Manual approval required for workflow run 6341572534: Terraform destroy -> company-product (production)

[github-actions[bot]]

Terraform Format and Style 🖌failure

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid.  ```

Terraform Plan 📖success

Show Plan

```diff module.cluster.module.aks_cluster.azurerm_resource_group.aks: Refreshing state... [id=/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-cluster] module.cluster.module.aks_cluster.azurerm_kubernetes_cluster.aks: Refreshing state... [id=/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-cluster/providers/Microsoft.ContainerService/managedClusters/aks-tfpoc] module.feature.module.feature.azurerm_resource_group.feature: Refreshing state... [id=/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature] module.feature.module.feature.data.azurerm_key_vault_secret.test_secret: Reading... module.feature.module.feature.module.feature_key_vault.data.azurerm_client_config.current: Reading... module.feature.module.feature.module.feature_key_vault.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1hNmFlYmEzMS03ODllLTRkZWMtYWEzMi01YmEyMDcyZTMwOWY7b2JqZWN0SWQ9YzU4YzRmNTMtNmViZS00NGQzLTgyMWItZDM3ZGVhYmI0YTFhO3N1YnNjcmlwdGlvbklkPThmMDlmN2Y0LTdiMjUtNGQ2Zi04OGE1LTg0N2IxNzUxYzRjZTt0ZW5hbnRJZD00ODc4ZTBjMS03MDE3LTQ2OGItODVmMy0zNjg2ZTEzMjZlNTM=] module.feature.module.feature.azurerm_storage_account.feature: Refreshing state... [id=/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.Storage/storageAccounts/saprodfeature] module.feature.module.feature.module.feature_key_vault.azurerm_key_vault.vault: Refreshing state... [id=/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.KeyVault/vaults/kv-tfpoc-feature] module.feature.module.feature.azurerm_cosmosdb_account.feature[0]: Refreshing state... [id=/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.DocumentDB/databaseAccounts/cos-tfpoc-feature] module.feature.module.feature.kubernetes_namespace.secret_namespace: Refreshing state... [id=production] module.feature.module.feature.data.azurerm_key_vault_secret.test_secret: Read complete after 0s [id=https://kv-prod-tfpoc-bootstrap.vault.azure.net/secrets/Test--Secret/dfefb460407f445f813a2ed53df56298] module.feature.module.feature.azurerm_storage_container.feature: Refreshing state... [id=https://saprodfeature.blob.core.windows.net/documents] module.feature.module.feature.kubernetes_secret.cosmosdb-secret: Refreshing state... [id=production/feature-secrets] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # module.cluster.module.aks_cluster.azurerm_kubernetes_cluster.aks will be destroyed - resource "azurerm_kubernetes_cluster" "aks" { - api_server_authorized_ip_ranges = [] -> null - custom_ca_trust_certificates_base64 = [] -> null - dns_prefix = "aks-tfpoc" -> null - enable_pod_security_policy = false -> null - fqdn = "aks-tfpoc-kk9tepds.hcp.eastus.azmk8s.io" -> null - id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-cluster/providers/Microsoft.ContainerService/managedClusters/aks-tfpoc" -> null - image_cleaner_enabled = false -> null - image_cleaner_interval_hours = 48 -> null - kube_admin_config = (sensitive value) -> null - kube_config = (sensitive value) -> null - kube_config_raw = (sensitive value) -> null - kubernetes_version = "1.26.6" -> null - local_account_disabled = false -> null - location = "eastus" -> null - name = "aks-tfpoc" -> null - node_resource_group = "MC_rg-tfpoc-cluster_aks-tfpoc_eastus" -> null - node_resource_group_id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/MC_rg-tfpoc-cluster_aks-tfpoc_eastus" -> null - oidc_issuer_enabled = false -> null - portal_fqdn = "aks-tfpoc-kk9tepds.portal.hcp.eastus.azmk8s.io" -> null - private_cluster_enabled = false -> null - private_cluster_public_fqdn_enabled = false -> null - public_network_access_enabled = true -> null - resource_group_name = "rg-tfpoc-cluster" -> null - role_based_access_control_enabled = true -> null - run_command_enabled = true -> null - sku_tier = "Free" -> null - tags = {} -> null - workload_identity_enabled = false -> null - default_node_pool { - custom_ca_trust_enabled = false -> null - enable_auto_scaling = false -> null - enable_host_encryption = false -> null - enable_node_public_ip = false -> null - fips_enabled = false -> null - kubelet_disk_type = "OS" -> null - max_count = 0 -> null - max_pods = 110 -> null - min_count = 0 -> null - name = "default" -> null - node_count = 1 -> null - node_labels = {} -> null - node_taints = [] -> null - only_critical_addons_enabled = false -> null - orchestrator_version = "1.26.6" -> null - os_disk_size_gb = 128 -> null - os_disk_type = "Managed" -> null - os_sku = "Ubuntu" -> null - scale_down_mode = "Delete" -> null - tags = {} -> null - type = "VirtualMachineScaleSets" -> null - ultra_ssd_enabled = false -> null - vm_size = "Standard_D2_v2" -> null - zones = [] -> null } - identity { - identity_ids = [] -> null - principal_id = "e23fdcf0-866c-41ed-82dc-2a5b5418a8d1" -> null - tenant_id = "4878e0c1-7017-468b-85f3-3686e1326e53" -> null - type = "SystemAssigned" -> null } - kubelet_identity { - client_id = "4767fa3b-8201-4446-93bd-a97e724efc5f" -> null - object_id = "6cff145b-9a0b-49c8-9500-57c2e64ee439" -> null - user_assigned_identity_id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/MC_rg-tfpoc-cluster_aks-tfpoc_eastus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-tfpoc-agentpool" -> null } - network_profile { - dns_service_ip = "10.0.0.10" -> null - ip_versions = [ - "IPv4", ] -> null - load_balancer_sku = "standard" -> null - network_plugin = "kubenet" -> null - outbound_type = "loadBalancer" -> null - pod_cidr = "10.244.0.0/16" -> null - pod_cidrs = [ - "10.244.0.0/16", ] -> null - service_cidr = "10.0.0.0/16" -> null - service_cidrs = [ - "10.0.0.0/16", ] -> null - load_balancer_profile { - effective_outbound_ips = [ - "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/MC_rg-tfpoc-cluster_aks-tfpoc_eastus/providers/Microsoft.Network/publicIPAddresses/e9bca504-90a1-45eb-888b-8a22a2d56c09", ] -> null - idle_timeout_in_minutes = 0 -> null - managed_outbound_ip_count = 1 -> null - managed_outbound_ipv6_count = 0 -> null - outbound_ip_address_ids = [] -> null - outbound_ip_prefix_ids = [] -> null - outbound_ports_allocated = 0 -> null } } } # module.cluster.module.aks_cluster.azurerm_resource_group.aks will be destroyed - resource "azurerm_resource_group" "aks" { - id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-cluster" -> null - location = "eastus" -> null - name = "rg-tfpoc-cluster" -> null - tags = {} -> null } # module.feature.module.feature.azurerm_cosmosdb_account.feature[0] will be destroyed - resource "azurerm_cosmosdb_account" "feature" { - access_key_metadata_writes_enabled = true -> null - analytical_storage_enabled = false -> null - connection_strings = (sensitive value) -> null - default_identity_type = "FirstPartyIdentity" -> null - enable_automatic_failover = false -> null - enable_free_tier = false -> null - enable_multiple_write_locations = false -> null - endpoint = "https://cos-tfpoc-feature.documents.azure.com:443/" -> null - id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.DocumentDB/databaseAccounts/cos-tfpoc-feature" -> null - is_virtual_network_filter_enabled = false -> null - kind = "GlobalDocumentDB" -> null - local_authentication_disabled = false -> null - location = "eastus" -> null - name = "cos-tfpoc-feature" -> null - network_acl_bypass_for_azure_services = false -> null - network_acl_bypass_ids = [] -> null - offer_type = "Standard" -> null - primary_key = (sensitive value) -> null - primary_readonly_key = (sensitive value) -> null - primary_readonly_sql_connection_string = (sensitive value) -> null - primary_sql_connection_string = (sensitive value) -> null - public_network_access_enabled = true -> null - read_endpoints = [ - "https://cos-tfpoc-feature-eastus.documents.azure.com:443/", ] -> null - resource_group_name = "rg-tfpoc-feature" -> null - secondary_key = (sensitive value) -> null - secondary_readonly_key = (sensitive value) -> null - secondary_readonly_sql_connection_string = (sensitive value) -> null - secondary_sql_connection_string = (sensitive value) -> null - tags = {} -> null - write_endpoints = [ - "https://cos-tfpoc-feature-eastus.documents.azure.com:443/", ] -> null - analytical_storage { - schema_type = "WellDefined" -> null } - backup { - interval_in_minutes = 240 -> null - retention_in_hours = 8 -> null - storage_redundancy = "Geo" -> null - type = "Periodic" -> null } - consistency_policy { - consistency_level = "Session" -> null - max_interval_in_seconds = 5 -> null - max_staleness_prefix = 100 -> null } - geo_location { - failover_priority = 0 -> null - id = "cos-tfpoc-feature-eastus" -> null - location = "eastus" -> null - zone_redundant = false -> null } } # module.feature.module.feature.azurerm_resource_group.feature will be destroyed - resource "azurerm_resource_group" "feature" { - id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature" -> null - location = "eastus" -> null - name = "rg-tfpoc-feature" -> null - tags = {} -> null } # module.feature.module.feature.azurerm_storage_account.feature will be destroyed - resource "azurerm_storage_account" "feature" { - access_tier = "Hot" -> null - account_kind = "StorageV2" -> null - account_replication_type = "GRS" -> null - account_tier = "Standard" -> null - allow_nested_items_to_be_public = true -> null - cross_tenant_replication_enabled = true -> null - default_to_oauth_authentication = false -> null - enable_https_traffic_only = true -> null - id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.Storage/storageAccounts/saprodfeature" -> null - infrastructure_encryption_enabled = false -> null - is_hns_enabled = false -> null - location = "eastus" -> null - min_tls_version = "TLS1_2" -> null - name = "saprodfeature" -> null - nfsv3_enabled = false -> null - primary_access_key = (sensitive value) -> null - primary_blob_connection_string = (sensitive value) -> null - primary_blob_endpoint = "https://saprodfeature.blob.core.windows.net/" -> null - primary_blob_host = "saprodfeature.blob.core.windows.net" -> null - primary_connection_string = (sensitive value) -> null - primary_dfs_endpoint = "https://saprodfeature.dfs.core.windows.net/" -> null - primary_dfs_host = "saprodfeature.dfs.core.windows.net" -> null - primary_file_endpoint = "https://saprodfeature.file.core.windows.net/" -> null - primary_file_host = "saprodfeature.file.core.windows.net" -> null - primary_location = "eastus" -> null - primary_queue_endpoint = "https://saprodfeature.queue.core.windows.net/" -> null - primary_queue_host = "saprodfeature.queue.core.windows.net" -> null - primary_table_endpoint = "https://saprodfeature.table.core.windows.net/" -> null - primary_table_host = "saprodfeature.table.core.windows.net" -> null - primary_web_endpoint = "https://saprodfeature.z13.web.core.windows.net/" -> null - primary_web_host = "saprodfeature.z13.web.core.windows.net" -> null - public_network_access_enabled = true -> null - queue_encryption_key_type = "Service" -> null - resource_group_name = "rg-tfpoc-feature" -> null - secondary_access_key = (sensitive value) -> null - secondary_connection_string = (sensitive value) -> null - secondary_location = "westus" -> null - sftp_enabled = false -> null - shared_access_key_enabled = true -> null - table_encryption_key_type = "Service" -> null - tags = {} -> null - blob_properties { - change_feed_enabled = false -> null - change_feed_retention_in_days = 0 -> null - last_access_time_enabled = false -> null - versioning_enabled = false -> null } - network_rules { - bypass = [ - "AzureServices", ] -> null - default_action = "Allow" -> null - ip_rules = [] -> null - virtual_network_subnet_ids = [] -> null } - queue_properties { - hour_metrics { - enabled = true -> null - include_apis = true -> null - retention_policy_days = 7 -> null - version = "1.0" -> null } - logging { - delete = false -> null - read = false -> null - retention_policy_days = 0 -> null - version = "1.0" -> null - write = false -> null } - minute_metrics { - enabled = false -> null - include_apis = false -> null - retention_policy_days = 0 -> null - version = "1.0" -> null } } - share_properties { - retention_policy { - days = 7 -> null } } } # module.feature.module.feature.azurerm_storage_container.feature will be destroyed - resource "azurerm_storage_container" "feature" { - container_access_type = "private" -> null - has_immutability_policy = false -> null - has_legal_hold = false -> null - id = "https://saprodfeature.blob.core.windows.net/documents" -> null - metadata = {} -> null - name = "documents" -> null - resource_manager_id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.Storage/storageAccounts/saprodfeature/blobServices/default/containers/documents" -> null - storage_account_name = "saprodfeature" -> null } # module.feature.module.feature.kubernetes_namespace.secret_namespace will be destroyed - resource "kubernetes_namespace" "secret_namespace" { - id = "production" -> null - wait_for_default_service_account = false -> null - metadata { - annotations = {} -> null - generation = 0 -> null - labels = {} -> null - name = "production" -> null - resource_version = "1203" -> null - uid = "b453cc02-28ec-444f-915a-260d833ee2bb" -> null } } # module.feature.module.feature.kubernetes_secret.cosmosdb-secret will be destroyed - resource "kubernetes_secret" "cosmosdb-secret" { - data = (sensitive value) -> null - id = "production/feature-secrets" -> null - immutable = false -> null - type = "Opaque" -> null - wait_for_service_account_token = true -> null - metadata { - annotations = {} -> null - generation = 0 -> null - labels = {} -> null - name = "feature-secrets" -> null - namespace = "production" -> null - resource_version = "1837" -> null - uid = "4fd4e5c1-f75b-40bd-a10e-018268d1be0a" -> null } } # module.feature.module.feature.module.feature_key_vault.azurerm_key_vault.vault will be destroyed - resource "azurerm_key_vault" "vault" { - access_policy = [] -> null - enable_rbac_authorization = false -> null - enabled_for_deployment = true -> null - enabled_for_disk_encryption = true -> null - enabled_for_template_deployment = true -> null - id = "/subscriptions/8f09f7f4-7b25-4d6f-88a5-847b1751c4ce/resourceGroups/rg-tfpoc-feature/providers/Microsoft.KeyVault/vaults/kv-tfpoc-feature" -> null - location = "eastus" -> null - name = "kv-tfpoc-feature" -> null - public_network_access_enabled = true -> null - purge_protection_enabled = true -> null - resource_group_name = "rg-tfpoc-feature" -> null - sku_name = "standard" -> null - soft_delete_retention_days = 7 -> null - tags = {} -> null - tenant_id = "4878e0c1-7017-468b-85f3-3686e1326e53" -> null - vault_uri = "https://kv-tfpoc-feature.vault.azure.net/" -> null - network_acls { - bypass = "AzureServices" -> null - default_action = "Allow" -> null - ip_rules = [] -> null - virtual_network_subnet_ids = [] -> null } } Plan: 0 to add, 0 to change, 9 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tf.plan To perform exactly these actions, run the following command to apply: terraform apply "tf.plan" ```

Pusher: @spencerr Action: workflow_dispatch Working Directory: /home/runner/work/tf-poc/tf-poc/company-product/environments/production Workflow: Company:Product -> Terraform

Workflow is pending manual review. URL: https://github.com/spencerr/tf-poc/actions/runs/6341572534

Required approvers: [spencerr]

Respond "approved", "approve", "lgtm", "yes" to continue workflow or "denied", "deny", "no" to cancel.

[spencerr]

yes

[github-actions[bot]]

All approvers have approved, continuing workflow and closing this issue.