From 0ba5f3bbbfc73cddcbf2f1c6d59c6c3a5a4b7795 Mon Sep 17 00:00:00 2001 From: Patryk Dobrowolski Date: Tue, 22 Oct 2024 14:03:08 +0200 Subject: [PATCH] Remove unused project mentions (#12188) * Remove unused project mentions * Remove unused project mentions --- configs/terraform/environments/prod/output.tf | 4 ---- .../terraform/environments/prod/provider.tf | 6 ------ .../environments/prod/secrets-rotator.tf | 14 -------------- .../environments/prod/service_accounts.tf | 6 ------ .../environments/prod/terraform-executor.tf | 18 ------------------ .../terraform/environments/prod/variables.tf | 6 ------ .../test_artifacts/test-prow-config.yaml | 10 ---------- prow/config.yaml | 10 ---------- .../kyma-project/test-infra/periodics.yaml | 5 ----- 9 files changed, 79 deletions(-) diff --git a/configs/terraform/environments/prod/output.tf b/configs/terraform/environments/prod/output.tf index a7adcd54b637..2864d746b75c 100644 --- a/configs/terraform/environments/prod/output.tf +++ b/configs/terraform/environments/prod/output.tf @@ -16,10 +16,6 @@ output "terraform_executor_gcp_prow_project_iam_member" { value = google_project_iam_member.terraform_executor_prow_project_owner } -output "terraform_executor_gcp_workloads_project_iam_member" { - value = google_project_iam_member.terraform_executor_workloads_project_owner -} - output "terraform_executor_gcp_workload_identity" { value = google_service_account_iam_binding.terraform_workload_identity } diff --git a/configs/terraform/environments/prod/provider.tf b/configs/terraform/environments/prod/provider.tf index 400cef303144..a5778a47b4fc 100644 --- a/configs/terraform/environments/prod/provider.tf +++ b/configs/terraform/environments/prod/provider.tf @@ -43,12 +43,6 @@ provider "google" { region = var.kyma_project_gcp_region } -provider "google" { - alias = "workloads" - project = var.workloads_project_id - region = var.gcp_region -} - provider "google-beta" { project = var.gcp_project_id region = var.gcp_region diff --git a/configs/terraform/environments/prod/secrets-rotator.tf b/configs/terraform/environments/prod/secrets-rotator.tf index ae677aa9f470..f313aee98a9e 100644 --- a/configs/terraform/environments/prod/secrets-rotator.tf +++ b/configs/terraform/environments/prod/secrets-rotator.tf @@ -37,13 +37,6 @@ output "service_account_keys_rotator" { value = module.service_account_keys_rotator } -resource "google_project_iam_member" "service_account_keys_rotator_workloads_project" { - provider = google.workloads - project = var.workloads_project_id - role = "roles/iam.serviceAccountKeyAdmin" - member = "serviceAccount:${module.service_account_keys_rotator.service_account_keys_rotator_service_account.email}" -} - module "service_account_keys_cleaner" { source = "../../modules/service-account-keys-cleaner" @@ -65,13 +58,6 @@ output "service_account_keys_cleaner" { value = module.service_account_keys_cleaner } -resource "google_project_iam_member" "service_account_keys_cleaner_workloads_project" { - provider = google.workloads - project = var.workloads_project_id - role = "roles/iam.serviceAccountKeyAdmin" - member = "serviceAccount:${module.service_account_keys_cleaner.service_account_keys_cleaner_service_account.email}" -} - module "signify_secret_rotator" { source = "../../modules/signify-secret-rotator" diff --git a/configs/terraform/environments/prod/service_accounts.tf b/configs/terraform/environments/prod/service_accounts.tf index 792f39ec07a3..927af30de215 100644 --- a/configs/terraform/environments/prod/service_accounts.tf +++ b/configs/terraform/environments/prod/service_accounts.tf @@ -100,12 +100,6 @@ resource "google_service_account" "sa-secret-update" { description = "Can update secrets in Secret Manager" } -resource "google_service_account" "sa-kyma-dns-serviceuser" { - account_id = "sa-kyma-dns-serviceuser" - display_name = "sa-kyma-dns-serviceuser" - description = " Service Account used to manipulate DNS entries in sap-kyma-prow-workloads. Will be removed with Prow" -} - resource "google_service_account" "sa-security-dashboard-oauth" { account_id = "sa-security-dashboard-oauth" display_name = "sa-security-dashboard-oauth" diff --git a/configs/terraform/environments/prod/terraform-executor.tf b/configs/terraform/environments/prod/terraform-executor.tf index f978ed68c005..34d646fbb605 100644 --- a/configs/terraform/environments/prod/terraform-executor.tf +++ b/configs/terraform/environments/prod/terraform-executor.tf @@ -28,14 +28,6 @@ resource "google_service_account_iam_binding" "terraform_workload_identity" { service_account_id = google_service_account.terraform_executor.name } - -# Grant owner role to terraform executor service account in the gcp workloads project. -resource "google_project_iam_member" "terraform_executor_workloads_project_owner" { - project = var.workloads_project_id - role = "roles/owner" - member = "serviceAccount:${google_service_account.terraform_executor.email}" -} - # Create the terraform planner GCP service account. # Grants the browser permissions to refresh state of the resources. @@ -76,16 +68,6 @@ resource "google_service_account_iam_binding" "terraform_planner_workload_identi service_account_id = google_service_account.terraform_planner.name } - -resource "google_project_iam_member" "terraform_planner_workloads_project_read_access" { - for_each = toset([ - "roles/viewer", - ]) - project = var.workloads_project_id - role = each.key - member = "serviceAccount:${google_service_account.terraform_planner.email}" -} - resource "google_service_account_iam_member" "terraform_executor_workload_identity_user" { member = "principal://iam.googleapis.com/${module.gh_com_kyma_project_workload_identity_federation.pool_name}/subject/repository_id:${data.github_repository.test_infra.repo_id}:repository_owner_id:${var.github_kyma_project_organization_id}:workflow:${var.github_terraform_apply_workflow_name}" role = "roles/iam.workloadIdentityUser" diff --git a/configs/terraform/environments/prod/variables.tf b/configs/terraform/environments/prod/variables.tf index 015ee9bfb6c2..8695cf58ce8e 100644 --- a/configs/terraform/environments/prod/variables.tf +++ b/configs/terraform/environments/prod/variables.tf @@ -16,12 +16,6 @@ variable "gcp_project_id" { description = "Google Cloud project to create resources." } -variable "workloads_project_id" { - type = string - default = "sap-kyma-prow-workloads" - description = "Additional Google Cloud project ID." -} - variable "gatekeeper_manifest_path" { type = string default = "../../../../opa/gatekeeper/deployments/gatekeeper.yaml" diff --git a/pkg/tools/pjtester/test_artifacts/test-prow-config.yaml b/pkg/tools/pjtester/test_artifacts/test-prow-config.yaml index 6d41b8ffd8b4..9e990fad0336 100644 --- a/pkg/tools/pjtester/test_artifacts/test-prow-config.yaml +++ b/pkg/tools/pjtester/test_artifacts/test-prow-config.yaml @@ -377,16 +377,6 @@ presets: env: - name: CLOUDSDK_COMPUTE_REGION value: "europe-west4" - - labels: - preset-gc-project-env: "true" - env: - - name: CLOUDSDK_CORE_PROJECT - value: "sap-kyma-prow-workloads" - - labels: - preset-kms-gc-project-env: "true" - env: - - name: CLOUDSDK_KMS_PROJECT - value: "sap-kyma-prow-workloads" - labels: preset-sa-vm-kyma-integration: "true" # Service account with "Compute Admin" and "Compute OS Admin Login" roles env: diff --git a/prow/config.yaml b/prow/config.yaml index 440f27b5737a..719c5584efaf 100644 --- a/prow/config.yaml +++ b/prow/config.yaml @@ -529,16 +529,6 @@ presets: env: - name: CLOUDSDK_COMPUTE_REGION value: "europe-west4" - - labels: - preset-gc-project-env: "true" - env: - - name: CLOUDSDK_CORE_PROJECT - value: "sap-kyma-prow-workloads" - - labels: - preset-kms-gc-project-env: "true" - env: - - name: CLOUDSDK_KMS_PROJECT - value: "sap-kyma-prow-workloads" - labels: preset-sa-vm-kyma-integration: "true" # Service account with "Compute Admin" and "Compute OS Admin Login" roles env: diff --git a/prow/jobs/kyma-project/test-infra/periodics.yaml b/prow/jobs/kyma-project/test-infra/periodics.yaml index 2368d6f0e83d..04800f012998 100644 --- a/prow/jobs/kyma-project/test-infra/periodics.yaml +++ b/prow/jobs/kyma-project/test-infra/periodics.yaml @@ -7,7 +7,6 @@ periodics: # runs on schedule prow.k8s.io/pubsub.project: "sap-kyma-prow" prow.k8s.io/pubsub.runID: "utilities-kyma-integration-cleaner" prow.k8s.io/pubsub.topic: "prowjobs" - preset-gc-project-env: "true" cron: "30 * * * 1-5" skip_report: false decorate: true @@ -43,7 +42,6 @@ periodics: # runs on schedule prow.k8s.io/pubsub.project: "sap-kyma-prow" prow.k8s.io/pubsub.runID: "orphaned-disks-cleaner" prow.k8s.io/pubsub.topic: "prowjobs" - preset-gc-project-env: "true" preset-sa-gke-kyma-integration: "true" cron: "30 * * * *" skip_report: false @@ -107,7 +105,6 @@ periodics: # runs on schedule prow.k8s.io/pubsub.project: "sap-kyma-prow" prow.k8s.io/pubsub.runID: "orphaned-clusters-cleaner" prow.k8s.io/pubsub.topic: "prowjobs" - preset-gc-project-env: "true" preset-sa-gke-kyma-integration: "true" cron: "0 * * * *" skip_report: false @@ -139,7 +136,6 @@ periodics: # runs on schedule prow.k8s.io/pubsub.project: "sap-kyma-prow" prow.k8s.io/pubsub.runID: "orphaned-vms-cleaner" prow.k8s.io/pubsub.topic: "prowjobs" - preset-gc-project-env: "true" preset-sa-gke-kyma-integration: "true" cron: "15,45 * * * *" skip_report: false @@ -172,7 +168,6 @@ periodics: # runs on schedule prow.k8s.io/pubsub.project: "sap-kyma-prow" prow.k8s.io/pubsub.runID: "orphaned-loadbalancer-cleaner" prow.k8s.io/pubsub.topic: "prowjobs" - preset-gc-project-env: "true" preset-sa-gke-kyma-integration: "true" cron: "15 * * * *" skip_report: false