Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup of the repository from kyma-incubator org staff #11810

Merged
merged 3 commits into from
Sep 6, 2024
Merged

Cleanup of the repository from kyma-incubator org staff #11810

merged 3 commits into from
Sep 6, 2024

Conversation

Sawthis
Copy link
Contributor

@Sawthis Sawthis commented Sep 6, 2024

Description

Part 1, I will clean up the .md files and terraform configs in the separate pull requests.

Changes proposed in this pull request:

  • Cleanup of the repository from kyma-incubator org staff

Related issue(s)

#11711

@Sawthis Sawthis requested review from neighbors-dev-bot and a team as code owners September 6, 2024 13:20
@kyma-bot kyma-bot added cla: yes Indicates the PR's author has signed the CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Sep 6, 2024
@kyma-bot
Copy link
Contributor

kyma-bot commented Sep 6, 2024

Plan Result

CI link

Plan: 1 to add, 2 to change, 0 to destroy.
  • Create
    • google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer
  • Update
    • google_service_account.sa_gke_kyma_integration
    • module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner
Change Result (Click me) 
  # google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer will be created
  + resource "google_artifact_registry_repository_iam_member" "image_syncer_prod_repo_writer" {
      + etag       = (known after apply)
      + id         = (known after apply)
      + location   = "europe"
      + member     = "principalSet://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/attribute.reusable_workflow_run/event_name:push:repository_owner_id:39153523:reusable_workflow_ref:kyma-project/test-infra/.github/workflows/image-syncer.yml@refs/heads/main"
      + project    = (known after apply)
      + repository = "prod"
      + role       = "roles/artifactregistry.createOnPushWriter"
    }

  # google_service_account.sa_gke_kyma_integration will be updated in-place
  ~ resource "google_service_account" "sa_gke_kyma_integration" {
      ~ description  = "Service account is used by Prow to integrate with GKE. Will be removed with Prow" -> "Service account is used by Prow to integrate with GKE."
        id           = "projects/sap-kyma-prow/serviceAccounts/[email protected]"
        name         = "projects/sap-kyma-prow/serviceAccounts/[email protected]"
        # (7 unchanged attributes hidden)
    }

  # module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner will be updated in-place
  ~ resource "google_cloud_scheduler_job" "service_account_keys_cleaner" {
        id               = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner"
        name             = "service-account-keys-cleaner"
        # (8 unchanged attributes hidden)

      ~ http_target {
          ~ uri         = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24" -> "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24"
            # (2 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }
    }

Plan: 1 to add, 2 to change, 0 to destroy.

@kyma-bot kyma-bot added the lgtm Looks good to me! label Sep 6, 2024
@kyma-bot kyma-bot merged commit 4ae86ff into kyma-project:main Sep 6, 2024
8 checks passed
@kyma-bot
Copy link
Contributor

kyma-bot commented Sep 6, 2024

@Sawthis: Updated the following 3 configmaps:

  • config configmap in namespace default at cluster default using the following files:
    • key config.yaml using file prow/config.yaml
  • job-config configmap in namespace default at cluster default using the following files:
    • key pjconfigtests.yaml using file prow/jobs/kyma-project/test-infra/pjconfigtests.yaml
    • key pjtester.yaml using file prow/jobs/kyma-project/test-infra/pjtester.yaml
  • plugins configmap in namespace default at cluster default using the following files:
    • key plugins.yaml using file prow/plugins.yaml

In response to this:

Description

Part 1, I will clean up the .md files and terraform configs in the separate pull requests.

Changes proposed in this pull request:

  • Cleanup of the repository from kyma-incubator org staff

Related issue(s)

#11711

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kyma-bot
Copy link
Contributor

kyma-bot commented Sep 6, 2024

❌ Apply Result

CI link

Error: Error retrieving IAM policy for artifactregistry repository "projects/sap-kyma-prow/locations/europe/repositories/prod": googleapi: Error 403: The caller does not have permission

  with google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer,
  on image-syncer.tf line 1, in resource "google_artifact_registry_repository_iam_member" "image_syncer_prod_repo_writer":
   1: resource "google_artifact_registry_repository_iam_member" "image_syncer_prod_repo_writer" {
Details (Click me) 
Acquiring state lock. This may take a few moments...
data.kubectl_file_documents.automated_approver_rules: Reading...
data.kubectl_file_documents.automated_approver: Reading...
data.kubectl_file_documents.automated_approver_rules: Read complete after 0s [id=48d07f870c26a37d3a48229fcc9cd29ae14bea83cf200e4e8326e5d755a1e790]
data.kubectl_file_documents.automated_approver: Read complete after 0s [id=bb4339c7f8acd45bf0878a9e5e2f7643867f9356581b6099355995401b87d6df]
data.github_repository.test_infra: Reading...
data.github_repository.gitleaks_repository["test-infra"]: Reading...
github_actions_variable.github_terraform_executor_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_EXECUTOR_SECRET_NAME]
github_actions_variable.github_terraform_planner_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_PLANNER_SECRET_NAME]
data.github_organization.kyma-project: Reading...
github_actions_organization_variable.image_builder_ado_pat_gcp_secret_name: Refreshing state... [id=IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME]
github_actions_organization_variable.gcp_kyma_project_project_id: Refreshing state... [id=GCP_KYMA_PROJECT_PROJECT_ID]
module.cors_proxy.data.google_project.project: Reading...
data.google_container_cluster.prow_k8s_cluster: Reading...
data.google_pubsub_topic.secret-manager-notifications-topic: Reading...
google_service_account.gencred-refresher: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gencred-refresher@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prowjob-gcp-logging-client: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prowjob-gcp-logging-client@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.counduit-cli-bucket: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/counduit-cli-bucket@sap-kyma-prow.iam.gserviceaccount.com]
google_pubsub_topic.secrets_rotator_dead_letter: Refreshing state... [id=projects/sap-kyma-prow/topics/secrets-rotator-dead-letter]
data.google_pubsub_topic.secret-manager-notifications-topic: Read complete after 0s [id=projects/sap-kyma-prow/topics/secret-manager-notifications]
google_service_account.sa-dev-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-dev-kyma-project@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.gitleaks_secret_accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.gcr-cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gcr-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.kyma-submission-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-submission-pipeline@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.data.google_iam_policy.noauth: Reading...
module.cors_proxy.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
module.github_webhook_gateway.data.google_project.project: Reading...
google_service_account.sa-vm-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-vm-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gke-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.google_service_account.github_webhook_gateway: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.secret-manager-untrusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-untrusted@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prow-job-resource-cleaners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-job-resource-cleaners@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_service_account.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.untrusted_workload_k8s_cluster: Reading...
module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading...
google_service_account.sa-kyma-artifacts: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-artifacts@sap-kyma-prow.iam.gserviceaccount.com]
data.google_client_config.gcp: Reading...
module.github_webhook_gateway.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Reading...
google_service_account.sa-prow-pubsub: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-pubsub@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.terraform-planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token]
module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token]
google_service_account.secret-manager-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-trusted@sap-kyma-prow.iam.gserviceaccount.com]
data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/<null>]
module.service_account_keys_cleaner.data.google_project.project: Reading...
google_container_cluster.trusted_workload: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow]
module.github_webhook_gateway.data.google_iam_policy.noauth: Reading...
module.github_webhook_gateway.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
google_service_account.sa-kyma-dns-serviceuser: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-dns-serviceuser@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prow-deploy: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-deploy@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_service_identity.pubsub_identity_agent: Refreshing state... [id=projects/sap-kyma-prow/services/pubsub.googleapis.com]
module.security_dashboard_token.data.google_project.project: Reading...
google_service_account.neighbors-conduit-cli-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/neighbors-conduit-cli-builder@sap-kyma-prow.iam.gserviceaccount.com]
data.github_repository.test_infra: Read complete after 1s [id=test-infra]
google_service_account.sa-gcr-kyma-project-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcr-kyma-project-trusted@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.sa-security-dashboard-oauth: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-security-dashboard-oauth@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.terraform-executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-secret-update: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-secret-update@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
data.github_repository.gitleaks_repository["test-infra"]: Read complete after 2s [id=test-infra]
module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Reading...
google_service_account.secrets-rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com]
google_dns_managed_zone.build_kyma: Refreshing state... [id=projects/sap-kyma-prow/managedZones/build-kyma]
module.security_dashboard_token.data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow]
google_service_account.terraform_planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.data.google_iam_policy.noauth: Reading...
module.security_dashboard_token.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
google_service_account.kyma-compliance-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-compliance-pipeline@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.control-plane: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/control-plane@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gardener-logs: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gardener-logs@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa_gke_kyma_integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret]
data.google_container_cluster.trusted_workload_k8s_cluster: Reading...
google_service_account.firebase-adminsdk-udzxq: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/firebase-adminsdk-udzxq@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma-oci-image-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-oci-image-builder@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.data.google_project.project: Reading...
google_service_account.kyma-security-scanners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-security-scanners@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.gitleaks-secret-accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.google_cloud_run_service.security_dashboard_token: Refreshing state... [id=locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token]
google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/17360148176148949136]
google_service_account.sa-gcs-plank: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcs-plank@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.google_cloud_run_service.cors_proxy: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy]
module.service_account_keys_rotator.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.sa-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-project@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.google_pubsub_topic.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled]
google_service_account.secret-manager-prow: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-prow@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_service_account.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.artifact_registry["modules-internal"].data.google_client_config.this: Reading...
google_artifact_registry_repository.prod_docker_repository: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod]
module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner]
module.artifact_registry["modules-internal"].data.google_client_config.this: Read complete after 0s [id=projects/"kyma-project"/regions/"europe-west4"/zones/<null>]
module.github_webhook_gateway.google_secret_manager_secret_iam_member.gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.prow_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secrets_versions_manager: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionManager/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secret_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_sa_keys_admin: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.data.google_iam_policy.run_invoker: Reading...
module.slack_message_sender.data.google_iam_policy.run_invoker: Read complete after 0s [id=1526577908]
module.slack_message_sender.google_secret_manager_secret_iam_member.slack_msg_sender_common_slack_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/common-slack-bot-token/roles/secretmanager.secretAccessor/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.google_project_iam_member.project_run_invoker: Refreshing state... [id=sap-kyma-prow/roles/run.invoker/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
github_actions_variable.gcp_terraform_planner_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_PLANNER_SERVICE_ACCOUNT_EMAIL]
google_project_iam_member.terraform_planner_workloads_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow-workloads/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/iam.securityReviewer"]: Refreshing state... [id=sap-kyma-prow/roles/iam.securityReviewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/container.developer"]: Refreshing state... [id=sap-kyma-prow/roles/container.developer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/storage.objectViewer"]: Refreshing state... [id=sap-kyma-prow/roles/storage.objectViewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_storage_bucket_iam_binding.planner_state_bucket_write_access: Refreshing state... [id=b/tf-state-kyma-project/roles/storage.objectUser]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account_iam_binding.terraform_planner_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
module.github_webhook_gateway.google_secret_manager_secret_iam_member.webhook_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret/roles/secretmanager.secretAccessor/serviceAccount:github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_binding.dns_collector_container_analysis_occurrences_viewer: Refreshing state... [id=sap-kyma-prow/roles/containeranalysis.occurrences.viewer]
data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 3s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow]
google_project_iam_binding.dns_collector_bucket_get: Refreshing state... [id=sap-kyma-prow/projects/sap-kyma-prow/roles/BucketGet]
google_project_iam_binding.dns_collector_dns_reader: Refreshing state... [id=sap-kyma-prow/roles/dns.reader]
google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_project_iam_member.terraform_executor_workloads_project_owner: Refreshing state... [id=sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
github_actions_variable.gcp_terraform_executor_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL]
google_project_iam_member.terraform_executor_prow_project_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_iam_binding.pubsub_project_token_creator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountTokenCreator]
module.github_webhook_gateway.google_pubsub_topic_iam_binding.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled/roles/pubsub.publisher]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_adder: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionAdder/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_accessor: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretAccessor/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_cloud_run_service.service_account_keys_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-rotator]
module.service_account_keys_rotator.google_project_iam_member.service_account_keys_rotator: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.service_account_keys_cleaner_workloads_project: Refreshing state... [id=sap-kyma-prow-workloads/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.artifact_registry["modules-internal"].google_artifact_registry_repository.artifact_registry: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/modules-internal]
module.gh_com_kyma_project_workload_identity_federation.g

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

system\"\n  parameters:\n    images:\n      - \"ghcr.io/external-secrets/external-secrets\"\n      - \"openpolicyagent/gatekeeper\"\n      - \"eu.gcr.io/kyma-project\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/kyma-project\"\n      - \"europe-west3-docker.pkg.dev/sap-kyma-neighbors-dev\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8sallowedimageses/prow-tools-namespaces]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPSeccomp\nmetadata:\n  name: psp-seccomp\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    allowedProfiles:\n      - runtime/default\n      - docker/default\n    exemptImages:\n      - \"gcr.io/k8s-prow/entrypoint:*\"\n      - \"gcr.io/k8s-prow/initupload:*\"\n      - \"gcr.io/k8s-prow/clonerefs:*\"\n      - \"gcr.io/k8s-prow/sidecar:*\"\n      - \"aquasec/trivy:*\"\n      - \"eu.gcr.io/kyma-project/prow/cleaner:*\"\n      - \"eu.gcr.io/kyma-project/test-infra/bootstrap:*\"\n      - \"eu.gcr.io/kyma-project/test-infra/buildpack-golang:*\"\n      - \"eu.gcr.io/kyma-project/test-infra/gardener-rotate:*\"\n      - \"eu.gcr.io/kyma-project/test-infra/golangci-lint:*\"\n      - \"eu.gcr.io/kyma-project/test-infra/kyma-integration:*\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/buildkit-image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-k3d:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/test-infra/prow-tools:*\"\n      - \"gcr.io/k8s-prow/generic-autobumper:*\"\n      - \"gcr.io/k8s-prow/ghproxy:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-gcloud:*\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spspseccomps/psp-seccomp]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: pjtester-kubeconfig\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n  parameters:\n    restrictedSecrets:\n      - pjtester-kubeconfig\n      - pjtester-github-oauth-token\n    trustedImages:\n      # pull-test-infra-pjtester\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/pjtester:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\/ko-app\\/pjtester\",\"--github-token-path=\\/etc\\/github\\/oauth\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/secrettrustedusages/pjtester-kubeconfig]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPAppArmor\nmetadata:\n  name: psp-apparmor\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    allowedProfiles:\n      - runtime/default\n    exemptImages:\n      - \"eu.gcr.io/sap-kyma-neighbors-dev/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/buildkit-image-builder:*\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spspapparmors/psp-apparmor]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPCapabilities\nmetadata:\n  name: capabilities\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  # we're not using capabilities"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spspcapabilitieses/capabilities]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPPrivilegedContainer\nmetadata:\n  name: psp-privileged-container\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    exemptImages:\n      - \"gcr.io/k8s-prow/entrypoint:*\"\n      - \"gcr.io/k8s-prow/initupload:*\"\n      - \"gcr.io/k8s-prow/clonerefs:*\"\n      - \"gcr.io/k8s-prow/sidecar:*\"\n      - \"aquasec/trivy:*\"\n      - \"eu.gcr.io/kyma-project/test-infra/gardener-rotate:*\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/buildkit-image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-k3d:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spspprivilegedcontainers/psp-privileged-container]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPAllowPrivilegeEscalationContainer\nmetadata:\n  name: psp-allow-privilege-escalation-container\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    exemptImages:\n      - gcr.io/k8s-prow/entrypoint:*\n      - gcr.io/k8s-prow/initupload:*\n      - gcr.io/k8s-prow/clonerefs:*\n      - gcr.io/k8s-prow/sidecar:*\n      - \"aquasec/trivy:*\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/buildkit-image-builder:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-k3d:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-nodejs:*\"\n      - \"europe-docker.pkg.dev/kyma-project/prod/test-infra/prow-tools:*\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spspallowprivilegeescalationcontainers/psp-allow-privilege-escalation-container]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPHostNetworkingPorts\nmetadata:\n  name: psp-host-network-ports\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  # we're not using any hostNetwork option in prowjobs"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spsphostnetworkingportses/psp-host-network-ports]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Allow only images needed to run prowjobs.\n\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sAllowedImages\nmetadata:\n  name: prow-prowjobs-namespace\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    images:\n      - \"docker.io/aquasec/trivy\"\n      - \"docker.io/zricethezav/gitleaks\"\n      - \"docker.io/maven\"\n      - \"gcr.io/k8s-prow/gencred\"\n      - \"eu.gcr.io/kyma-project\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/kyma-project\"\n      - \"europe-west3-docker.pkg.dev/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli\"\n      - \"gcr.io/k8s-prow\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8sallowedimageses/prow-prowjobs-namespace]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on Prow cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: image-builder-ado\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [ \"\" ]\n        kinds: [ \"Pod\" ]\n  parameters:\n    restrictedSecrets:\n      - image-builder-ado-secret\n    trustedImages:\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/image-builder:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":\\[\"\\/image-builder\",\"--name=.+\",\"--config=\\/config\\/kaniko-build-config\\.yaml\",\"--context=.+\",\"--dockerfile=.+\",\"--build-in-ado=true\"\\],\"container_name\":\"test\",.*}$'"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/secrettrustedusages/image-builder-ado]
module.trusted_workload_gatekeeper.kubectl_manifest.constraints["apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sPSPHostFilesystem\nmetadata:\n  name: psp-host-filesystem\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    allowedHostPaths:\n      - pathPrefix: \"/lib/modules\"\n      - pathPrefix: \"/sys/fs/cgroup\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8spsphostfilesystems/psp-host-filesystem]
module.secrets_leaks_log_scanner.data.google_storage_bucket.kyma_prow_logs: Reading...
module.secrets_leaks_log_scanner.google_storage_bucket.kyma_prow_logs_secured: Refreshing state... [id=kyma-prow-logs-secured]
module.secrets_leaks_log_scanner.google_service_account.secrets_leak_log_scanner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-leak-log-scanner@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_service_account.github_issue_finder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-issue-finder@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_service_account.gcs_bucket_mover: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_project.project: Reading...
module.secrets_leaks_log_scanner.google_service_account.github_issue_creator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-issue-creator@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_service_account.secrets_leak_detector: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading...
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.github_issue_creator: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/4186084580898851199]
module.secrets_leaks_log_scanner.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token]
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.gcs_bucket_mover: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/14829426496191956253]
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.github_issue_finder: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/7170185124964513561]
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.secrets_leak_log_scanner: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/4186084580898851963]
module.secrets_leaks_log_scanner.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
module.secrets_leaks_log_scanner.google_secret_manager_secret_iam_member.gh_issue_finder_gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-issue-finder@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_cloud_run_service.secrets_leak_log_scanner: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/secrets-leak-log-scanner]
module.secrets_leaks_log_scanner.google_secret_manager_secret_iam_member.gh_issue_creator_gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-issue-creator@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_project_iam_member.project_log_writer: Refreshing state... [id=projects/sap-kyma-prow/roles/logging.logWriter/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_iam_policy.run_invoker: Reading...
module.secrets_leaks_log_scanner.data.google_iam_policy.run_invoker: Read complete after 0s [id=735823064]
module.secrets_leaks_log_scanner.google_project_iam_member.project_workflows_invoker: Refreshing state... [id=projects/sap-kyma-prow/roles/workflows.invoker/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_cloud_run_service.gcs_bucket_mover: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/gcs-bucket-mover]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.kyma_prow_logs_secured_object_admin: Refreshing state... [id=b/kyma-prow-logs-secured/roles/storage.objectAdmin/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_cloud_run_service.github_issue_finder: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-finder]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.secrets_leak_log_scanner: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/secrets-leak-log-scanner]
module.secrets_leaks_log_scanner.google_cloud_run_service.github_issue_creator: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-creator]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.gcs_bucket_mover: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/gcs-bucket-mover]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.github_issue_finder: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/github-issue-finder]
module.secrets_leaks_log_scanner.data.google_storage_bucket.kyma_prow_logs: Read complete after 0s [id=kyma-prow-logs]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.kyma_prow_logs_object_admin: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectAdmin/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.kyma_prow_logs_viewer: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectViewer/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.secrets_leak_detector: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectViewer/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.github_issue_creator: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/github-issue-creator]
module.secrets_leaks_log_scanner.google_workflows_workflow.secrets_leak_detector: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/workflows/secrets-leak-detector]
module.secrets_leaks_log_scanner.google_eventarc_trigger.secrets_leak_detector_workflow: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/triggers/secrets-leak-detector]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

OpenTofu will perform the following actions:

  # google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer will be created
  + resource "google_artifact_registry_repository_iam_member" "image_syncer_prod_repo_writer" {
      + etag       = (known after apply)
      + id         = (known after apply)
      + location   = "europe"
      + member     = "principalSet://iam.googleapis.com/projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/attribute.reusable_workflow_run/event_name:push:repository_owner_id:39153523:reusable_workflow_ref:kyma-project/test-infra/.github/workflows/image-syncer.yml@refs/heads/main"
      + project    = (known after apply)
      + repository = "prod"
      + role       = "roles/artifactregistry.createOnPushWriter"
    }

  # google_service_account.sa_gke_kyma_integration will be updated in-place
  ~ resource "google_service_account" "sa_gke_kyma_integration" {
      ~ description  = "Service account is used by Prow to integrate with GKE. Will be removed with Prow" -> "Service account is used by Prow to integrate with GKE."
        id           = "projects/sap-kyma-prow/serviceAccounts/[email protected]"
        name         = "projects/sap-kyma-prow/serviceAccounts/[email protected]"
        # (7 unchanged attributes hidden)
    }

  # module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner will be updated in-place
  ~ resource "google_cloud_scheduler_job" "service_account_keys_cleaner" {
        id               = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner"
        name             = "service-account-keys-cleaner"
        # (8 unchanged attributes hidden)

      ~ http_target {
          ~ uri         = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24" -> "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24"
            # (2 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }
    }

Plan: 1 to add, 2 to change, 0 to destroy.
google_service_account.sa_gke_kyma_integration: Modifying... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer: Creating...
module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner: Modifying... [id=projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner]
google_service_account.sa_gke_kyma_integration: Modifications complete after 5s [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_cloud_scheduler_job.service_account_keys_cleaner: Modifications complete after 7s [id=projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner]

Error: Error retrieving IAM policy for artifactregistry repository "projects/sap-kyma-prow/locations/europe/repositories/prod": googleapi: Error 403: The caller does not have permission

  with google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer,
  on image-syncer.tf line 1, in resource "google_artifact_registry_repository_iam_member" "image_syncer_prod_repo_writer":
   1: resource "google_artifact_registry_repository_iam_member" "image_syncer_prod_repo_writer" {

`

@Sawthis Sawthis assigned Sawthis and unassigned dekiel Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekiel dekiel dekiel approved these changes

@neighbors-dev-bot neighbors-dev-bot Awaiting requested review from neighbors-dev-bot neighbors-dev-bot is a code owner

@KacperMalachowski KacperMalachowski Awaiting requested review from KacperMalachowski KacperMalachowski is a code owner automatically assigned from kyma-project/prow

Assignees

@Sawthis Sawthis

Labels
add-or-update cla: yes Indicates the PR's author has signed the CLA. lgtm Looks good to me! size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Sawthis @kyma-bot @dekiel