f" "run.googleapis.com/urls" = "[\"https://service-account-keys-cleaner-351981214969.europe-west4.run.app\",\"https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app\"]" "serving.knative.dev/creator" = "kacper.malachowski@sap.com" "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" }) "effective_labels" = tomap({ "cloud.googleapis.com/location" = "europe-west4" }) "generation" = 125 "labels" = tomap({}) "namespace" = "sap-kyma-prow" "resource_version" = "AAYnZ4+P+28" "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-cleaner" "terraform_labels" = tomap({}) "uid" = "b294b2a5-1c7d-4ab2-a8e3-ad27bbb0b00c" }, ]) "name" = "service-account-keys-cleaner" "project" = "sap-kyma-prow" "status" = tolist([ { "conditions" = tolist([ { "message" = "" "reason" = "" "status" = "True" "type" = "Ready" }, { "message" = "" "reason" = "" "status" = "True" "type" = "ConfigurationsReady" }, { "message" = "" "reason" = "" "status" = "True" "type" = "RoutesReady" }, ]) "latest_created_revision_name" = "service-account-keys-cleaner-00125-mr5" "latest_ready_revision_name" = "service-account-keys-cleaner-00125-mr5" "observed_generation" = 125 "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "service-account-keys-cleaner-00125-mr5" "tag" = "" "url" = "" }, ]) "url" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app" }, ]) "template" = tolist([ { "metadata" = tolist([ { "annotations" = tomap({ "autoscaling.knative.dev/maxScale" = "100" }) "generation" = 0 "labels" = tomap({ "run.googleapis.com/startupProbeType" = "Default" }) "name" = "" "namespace" = "" "resource_version" = "" "self_link" = "" "uid" = "" }, ]) "spec" = tolist([ { "container_concurrency" = 80 "containers" = tolist([ { "args" = tolist([]) "command" = tolist([]) "env" = toset([ { "name" = "APPLICATION_NAME" "value" = "secrets-rotator" "value_from" = tolist([]) }, { "name" = "COMPONENT_NAME" "value" = "service-account-keys-cleaner" "value_from" = tolist([]) }, { "name" = "LISTEN_PORT" "value" = "8080" "value_from" = tolist([]) }, ]) "env_from" = tolist([]) "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241121-ab2a8cf8" "liveness_probe" = tolist([]) "name" = "" "ports" = tolist([ { "container_port" = 8080 "name" = "http1" "protocol" = "" }, ]) "resources" = tolist([ { "limits" = tomap({ "cpu" = "1000m" "memory" = "512Mi" }) "requests" = tomap({}) }, ]) "startup_probe" = tolist([ { "failure_threshold" = 1 "grpc" = tolist([]) "http_get" = tolist([]) "initial_delay_seconds" = 0 "period_seconds" = 240 "tcp_socket" = tolist([ { "port" = 8080 }, ]) "timeout_seconds" = 240 }, ]) "volume_mounts" = tolist([]) "working_dir" = "" }, ]) "service_account_name" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "serving_state" = "" "timeout_seconds" = 300 "volumes" = tolist([]) }, ]) }, ]) "timeouts" = null /* object */ "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "" "tag" = "" "url" = "" }, ]) } "service_account_keys_cleaner_secheduler" = { "app_engine_http_target" = tolist([]) "attempt_deadline" = "320s" "description" = "Call service account keys cleaner service, to remove old versions of secrets" "http_target" = tolist([ { "body" = "" "headers" = tomap({}) "http_method" = "GET" "oauth_token" = tolist([]) "oidc_token" = tolist([ { "audience" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app" "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" }, ]) "uri" = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24" }, ]) "id" = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner" "name" = "service-account-keys-cleaner" "paused" = false "project" = "sap-kyma-prow" "pubsub_target" = tolist([]) "region" = "europe-west3" "retry_config" = tolist([]) "schedule" = "0 0 * * 1-5" "state" = "ENABLED" "time_zone" = "Etc/UTC" "timeouts" = null /* object */ } "service_account_keys_cleaner_service_account" = { "account_id" = "sa-keys-cleaner" "create_ignore_already_exists" = tobool(null) "description" = "Identity of the service account keys rotator service." "disabled" = false "display_name" = "" "email" = "sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "101317727774651823048" } } service_account_keys_rotator = { "service_account_keys_rotator_cloud_run_service" = { "autogenerate_revision_name" = false "id" = "locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator" "location" = "europe-west4" "metadata" = tolist([ { "annotations" = tomap({}) "effective_annotations" = tomap({ "run.googleapis.com/ingress" = "all" "run.googleapis.com/ingress-status" = "all" "run.googleapis.com/operation-id" = "92288699-81e7-4e6f-a360-15d832a50576" "run.googleapis.com/urls" = "[\"https://service-account-keys-rotator-351981214969.europe-west4.run.app\",\"https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app\"]" "serving.knative.dev/creator" = "kacper.malachowski@sap.com" "serving.knative.dev/lastModifier" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" }) "effective_labels" = tomap({ "cloud.googleapis.com/location" = "europe-west4" }) "generation" = 124 "labels" = tomap({}) "namespace" = "sap-kyma-prow" "resource_version" = "AAYnZ4+MnrQ" "self_link" = "/apis/serving.knative.dev/v1/namespaces/351981214969/services/service-account-keys-rotator" "terraform_labels" = tomap({}) "uid" = "c91dbea8-bbbb-4f82-99f5-1f40befe699c" }, ]) "name" = "service-account-keys-rotator" "project" = "sap-kyma-prow" "status" = tolist([ { "conditions" = tolist([ { "message" = "" "reason" = "" "status" = "True" "type" = "Ready" }, { "message" = "" "reason" = "" "status" = "True" "type" = "ConfigurationsReady" }, { "message" = "" "reason" = "" "status" = "True" "type" = "RoutesReady" }, ]) "latest_created_revision_name" = "service-account-keys-rotator-00124-h5w" "latest_ready_revision_name" = "service-account-keys-rotator-00124-h5w" "observed_generation" = 124 "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "service-account-keys-rotator-00124-h5w" "tag" = "" "url" = "" }, ]) "url" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app" }, ]) "template" = tolist([ { "metadata" = tolist([ { "annotations" = tomap({ "autoscaling.knative.dev/maxScale" = "100" }) "generation" = 0 "labels" = tomap({ "run.googleapis.com/startupProbeType" = "Default" }) "name" = "" "namespace" = "" "resource_version" = "" "self_link" = "" "uid" = "" }, ]) "spec" = tolist([ { "container_concurrency" = 80 "containers" = tolist([ { "args" = tolist([]) "command" = tolist([]) "env" = toset([ { "name" = "APPLICATION_NAME" "value" = "secrets-rotator" "value_from" = tolist([]) }, { "name" = "COMPONENT_NAME" "value" = "service-account-keys-rotator" "value_from" = tolist([]) }, { "name" = "LISTEN_PORT" "value" = "8080" "value_from" = tolist([]) }, ]) "env_from" = tolist([]) "image" = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241121-ab2a8cf8" "liveness_probe" = tolist([]) "name" = "" "ports" = tolist([ { "container_port" = 8080 "name" = "http1" "protocol" = "" }, ]) "resources" = tolist([ { "limits" = tomap({ "cpu" = "1000m" "memory" = "512Mi" }) "requests" = tomap({}) }, ]) "startup_probe" = tolist([ { "failure_threshold" = 1 "grpc" = tolist([]) "http_get" = tolist([]) "initial_delay_seconds" = 0 "period_seconds" = 240 "tcp_socket" = tolist([ { "port" = 8080 }, ]) "timeout_seconds" = 240 }, ]) "volume_mounts" = tolist([]) "working_dir" = "" }, ]) "service_account_name" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "serving_state" = "" "timeout_seconds" = 300 "volumes" = tolist([]) }, ]) }, ]) "timeouts" = null /* object */ "traffic" = tolist([ { "latest_revision" = true "percent" = 100 "revision_name" = "" "tag" = "" "url" = "" }, ]) } "service_account_keys_rotator_service_account" = { "account_id" = "sa-keys-rotator" "create_ignore_already_exists" = tobool(null) "description" = "Identity of the service account keys rotator service." "disabled" = false "display_name" = "" "email" = "sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "116267434130697196528" } "service_account_keys_rotator_service_account_iam" = { "condition" = tolist([]) "etag" = "BwYlrohfiKQ=" "id" = "sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "role" = "roles/iam.serviceAccountKeyAdmin" } "service_account_keys_rotator_subscription" = { "ack_deadline_seconds" = 20 "bigquery_config" = tolist([]) "cloud_storage_config" = tolist([]) "dead_letter_policy" = tolist([ { "dead_letter_topic" = "projects/sap-kyma-prow/topics/secrets-rotator-dead-letter" "max_delivery_attempts" = 15 }, ]) "effective_labels" = tomap({ "application_name" = "secrets-rotator" }) "enable_exactly_once_delivery" = false "enable_message_ordering" = false "expiration_policy" = tolist([ { "ttl" = "31556952s" }, ]) "filter" = "attributes.eventType = \"SECRET_ROTATE\"" "id" = "projects/sap-kyma-prow/subscriptions/secrets-rotator-service-account-keys-rotator" "labels" = tomap({ "application_name" = "secrets-rotator" }) "message_retention_duration" = "604800s" "name" = "secrets-rotator-service-account-keys-rotator" "project" = "sap-kyma-prow" "push_config" = tolist([ { "attributes" = tomap({}) "no_wrapper" = tolist([]) "oidc_token" = tolist([ { "audience" = "" "service_account_email" = "secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com" }, ]) "push_endpoint" = "https://service-account-keys-rotator-q25ja7ch3q-ez.a.run.app" }, ]) "retain_acked_messages" = false "retry_policy" = tolist([ { "maximum_backoff" = "600s" "minimum_backoff" = "300s" }, ]) "terraform_labels" = tomap({ "application_name" = "secrets-rotator" }) "timeouts" = null /* object */ "topic" = "projects/sap-kyma-prow/topics/secret-manager-notifications" } } terraform_executor_gcp_prow_project_iam_member = { "condition" = tolist([]) "etag" = "BwYlrohfiKQ=" "id" = "sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "role" = "roles/owner" } terraform_executor_gcp_service_account = { "account_id" = "terraform-executor" "create_ignore_already_exists" = tobool(null) "description" = "Identity of terraform executor. It's mapped to k8s service account through workload identity." "disabled" = false "display_name" = "terraform-executor" "email" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "member" = "serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "name" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" "project" = "sap-kyma-prow" "timeouts" = null /* object */ "unique_id" = "109665069699011807029" } terraform_executor_gcp_workload_identity = { "condition" = tolist([]) "etag" = "BwYhcY+T+/A=" "id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser" "members" = toset([ "principal://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/subject/repository_id:147495537:repository_owner_id:39153523:workflow:Post Apply Prod Terraform", ]) "role" = "roles/iam.workloadIdentityUser" "service_account_id" = "projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com" } trusted_workload_gatekeeper = untrusted_workload_gatekeeper = ```

`