Manual approval required for workflow run 6329934328: Terraform apply -> company-product (sandbox)

[github-actions[bot]]

Terraform Format and Style 🖌failure

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid.  ```

Terraform Plan 📖success

Show Plan

```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # module.cluster.module.aks_cluster.azurerm_kubernetes_cluster.aks will be created + resource "azurerm_kubernetes_cluster" "aks" { + api_server_authorized_ip_ranges = (known after apply) + dns_prefix = "aks-sandbox-tfpoc" + fqdn = (known after apply) + http_application_routing_zone_name = (known after apply) + id = (known after apply) + image_cleaner_enabled = false + image_cleaner_interval_hours = 48 + kube_admin_config = (sensitive value) + kube_admin_config_raw = (sensitive value) + kube_config = (sensitive value) + kube_config_raw = (sensitive value) + kubernetes_version = (known after apply) + location = "eastus" + name = "aks-sandbox-tfpoc" + node_resource_group = (known after apply) + node_resource_group_id = (known after apply) + oidc_issuer_url = (known after apply) + portal_fqdn = (known after apply) + private_cluster_enabled = false + private_cluster_public_fqdn_enabled = false + private_dns_zone_id = (known after apply) + private_fqdn = (known after apply) + public_network_access_enabled = true + resource_group_name = "rg-sandbox-tfpoc-cluster" + role_based_access_control_enabled = true + run_command_enabled = true + sku_tier = "Free" + workload_identity_enabled = false + default_node_pool { + kubelet_disk_type = (known after apply) + max_pods = (known after apply) + name = "default" + node_count = 1 + node_labels = (known after apply) + orchestrator_version = (known after apply) + os_disk_size_gb = (known after apply) + os_disk_type = "Managed" + os_sku = (known after apply) + scale_down_mode = "Delete" + type = "VirtualMachineScaleSets" + ultra_ssd_enabled = false + vm_size = "Standard_D2_v2" + workload_runtime = (known after apply) } + identity { + principal_id = (known after apply) + tenant_id = (known after apply) + type = "SystemAssigned" } } # module.cluster.module.aks_cluster.azurerm_resource_group.aks will be created + resource "azurerm_resource_group" "aks" { + id = (known after apply) + location = "eastus" + name = "rg-sandbox-tfpoc-cluster" } # module.feature.module.feature.data.azurerm_key_vault_secret.test_secret will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_key_vault_secret" "test_secret" { + content_type = (known after apply) + expiration_date = (known after apply) + id = (known after apply) + key_vault_id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-sandbox-tfpoc-bootstrap/providers/Microsoft.KeyVault/vaults/kv-sand-tfpoc-bootstrap" + name = "Test--Secret" + not_before_date = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + tags = (known after apply) + value = (sensitive value) + versionless_id = (known after apply) } # module.feature.module.feature.azurerm_redis_cache.feature[0] will be created + resource "azurerm_redis_cache" "feature" { + capacity = 2 + enable_non_ssl_port = false + family = "C" + hostname = (known after apply) + id = (known after apply) + location = "eastus" + minimum_tls_version = "1.2" + name = "rc-sandbox-tfpoc-feature" + port = (known after apply) + primary_access_key = (sensitive value) + primary_connection_string = (sensitive value) + private_static_ip_address = (known after apply) + public_network_access_enabled = true + redis_version = (known after apply) + replicas_per_master = (known after apply) + replicas_per_primary = (known after apply) + resource_group_name = "rg-sandbox-tfpoc-feature" + secondary_access_key = (sensitive value) + secondary_connection_string = (sensitive value) + sku_name = "Standard" + ssl_port = (known after apply) + redis_configuration { + enable_authentication = true + maxclients = (known after apply) + maxfragmentationmemory_reserved = (known after apply) + maxmemory_delta = (known after apply) + maxmemory_policy = "volatile-lru" + maxmemory_reserved = (known after apply) } } # module.feature.module.feature.azurerm_resource_group.feature will be created + resource "azurerm_resource_group" "feature" { + id = (known after apply) + location = "eastus" + name = "rg-sandbox-tfpoc-feature" } # module.feature.module.feature.azurerm_storage_account.feature will be created + resource "azurerm_storage_account" "feature" { + access_tier = (known after apply) + account_kind = "StorageV2" + account_replication_type = "GRS" + account_tier = "Standard" + allow_nested_items_to_be_public = true + cross_tenant_replication_enabled = true + default_to_oauth_authentication = false + enable_https_traffic_only = true + id = (known after apply) + infrastructure_encryption_enabled = false + is_hns_enabled = false + large_file_share_enabled = (known after apply) + location = "eastus" + min_tls_version = "TLS1_2" + name = "sasandfeature" + nfsv3_enabled = false + primary_access_key = (sensitive value) + primary_blob_connection_string = (sensitive value) + primary_blob_endpoint = (known after apply) + primary_blob_host = (known after apply) + primary_connection_string = (sensitive value) + primary_dfs_endpoint = (known after apply) + primary_dfs_host = (known after apply) + primary_file_endpoint = (known after apply) + primary_file_host = (known after apply) + primary_location = (known after apply) + primary_queue_endpoint = (known after apply) + primary_queue_host = (known after apply) + primary_table_endpoint = (known after apply) + primary_table_host = (known after apply) + primary_web_endpoint = (known after apply) + primary_web_host = (known after apply) + public_network_access_enabled = true + queue_encryption_key_type = "Service" + resource_group_name = "rg-sandbox-tfpoc-feature" + secondary_access_key = (sensitive value) + secondary_blob_connection_string = (sensitive value) + secondary_blob_endpoint = (known after apply) + secondary_blob_host = (known after apply) + secondary_connection_string = (sensitive value) + secondary_dfs_endpoint = (known after apply) + secondary_dfs_host = (known after apply) + secondary_file_endpoint = (known after apply) + secondary_file_host = (known after apply) + secondary_location = (known after apply) + secondary_queue_endpoint = (known after apply) + secondary_queue_host = (known after apply) + secondary_table_endpoint = (known after apply) + secondary_table_host = (known after apply) + secondary_web_endpoint = (known after apply) + secondary_web_host = (known after apply) + sftp_enabled = false + shared_access_key_enabled = true + table_encryption_key_type = "Service" } # module.feature.module.feature.azurerm_storage_container.feature will be created + resource "azurerm_storage_container" "feature" { + container_access_type = "private" + has_immutability_policy = (known after apply) + has_legal_hold = (known after apply) + id = (known after apply) + metadata = (known after apply) + name = "documents" + resource_manager_id = (known after apply) + storage_account_name = "sasandfeature" } # module.feature.module.feature.kubernetes_namespace.secret_namespace will be created + resource "kubernetes_namespace" "secret_namespace" { + id = (known after apply) + wait_for_default_service_account = false + metadata { + generation = (known after apply) + name = "sandbox" + resource_version = (known after apply) + uid = (known after apply) } } # module.feature.module.feature.kubernetes_secret.cosmosdb-secret will be created + resource "kubernetes_secret" "cosmosdb-secret" { + data = (sensitive value) + id = (known after apply) + type = "Opaque" + wait_for_service_account_token = true + metadata { + generation = (known after apply) + name = "feature-secrets" + namespace = "sandbox" + resource_version = (known after apply) + uid = (known after apply) } } # module.feature.module.feature.module.feature_key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.feature.module.feature.module.feature_key_vault.azurerm_key_vault.vault will be created + resource "azurerm_key_vault" "vault" { + access_policy = (known after apply) + enabled_for_deployment = true + enabled_for_disk_encryption = true + enabled_for_template_deployment = true + id = (known after apply) + location = "eastus" + name = "kv-sand-tfpoc-feature" + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rg-sandbox-tfpoc-feature" + sku_name = "standard" + soft_delete_retention_days = 7 + tenant_id = (known after apply) + vault_uri = (known after apply) } Plan: 9 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tf.plan To perform exactly these actions, run the following command to apply: terraform apply "tf.plan" ```

Pusher: @spencerr Action: push Working Directory: /home/runner/work/tf-poc/tf-poc/company-product/environments/sandbox Workflow: Terraform - Deployment

Workflow is pending manual review. URL: https://github.com/spencerr/tf-poc/actions/runs/6329934328

Required approvers: [spencerr]

Respond "approved", "approve", "lgtm", "yes" to continue workflow or "denied", "deny", "no" to cancel.

[spencerr]

yes

[github-actions[bot]]

All approvers have approved, continuing workflow and closing this issue.