Adjust terraform to store cleanup policies #11915

akiioto · 2024-09-16T12:20:44Z

Description

Changes proposed in this pull request:

...
...
...

Related issue(s)

kyma-bot · 2024-09-16T12:22:30Z

Plan Result

Plan: 1 to import, 0 to add, 2 to change, 0 to destroy.

Update
- google_artifact_registry_repository.dockerhub_mirror
- google_service_account.kyma_project_image_builder

Change Result (Click me)

  # google_artifact_registry_repository.dockerhub_mirror will be updated in-place
  ~ resource "google_artifact_registry_repository" "dockerhub_mirror" {
      ~ description            = "Remote repository mirroring Docker Hub" -> "Remote repository mirroring Docker Hub. For more details, see https://github.tools.sap/kyma/oci-image-builder/blob/main/README.md"
        id                     = "projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror"
        name                   = "dockerhub-mirror"
        # (11 unchanged attributes hidden)

      + cleanup_policies {
          + action = "DELETE"
          + id     = "cleanup-old-images"

          + condition {
              + older_than            = "730d"
              + package_name_prefixes = []
              + tag_prefixes          = []
              + tag_state             = "ANY"
              + version_name_prefixes = []
            }
        }

        # (1 unchanged block hidden)
    }

  # google_service_account.kyma_project_image_builder will be updated in-place
  # (imported from "projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com")
  ~ resource "google_service_account" "kyma_project_image_builder" {
        account_id   = "azure-pipeline-image-builder"
        description  = "OCI image builder running in kyma development service azure pipelines"
        disabled     = false
      - display_name = "azure-pipeline-image-builder" -> null
        email        = "azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        id           = "projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        member       = "serviceAccount:azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        name         = "projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        project      = "kyma-project"
        unique_id    = "103311426355882746849"
    }

Plan: 1 to import, 0 to add, 2 to change, 0 to destroy.

Changes to Outputs:
  ~ service_account_keys_cleaner                        = {
      ~ service_account_keys_cleaner_secheduler        = {
          ~ http_target            = [
              ~ {
                  ~ uri         = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24" -> "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24"
                    # (5 unchanged attributes hidden)
                },
            ]
            id                     = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner"
            name                   = "service-account-keys-cleaner"
            # (12 unchanged attributes hidden)
        }
        # (2 unchanged attributes hidden)
    }

configs/terraform/environments/prod/image-builder.tf

configs/terraform/modules/service-account-keys-cleaner/main.tf

configs/terraform/environments/prod/image-builder-variables.tf

Co-authored-by: Przemek Pokrywka <12400578+dekiel@users.noreply.github.com>

dekiel

I did realize that using variables for import resources in config might be dangerous. If someone will change variables values, the import will be executed with different values. I think we should use an explicit values in import or remove it from config.

kyma-bot · 2024-10-02T19:30:40Z

❌ Apply Result

CI link

Error: Error updating Repository "projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror": googleapi: Error 400: Invalid value at 'repository.cleanup_policies[0].value.condition.older_than' (type.googleapis.com/google.protobuf.Duration), Field 'olderThan', Illegal duration format; duration must end with 's'
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid value at 'repository.cleanup_policies[0].value.condition.older_than' (type.googleapis.com/google.protobuf.Duration), Field 'olderThan', Illegal duration format; duration must end with 's'",
        "field": "repository.cleanup_policies[0].value.condition.older_than"
      }
    ]
  }
]

  with google_artifact_registry_repository.dockerhub_mirror,
  on image-builder.tf line 91, in resource "google_artifact_registry_repository" "dockerhub_mirror":
  91: resource "google_artifact_registry_repository" "dockerhub_mirror" {

Details (Click me)

Acquiring state lock. This may take a few moments...
data.kubectl_file_documents.automated_approver: Reading...
data.kubectl_file_documents.automated_approver: Read complete after 0s [id=ed38f2620ee46d0da5a3bc85dbda9399ab55c6df444158f69835bff7036e69c5]
data.kubectl_file_documents.automated_approver_rules: Reading...
data.kubectl_file_documents.automated_approver_rules: Read complete after 0s [id=48d07f870c26a37d3a48229fcc9cd29ae14bea83cf200e4e8326e5d755a1e790]
github_actions_variable.github_terraform_executor_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_EXECUTOR_SECRET_NAME]
github_actions_organization_variable.image_builder_ado_pat_gcp_secret_name: Refreshing state... [id=IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME]
data.github_repository.test_infra: Reading...
data.github_repository.gitleaks_repository["test-infra"]: Reading...
data.github_organization.kyma-project: Reading...
github_actions_organization_variable.gcp_kyma_project_project_id: Refreshing state... [id=GCP_KYMA_PROJECT_PROJECT_ID]
github_actions_variable.github_terraform_planner_secret_name: Refreshing state... [id=test-infra:GH_TERRAFORM_PLANNER_SECRET_NAME]
google_service_account.kyma_project_image_builder: Preparing import... [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com]
module.artifact_registry["modules-internal"].data.google_client_config.this: Reading...
google_service_account.kyma_project_image_builder: Refreshing state... [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com]
google_artifact_registry_repository.prod_docker_repository: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod]
module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Reading...
module.service_account_keys_cleaner.google_service_account.service_account_keys_cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.trusted_workload_k8s_cluster: Reading...
module.artifact_registry["modules-internal"].data.google_client_config.this: Read complete after 0s [id=projects/"kyma-project"/regions/"europe-west4"/zones/<null>]
google_service_account.secret-manager-untrusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-untrusted@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.data.google_secret_manager_secret.common_slack_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token]
google_service_account.kyma-security-scanners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-security-scanners@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.terraform_planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.data.google_iam_policy.noauth: Reading...
module.cors_proxy.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
module.cors_proxy.google_cloud_run_service.cors_proxy: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/cors-proxy]
google_service_account.gitleaks_secret_accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.data.google_iam_policy.noauth: Reading...
module.github_webhook_gateway.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
google_service_account.sa-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-project@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-secret-update: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-secret-update@sap-kyma-prow.iam.gserviceaccount.com]
module.signify_secret_rotator.google_service_account.signify_secret_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/signify-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.data.google_iam_policy.noauth: Reading...
module.security_dashboard_token.data.google_iam_policy.noauth: Read complete after 0s [id=3450855414]
google_service_account.firebase-adminsdk-udzxq: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/firebase-adminsdk-udzxq@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-kyma-artifacts: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-artifacts@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.image_syncer_reader: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/image-syncer-reader@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.data.google_project.project: Reading...
google_container_cluster.trusted_workload: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow]
google_service_account.kyma-submission-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-submission-pipeline@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.terraform-executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-vm-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-vm-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.neighbors-conduit-cli-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/neighbors-conduit-cli-builder@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading...
google_service_account.control-plane: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/control-plane@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.untrusted_workload_k8s_cluster: Reading...
module.slack_message_sender.google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/17360148176148949136]
module.github_webhook_gateway.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token]
google_service_account.terraform-planner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.cors_proxy.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.image_syncer_writer: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/image-syncer-writer@sap-kyma-prow.iam.gserviceaccount.com]
google_pubsub_topic.secrets_rotator_dead_letter: Refreshing state... [id=projects/sap-kyma-prow/topics/secrets-rotator-dead-letter]
module.security_dashboard_token.google_cloud_run_service.security_dashboard_token: Refreshing state... [id=locations/europe-west1/namespaces/sap-kyma-prow/services/security-dashboard-token]
module.github_webhook_gateway.data.google_project.project: Reading...
google_artifact_registry_repository.dockerhub_mirror: Refreshing state... [id=projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror]
google_service_account.sa-prow-deploy: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-deploy@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.secrets-rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.signify_secret_rotator.data.google_project.project: Reading...
module.github_webhook_gateway.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.sa-gke-kyma-integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gcs-plank: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcs-plank@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
data.github_repository.test_infra: Read complete after 2s [id=test-infra]
module.service_account_keys_cleaner.data.google_project.project: Reading...
module.signify_secret_rotator.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
data.google_container_cluster.prow_k8s_cluster: Reading...
module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Reading...
data.github_repository.gitleaks_repository["test-infra"]: Read complete after 2s [id=test-infra]
module.service_account_keys_rotator.data.google_project.project: Reading...
module.github_webhook_gateway.data.google_secret_manager_secret.webhook_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/sap-tools-github-backlog-webhook-secret]
module.security_dashboard_token.data.google_project.project: Reading...
module.service_account_keys_cleaner.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.secret-manager-prow: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-prow@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gcr-kyma-project-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gcr-kyma-project-trusted@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.sa-dev-kyma-project: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-dev-kyma-project@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.google_pubsub_topic.issue_labeled: Refreshing state... [id=projects/sap-kyma-prow/topics/issue-labeled]
google_service_account.counduit-cli-bucket: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/counduit-cli-bucket@sap-kyma-prow.iam.gserviceaccount.com]
data.google_pubsub_topic.secret-manager-notifications-topic: Reading...
google_service_account.secret-manager-trusted: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secret-manager-trusted@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-kyma-dns-serviceuser: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-kyma-dns-serviceuser@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
google_service_account.sa_gke_kyma_integration: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prowjob-gcp-logging-client: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prowjob-gcp-logging-client@sap-kyma-prow.iam.gserviceaccount.com]
module.slack_message_sender.google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_rotator.google_service_account.service_account_keys_rotator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-keys-rotator@sap-kyma-prow.iam.gserviceaccount.com]
data.google_pubsub_topic.secret-manager-notifications-topic: Read complete after 0s [id=projects/sap-kyma-prow/topics/secret-manager-notifications]
data.google_client_config.gcp: Reading...
google_service_account.gcr-cleaner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gcr-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-security-dashboard-oauth: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-security-dashboard-oauth@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma-compliance-pipeline: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-compliance-pipeline@sap-kyma-prow.iam.gserviceaccount.com]
module.github_webhook_gateway.google_service_account.github_webhook_gateway: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-webhook-gateway@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prow-pubsub: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-pubsub@sap-kyma-prow.iam.gserviceaccount.com]
google_dns_managed_zone.build_kyma: Refreshing state... [id=projects/sap-kyma-prow/managedZones/build-kyma]
google_service_account.gitleaks-secret-accesor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gitleaks-secret-accesor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma-oci-image-builder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/kyma-oci-image-builder@sap-kyma-prow.iam.gserviceaccount.com]
data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/<null>]
module.service_account_keys_rotator.google_project_service_identity.pubsub_identity_agent: Refreshing state... [id=projects/sap-kyma-prow/services/pubsub.googleapis.com]
google_service_account.gencred-refresher: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gencred-refresher@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-prow-job-resource-cleaners: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/sa-prow-job-resource-cleaners@sap-kyma-prow.iam.gserviceaccount.com]
module.artifact_registry["modules-internal"].google_artifact_registry_repository.artifact_registry: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/modules-internal]
module.service_account_keys_cleaner.google_cloud_run_service.service_account_keys_cleaner: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/service-account-keys-cleaner]
google_storage_bucket_iam_binding.planner_state_bucket_write_access: Refreshing state... [id=b/tf-state-kyma-project/roles/storage.objectUser]
github_actions_variable.gcp_terraform_planner_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_PLANNER_SERVICE_ACCOUNT_EMAIL]
data.google_container_cluster.trusted_workload_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west4/clusters/trusted-workload-kyma-prow]
google_project_iam_member.terraform_planner_workloads_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow-workloads/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 2s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow]
google_service_account_iam_binding.terraform_planner_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-planner@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/storage.objectViewer"]: Refreshing state... [id=sap-kyma-prow/roles/storage.objectViewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/container.developer"]: Refreshing state... [id=sap-kyma-prow/roles/container.developer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/iam.securityReviewer"]: Refreshing state... [id=sap-kyma-prow/roles/iam.securityReviewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.prow_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow]
google_project_iam_member.terraform_planner_prow_project_read_access["roles/viewer"]: Refreshing state... [id=sap-kyma-prow/roles/viewer/serviceAccount:terraform-planner@sap-kyma-prow.iam.gserviceaccount.com]
module.signify_secret_rotator.google_cloud_run_service.signify_secret_rotator: Refreshing state... [id=locations/europe-west4/namespaces/sap-kyma-prow/services/signify-secret-rotator]
github_actions_organization_variable.image_syncer_reader_service_account_email: Refreshing state... [id=IMAGE_SYNCER_READER_SERVICE_ACCOUNT_EMAIL]
google_artifact_registry_repository_iam_member.image_syncer_prod_repo_reader: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod/roles/artifactregistry.reader/serviceAccount:image-syncer-reader@sap-kyma-prow.iam.gserviceaccount.com]
google_artifact_registry_repository_iam_member.image_syncer_prod_repo_writer: Refreshing state... [id=projects/kyma-project/locations/europe/repositories/prod/roles/artifactregistry.createOnPushWriter/serviceAccount:image-syncer-writer@sap-kyma-prow.iam.gserviceaccount.com]
github_actions_organization_variable.image_syncer_writer_service_account_email: Refreshing state... [id=IMAGE_SYNCER_WRITER_SERVICE_ACCOUNT_EMAIL]
module.cors_proxy.google_cloud_run_service_iam_policy.noauth: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/cors-proxy]
github_actions_variable.kyma_autobump_bot_github_token_secret_name: Refreshing state... [id=test-infra:KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME]
google_project_iam_member.terraform_executor_workloads_project_owner: Refreshing state... [id=sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
github_actions_variable.gcp_terraform_executor_service_account_email: Refreshing state... [id=test-infra:GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL]
google_project_iam_member.terraform_executor_prow_project_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
module.signify_secret_rotator.google_project_iam_member.signify_secret_rotator_secret_version_accessor: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretAccessor/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.signify_secret_rotator.google_project_iam_member.signify_secret_rotator_secret_version_adder: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionAdder/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.signify_secret_rotator.google_project_iam_member.service_account_keys_rotator_secret_version_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:signify-rotator@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secret_viewer: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.viewer/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_sa_keys_admin: Refreshing state... [id=sap-kyma-prow/roles/iam.serviceAccountKeyAdmin/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.service_account_keys_cleaner.google_project_iam_member.service_account_keys_cleaner_secrets_versions_manager: Refreshing state... [id=sap-kyma-prow/roles/secretmanager.secretVersionManager/serviceAccount:sa-keys-cleaner@sap-kyma-prow.iam.gserviceaccount.com]
module.security_dashboard_token.google_cloud_run_service_iam_policy.noauth: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west1/services/security-dashboard-token]
google_artifact_registry_repository_iam_member.dockerhub_mirror_acce

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

n: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n  parameters:\n    restrictedSecrets:\n      - pjtester-kubeconfig\n      - pjtester-github-oauth-token\n    trustedImages:\n      # pull-test-infra-pjtester\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/pjtester:*\"\n        command:\n          - /tools/entrypoint\n        args: []\n        entrypoint_options: '^{.*\"args\":\\[\"\\/ko-app\\/pjtester\",\"--github-token-path=\\/etc\\/github\\/oauth\"\\],\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: []\n        args: []"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/secrettrustedusages/pjtester-kubeconfig]
module.untrusted_workload_gatekeeper.kubectl_manifest.constraints["# Allow images needed to run supporting tools in Prow workload clusters.\n\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sAllowedImages\nmetadata:\n  name: prow-tools-namespaces\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"external-secrets\"\n      - \"gatekeeper-system\"\n  parameters:\n    images:\n      - \"ghcr.io/external-secrets/external-secrets\"\n      - \"openpolicyagent/gatekeeper\"\n      - \"eu.gcr.io/kyma-project\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/kyma-project\"\n      - \"europe-west3-docker.pkg.dev/sap-kyma-neighbors-dev\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8sallowedimageses/prow-tools-namespaces]
module.untrusted_workload_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only trusted usage of sa-kyma-push-images gcp service account which has permissions to write images in kyma production oci registry.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: SecretTrustedUsage\nmetadata:\n  name: sa-kyma-push-images\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    restrictedSecrets:\n      # usually provided with preset-sa-kyma-push-images\n      - sa-kyma-push-images\n    trustedImages:\n      - image: \"eu.gcr.io/sap-kyma-neighbors-dev/image-builder:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":\\[.*\"\\/image-builder\".*,\"--config=/config/kaniko-build-config.yaml\".*\\],\"container_name\":\"test\",.*}$'\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/image-builder:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":\\[.*\"\\/image-builder\".*,\"--config=/config/kaniko-build-config.yaml\".*\\],\"container_name\":\"test\",.*}$'\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/buildkit-image-builder:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":\\[.*\"\\/image-builder\".*,\"--config=/config/kaniko-build-config.yaml\".*\\],\"container_name\":\"test\",.*}$'\n        #kyma-dashboard-dev, kyma-dashboard-stage, kyma-dashboard-prod, post-k8s-prow-build-release and post-main-build-testimages\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/e2e-dind-k3d:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":.*,\"container_name\":\"test\",.*}$'\n        #post-test-infra-ko-build\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":.*,\"container_name\":\"test\",.*}$'\n      # sidecar\n      - image: \"gcr.io/k8s-prow/sidecar:*\"\n        command: [ ]\n        args: [ ]\n      # image-syncer\n      - image: \"europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/image-syncer:*\"\n        command:\n          - /tools/entrypoint\n        args: [ ]\n        entrypoint_options: '^{.*\"args\":\\[\"\\/ko-app/image-syncer\",\"--images-file=cmd/image-syncer/external-images.yaml\",\"--target-repo-auth-key=.*\"\\],\"container_name\":\"test\",.*}$'"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/secrettrustedusages/sa-kyma-push-images]
module.prow_gatekeeper.kubectl_manifest.constraints["# Allow images needed to run Prow application in Prow cluster.\n\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sAllowedImages\nmetadata:\n  name: prow-namespace\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"default\"\n  parameters:\n    images:\n      - \"nginx\"\n      - \"docker.io/library/nginx\"\n      - \"prom/pushgateway\"\n      - \"eu.gcr.io/kyma-project\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/kyma-project\"\n      - \"europe-west3-docker.pkg.dev/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/gardener-project/releases/ci-infra\"\n      - \"gcr.io/k8s-prow\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8sallowedimageses/prow-namespace]
module.prow_gatekeeper.kubectl_manifest.constraints["# Allow images needed to run supporting tools in Prow cluster.\n\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sAllowedImages\nmetadata:\n  name: prow-tools-namespaces\nspec:\n  enforcementAction: deny\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n    namespaces:\n      - \"external-secrets\"\n      - \"gatekeeper-system\"\n      - \"prow-monitoring\"\n  parameters:\n    images:\n      - \"ghcr.io/external-secrets/external-secrets\"\n      - \"openpolicyagent/gatekeeper\"\n      - \"docker.io/nginx\"\n      - \"quay.io/prometheus-operator/prometheus-config-reloader\"\n      - \"quay.io/prometheus-operator/prometheus-operator\"\n      - \"eu.gcr.io/kyma-project\"\n      - \"eu.gcr.io/sap-kyma-neighbors-dev\"\n      - \"europe-docker.pkg.dev/kyma-project\"\n      - \"europe-west3-docker.pkg.dev/sap-kyma-neighbors-dev\"\n      - \"gcr.io/k8s-prow\""]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8sallowedimageses/prow-tools-namespaces]
github_actions_organization_variable.gh_com_kyma_project_gcp_workload_identity_federation_provider: Refreshing state... [id=GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER]
module.secrets_leaks_log_scanner.google_service_account.gcs_bucket_mover: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_storage_bucket.kyma_prow_logs_secured: Refreshing state... [id=kyma-prow-logs-secured]
module.secrets_leaks_log_scanner.google_service_account.secrets_leak_detector: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_service_account.github_issue_creator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-issue-creator@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_storage_bucket.kyma_prow_logs: Reading...
module.secrets_leaks_log_scanner.data.google_project.project: Reading...
module.secrets_leaks_log_scanner.google_service_account.github_issue_finder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-issue-finder@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_service_account.secrets_leak_log_scanner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-leak-log-scanner@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading...
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.secrets_leak_log_scanner: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/4186084580898851963]
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.github_issue_finder: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/7170185124964513561]
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.github_issue_creator: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/4186084580898851199]
module.secrets_leaks_log_scanner.google_monitoring_alert_policy.gcs_bucket_mover: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/14829426496191956253]
module.secrets_leaks_log_scanner.data.google_iam_policy.run_invoker: Reading...
module.secrets_leaks_log_scanner.data.google_iam_policy.run_invoker: Read complete after 0s [id=735823064]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.kyma_prow_logs_secured_object_admin: Refreshing state... [id=b/kyma-prow-logs-secured/roles/storage.objectAdmin/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_cloud_run_service.secrets_leak_log_scanner: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/secrets-leak-log-scanner]
module.secrets_leaks_log_scanner.data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 0s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token]
module.secrets_leaks_log_scanner.google_cloud_run_service.gcs_bucket_mover: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/gcs-bucket-mover]
module.secrets_leaks_log_scanner.google_secret_manager_secret_iam_member.gh_issue_creator_gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-issue-creator@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_storage_bucket.kyma_prow_logs: Read complete after 0s [id=kyma-prow-logs]
module.secrets_leaks_log_scanner.google_secret_manager_secret_iam_member.gh_issue_finder_gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-issue-finder@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.kyma_prow_logs_viewer: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectViewer/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.secrets_leak_detector: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectViewer/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_storage_bucket_iam_member.kyma_prow_logs_object_admin: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectAdmin/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.data.google_project.project: Read complete after 0s [id=projects/sap-kyma-prow]
module.secrets_leaks_log_scanner.google_project_iam_member.project_log_writer: Refreshing state... [id=projects/sap-kyma-prow/roles/logging.logWriter/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_project_iam_member.project_workflows_invoker: Refreshing state... [id=projects/sap-kyma-prow/roles/workflows.invoker/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.secrets_leak_log_scanner: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/secrets-leak-log-scanner]
module.secrets_leaks_log_scanner.google_cloud_run_service.github_issue_creator: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-creator]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.github_issue_creator: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/github-issue-creator]
module.secrets_leaks_log_scanner.google_cloud_run_service.github_issue_finder: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-finder]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.gcs_bucket_mover: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/gcs-bucket-mover]
module.secrets_leaks_log_scanner.google_cloud_run_service_iam_policy.github_issue_finder: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/github-issue-finder]
module.secrets_leaks_log_scanner.google_workflows_workflow.secrets_leak_detector: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/workflows/secrets-leak-detector]
module.secrets_leaks_log_scanner.google_eventarc_trigger.secrets_leak_detector_workflow: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/triggers/secrets-leak-detector]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

OpenTofu will perform the following actions:

  # google_artifact_registry_repository.dockerhub_mirror will be updated in-place
  ~ resource "google_artifact_registry_repository" "dockerhub_mirror" {
      ~ description            = "Remote repository mirroring Docker Hub" -> "Remote repository mirroring Docker Hub. For more details, see https://github.tools.sap/kyma/oci-image-builder/blob/main/README.md"
        id                     = "projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror"
        name                   = "dockerhub-mirror"
        # (11 unchanged attributes hidden)

      + cleanup_policies {
          + action = "DELETE"
          + id     = "cleanup-old-images"

          + condition {
              + older_than            = "730d"
              + package_name_prefixes = []
              + tag_prefixes          = []
              + tag_state             = "ANY"
              + version_name_prefixes = []
            }
        }

        # (1 unchanged block hidden)
    }

  # google_service_account.kyma_project_image_builder will be updated in-place
  # (imported from "projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com")
  ~ resource "google_service_account" "kyma_project_image_builder" {
        account_id   = "azure-pipeline-image-builder"
        description  = "OCI image builder running in kyma development service azure pipelines"
        disabled     = false
      - display_name = "azure-pipeline-image-builder" -> null
        email        = "azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        id           = "projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        member       = "serviceAccount:azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        name         = "projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com"
        project      = "kyma-project"
        unique_id    = "103311426355882746849"
    }

  # google_service_account.sa-gke-kyma-integration will be updated in-place
  ~ resource "google_service_account" "sa-gke-kyma-integration" {
      ~ description  = "Service account is used by Prow to integrate with GKE." -> "Service account is used by Prow to integrate with GKE. Will be removed with Prow"
        id           = "projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com"
        name         = "projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com"
        # (7 unchanged attributes hidden)
    }

  # google_service_account.sa_gke_kyma_integration will be updated in-place
  ~ resource "google_service_account" "sa_gke_kyma_integration" {
      ~ description  = "Service account is used by Prow to integrate with GKE." -> "Service account is used by Prow to integrate with GKE. Will be removed with Prow"
        id           = "projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com"
        name         = "projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com"
        # (7 unchanged attributes hidden)
    }

Plan: 1 to import, 0 to add, 4 to change, 0 to destroy.

Changes to Outputs:
  ~ service_account_keys_cleaner                        = {
      ~ service_account_keys_cleaner_secheduler        = {
          ~ http_target            = [
              ~ {
                  ~ uri         = "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app?project=sap-kyma-prow&age=24" -> "https://service-account-keys-cleaner-q25ja7ch3q-ez.a.run.app/?project=sap-kyma-prow&age=24"
                    # (5 unchanged attributes hidden)
                },
            ]
            id                     = "projects/sap-kyma-prow/locations/europe-west3/jobs/service-account-keys-cleaner"
            name                   = "service-account-keys-cleaner"
            # (12 unchanged attributes hidden)
        }
        # (2 unchanged attributes hidden)
    }
google_service_account.kyma_project_image_builder: Importing... [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com]
google_service_account.kyma_project_image_builder: Import complete [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com]
google_service_account.sa-gke-kyma-integration: Modifying... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa_gke_kyma_integration: Modifying... [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_artifact_registry_repository.dockerhub_mirror: Modifying... [id=projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror]
google_service_account.kyma_project_image_builder: Modifying... [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com]
google_service_account.sa_gke_kyma_integration: Modifications complete after 5s [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.sa-gke-kyma-integration: Modifications complete after 5s [id=projects/sap-kyma-prow/serviceAccounts/sa-gke-kyma-integration@sap-kyma-prow.iam.gserviceaccount.com]
google_service_account.kyma_project_image_builder: Modifications complete after 5s [id=projects/kyma-project/serviceAccounts/azure-pipeline-image-builder@kyma-project.iam.gserviceaccount.com]

Error: Error updating Repository "projects/sap-kyma-prow/locations/europe/repositories/dockerhub-mirror": googleapi: Error 400: Invalid value at 'repository.cleanup_policies[0].value.condition.older_than' (type.googleapis.com/google.protobuf.Duration), Field 'olderThan', Illegal duration format; duration must end with 's'
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid value at 'repository.cleanup_policies[0].value.condition.older_than' (type.googleapis.com/google.protobuf.Duration), Field 'olderThan', Illegal duration format; duration must end with 's'",
        "field": "repository.cleanup_policies[0].value.condition.older_than"
      }
    ]
  }
]

  with google_artifact_registry_repository.dockerhub_mirror,
  on image-builder.tf line 91, in resource "google_artifact_registry_repository" "dockerhub_mirror":
  91: resource "google_artifact_registry_repository" "dockerhub_mirror" {

`

* Update image-builder.tf * Update image-builder.tf * upd8 account * Correct account * Correct account * Correct account * Correct account * Correct account * Correct account * Correct Terraform vars * Correct Terraform vars * Correct Terraform vars * Correct Terraform vars * Correct Terraform vars * Correct Terraform vars * terraform fixes of other resources * Update configs/terraform/environments/prod/image-builder.tf Co-authored-by: Przemek Pokrywka <12400578+dekiel@users.noreply.github.com> * Move docker hub mirror config to object type variable * Add identity for image-builder in kyma-project project. * Use exisitng identity, use updated variables --------- Co-authored-by: Przemek Pokrywka <12400578+dekiel@users.noreply.github.com> Co-authored-by: Kacper Małachowski <38684517+KacperMalachowski@users.noreply.github.com>

akiioto and others added 15 commits September 13, 2024 04:18

Update image-builder.tf

05a5db2

Update image-builder.tf

565b579

upd8 account

6b4d4f1

Merge branch 'main' into remote

1fd4dc3

Correct account

be11613

Merge branch 'main' into remote

0f8d139

Correct account

41bbf67

Merge branch 'main' into remote

3b81b01

Correct account

ba7c1e3

Merge branch 'main' into remote

0d880f3

Correct account

fca6b15

Correct account

68bfca5

Merge branch 'main' into remote

eab060d

Correct account

2d44b86

Correct Terraform vars

c33ad31

akiioto requested review from neighbors-dev-bot and a team as code owners September 16, 2024 12:20

akiioto requested review from Sawthis and TorstenD-SAP September 16, 2024 12:20

kyma-bot added the cla: yes Indicates the PR's author has signed the CLA. label Sep 16, 2024

akiioto added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. and removed cla: yes Indicates the PR's author has signed the CLA. labels Sep 16, 2024

kyma-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cla: yes Indicates the PR's author has signed the CLA. labels Sep 16, 2024

Merge branch 'main' into elotf

29bf7c7

akiioto removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 16, 2024

akiioto changed the title ~~Elotf~~ do not merge: test Sep 16, 2024

Correct Terraform vars

5ec6e2a

kyma-bot added the destroy label Sep 16, 2024

Correct Terraform vars

977fcbe

kyma-bot removed the destroy label Sep 16, 2024

akiioto added 2 commits September 16, 2024 17:07

Correct Terraform vars

7f51912

Correct Terraform vars

52d72b5

kyma-bot added the destroy label Sep 16, 2024

Correct Terraform vars

d3618ac

kyma-bot added add-or-update and removed destroy labels Sep 16, 2024

akiioto changed the title ~~do not merge: test~~ Adjust terraform to store cleanup policies Sep 17, 2024

terraform fixes of other resources

6eddfe9

dekiel self-assigned this Sep 17, 2024

dekiel requested changes Sep 17, 2024

View reviewed changes

akiioto and others added 2 commits September 17, 2024 11:25

Update configs/terraform/environments/prod/image-builder.tf

d6c66b8

Co-authored-by: Przemek Pokrywka <12400578+dekiel@users.noreply.github.com>

Move docker hub mirror config to object type variable

4923b2a

kyma-bot removed the add-or-update label Oct 2, 2024

KacperMalachowski added 2 commits October 2, 2024 12:39

Add identity for image-builder in kyma-project project.

ad5c0b0

Use exisitng identity, use updated variables

d6753b5

kyma-bot added the add-or-update label Oct 2, 2024

KacperMalachowski requested a review from dekiel October 2, 2024 10:48

dekiel approved these changes Oct 2, 2024

View reviewed changes

kyma-bot added the lgtm Looks good to me! label Oct 2, 2024

kyma-bot merged commit bb77d5b into kyma-project:main Oct 2, 2024
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adjust terraform to store cleanup policies #11915

Adjust terraform to store cleanup policies #11915

akiioto commented Sep 16, 2024

kyma-bot commented Sep 16, 2024 •

edited

Loading

dekiel left a comment

kyma-bot commented Oct 2, 2024

Adjust terraform to store cleanup policies #11915

Adjust terraform to store cleanup policies #11915

Conversation

akiioto commented Sep 16, 2024

kyma-bot commented Sep 16, 2024 • edited Loading

Plan Result

dekiel left a comment

Choose a reason for hiding this comment

kyma-bot commented Oct 2, 2024

❌ Apply Result

kyma-bot commented Sep 16, 2024 •

edited

Loading