tf(deps): bump hashicorp/google from 4.65.2 to 4.67.0 in /configs/terraform/secrets-leaks-log-scanner #7787

dependabot · 2023-05-30T19:03:29Z

Bumps hashicorp/google from 4.65.2 to 4.67.0.

Release notes

Sourced from hashicorp/google's releases.

v4.67.0

FEATURES:

New Data Source: google_*_iam_policy (#14662)

New Data Source: google_vertex_ai_index (#14640)

IMPROVEMENTS:

cloudrun: added template.spec.containers.name field to google_cloud_run_service (#14647)

compute: added network_performance_config field to google_compute_instance and google_compute_instance_template (#14678)

compute: added guest_os_features and licenses fields to google_compute_disk and google_compute_region_disk (#14660)

datastream: added mysql_source_config.max_concurrent_backfill_tasks field to google_datastream_stream (#14639)

firebase: added additional import formats for google_firebase_webapp (#14638)

notebooks: added update support for google_notebooks_instance.metadata field (#14650)

privateca: added encoding_format field to google_privateca_ca_pool (#14663)

BUG FIXES:

apigee: increased google_apigee_organization timeout defaults to 45m from 20m (#14643)

cloudresourcemanager: added retries to handle internal error: type: "googleapis.com" subject: "160009" (#14727)

cloudrun: fixed a permadiff for metadata.annotation in google_cloud_run_service (#14642)

container: fixed a crash scenario in google_container_node_pool (#14693)

gkeonprem: changed hostname (under ip_block) from required to optional for google_gkeonprem_vmware_cluster (#14690)

serviceusage: added retries to handle internal error: type: "googleapis.com" subject: "160009" when activating services (#14727)

v4.66.0

NOTE:

Upgraded to Go 1.19.9 (#14561)

FEATURES:

New Resource: google_network_security_server_tls_policy (#14557)

IMPROVEMENTS:

bigquery: added ICEBERG as an enum for external_data_configuration.source_format field in google_bigquery_table (#14562)

cloudfunctions: added status attribute to the google_cloudfunctions_function resource and data source (#14574)

compute: added storage_location field in google_compute_image resource (#14619)

compute: added support for additional machine types in google_compute_region_commitment (#14593)

monitoring: added forecast_options field to google_monitoring_alert_policy resource (#14616)

monitoring: added notification_channel_strategy field to google_monitoring_alert_policy resource (#14563)

sql: added advanced_machine_features field in google_sql_database_instance (#14604)

storagetransfer: added field path to transfer_spec.aws_s3_data_source in google_storage_transfer_job (#14610)

BUG FIXES:

artifactregistry: fixed new repositories ignoring the provider region if location is unset in google_artifact_registry_repository. (#14596)

compute: fixed permadiff on log_config.sample_rate of google_compute_backend_service (#14590)

container: fixed permadiff on gateway_api_config.channel of google_container_cluster (#14576)

dataflow: fixed inconsistent final plan when labels are added to google_dataflow_job (#14594)

provider: fixed an issue where mtls transports were not used consistently(initial implementation in v4.65.0, reverted in v4.65.1) (#14621)

storage: fixed inconsistent final plan when labels are added to google_storage_bucket (#14594)

Changelog

Sourced from hashicorp/google's changelog.

4.67.0 (Unreleased)

4.66.0 (May 22, 2023)

NOTE:

Upgraded to Go 1.19.9 (#14561)

FEATURES:

New Resource: google_network_security_server_tls_policy (#14557)

IMPROVEMENTS:

bigquery: added ICEBERG as an enum for external_data_configuration.source_format field in google_bigquery_table (#14562)

cloudfunctions: added status attribute to the google_cloudfunctions_function resource and data source (#14574)

compute: added storage_location field in google_compute_image resource (#14619)

compute: added support for additional machine types in google_compute_region_commitment (#14593)

monitoring: added forecast_options field to google_monitoring_alert_policy resource (#14616)

monitoring: added notification_channel_strategy field to google_monitoring_alert_policy resource (#14563)

sql: added advanced_machine_features field in google_sql_database_instance (#14604)

storagetransfer: added field path to transfer_spec.aws_s3_data_source in google_storage_transfer_job (#14610)

BUG FIXES:

artifactregistry: fixed new repositories ignoring the provider region if location is unset in google_artifact_registry_repository. (#14596)

compute: fixed permadiff on log_config.sample_rate of google_compute_backend_service (#14590)

container: fixed permadiff on gateway_api_config.channel of google_container_cluster (#14576)

dataflow: fixed inconsistent final plan when labels are added to google_dataflow_job (#14594)

provider: fixed an issue where mtls transports were not used consistently(initial implementation in v4.65.0, reverted in v4.65.1) (#14621)

storage: fixed inconsistent final plan when labels are added to google_storage_bucket (#14594)

Commits

f02aca4 ga - 4.67.0 - release notes (#14709)
1c0e254 Revert "Replaced users.list api with users.get api to increase efficiency." (...
ca82db5 Add retry for internal 160009 errors (#8017) (#14727)
18e51a1 Move files to tpgiamresource package (#7984) (#14697)
105265a Added nil guard to blue green settings in google_container_node_pool (#7996) ...
d04b2ea Update hostname from required to default_from_api (#8002) (#14690)
1ec1001 Skip Sweeper for firestore_document (#7991) (#14689)
6c33c86 Updated description of 'query_string_length' (#7987) (#14687)
a300687 Remove sample for Storage release (#7944) (#14685)
fe3da36 compute - bump network_performance_config to ga (#7985) (#14678)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [hashicorp/google](https://github.com/hashicorp/terraform-provider-google) from 4.65.2 to 4.67.0. - [Release notes](https://github.com/hashicorp/terraform-provider-google/releases) - [Changelog](https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md) - [Commits](hashicorp/terraform-provider-google@v4.65.2...v4.67.0) --- updated-dependencies: - dependency-name: hashicorp/google dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

kyma-bot · 2023-05-30T19:04:06Z

Plan Result

No changes. Your infrastructure matches the configuration.

kyma-bot · 2023-05-30T19:04:29Z

✅ Apply Succeeded

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Details (Click me)

data.google_client_config.gcp: Reading...
data.google_container_cluster.prow_k8s_cluster: Reading...
data.google_container_cluster.tekton_k8s_cluster: Reading...
module.terraform_executor_gcp_service_account.google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
data.google_container_cluster.untrusted_workload_k8s_cluster: Reading...
data.google_container_cluster.trusted_workload_k8s_cluster: Reading...
data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/<null>]
data.google_container_cluster.prow_k8s_cluster: Read complete after 0s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow]
data.google_container_cluster.tekton_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west4/clusters/tekton]
module.prow_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Reading...
module.prow_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/prow/**.yaml"]: Reading...
module.prow_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/prow/**.yaml"]: Read complete after 0s [id=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]
module.prow_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading...
module.prow_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Read complete after 0s [id=5b3a4f4c27e588b7f9aefeb7caad50497b6c947ee312fe430446dff5c810fd6c]
module.prow_gatekeeper.data.kubectl_file_documents.gatekeeper: Read complete after 0s [id=dc39d54a3fa7ea8c38399850c255006d127216f312696358a6b52c8fa4afa801]
data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow]
data.google_container_cluster.trusted_workload_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/trusted-workload-kyma-prow]
module.tekton_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../tekton/deployments/gatekeeper-constraints/**.yaml"]: Reading...
module.tekton_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../tekton/deployments/gatekeeper-constraints/**.yaml"]: Read complete after 0s [id=52507a6b3cc8faadb69b744f7cb223e9cc5ccbb6e6abe6fdc3bade397df3e14d]
module.tekton_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading...
module.tekton_gatekeeper.data.kubectl_file_documents.gatekeeper: Read complete after 0s [id=dc39d54a3fa7ea8c38399850c255006d127216f312696358a6b52c8fa4afa801]
module.prow_gatekeeper.kubectl_manifest.constraint_templates["apiVersion: templates.gatekeeper.sh/v1\nkind: ConstraintTemplate\nmetadata:\n  name: secrettrustedusage\n  annotations:\n    metadata.gatekeeper.sh/title: \"Secret Trusted Usage\"\n    metadata.gatekeeper.sh/version: 1.0.0\n    description: >-\n      Controls any Pod ability to use restricted secret.\nspec:\n  crd:\n    spec:\n      names:\n        kind: SecretTrustedUsage\n      validation:\n        openAPIV3Schema:\n          type: object\n          description: >-\n            Controls any Pod ability to use use restricted secret.\n          properties:\n            labels:\n              type: array\n              description: >-\n                A list of labels and values the object must specify.\n              items:\n                type: object\n                properties:\n                  key:\n                    type: string\n                    description: >-\n                      The required label.\n                  allowedRegex:\n                    type: string\n                    description: >-\n                      Regular expression the label's value must match. The value must contain one exact match for\n                      the regular expression.\n            restrictedSecrets:\n              type: array\n              description: >-\n                A list of restricted secrets.\n              items:\n                type: string\n                description: >-\n                  The restricted secret name.\n            trustedServiceAccounts:\n              type: array\n              description: >-\n                A list of trusted service accounts. If a Pod match criteria from trustedServiceAccount, it is allowed to use restricted secret.\n              items:\n                type: string\n                description: >-\n                  The trusted service account name.\n            trustedImages:\n              type: array\n              description: >-\n                A list of trusted images. If a Pod match criteria from trustedImage, it is allowed to use restricted secret.\n              items:\n                type: object\n                description: >-\n                  The trusted image criteria.\n                properties:\n                  image:\n                    type: string\n                    description: >-\n                      The container trusted image name.\n                  command:\n                    type: array\n                    description: >-\n                      The list of container trusted commands to run.\n                    items:\n                      type: string\n                      description: >-\n                        The trusted command to run.\n                  args:\n                    type: array\n                    description: >-\n                      The trusted arguments to pass to the command.\n                    items:\n                      type: string\n                      description: >-\n                        The trusted argument to pass to the command.\n  targets:\n    - target: admission.k8s.gatekeeper.sh\n      rego: |\n        package kubernetes.secrettrustedusage\n        \n        import future.keywords.contains\n        import future.keywords.if\n        import future.keywords.in\n  \n        # Report violation if the container is using a restricted secret and does not match trusted usage criteria.\n        # Violation is check if secret is used in env.envFrom container spec.\n        violation[{\"msg\": msg}] {\n          some k\n          # Iterate over all containers in the pod.\n          container := input_containers[_]\n        \n          # Check if the container is using a restricted secret.\n          container.envFrom[_].secretRef.name == input.parameters.restrictedSecrets[k]\n        \n          # Check if container is not matching trusted usage criteria.\n          not trustedUsages(container)\n        \n          # Format violation message.\n          msg := sprintf(\"Container %v is not allowed to use restricted secret: %v.\", [container.name, input.parameters.restrictedSecrets[k]])\n        }\n  \n        # Report violation if the container is using a restricted secret and does not match trusted usage criteria.\n        # Violation is check if secret is used in env.valueFrom container spec.\n        violation[{\"msg\": msg}] {\n          some k\n          # Iterate over all containers in the pod.\n          container := input_containers[_]\n        \n          # Check if the container is using a restricted secret.\n          container.env[_].valueFrom.secretKeyRef.name == input.parameters.restrictedSecrets[k]\n        \n          # Check if container is not matching trusted usage criteria.\n          not trustedUsages(container)\n        \n          # Format violation message.\n          msg := sprintf(\"Container %v is not allowed to use restricted secret: %v.\", [container.name, input.parameters.restrictedSecrets[k]])\n        }\n  \n        # Report violation if the container is using a restricted secret and does not match trusted usage criteria.\n        # Violation is check if secret is mount as volume.\n        violation[{\"msg\": msg}] {\n          some k, j\n          # Iterate over all containers in the pod.\n          container := input_containers[_]\n        \n          # Check if the container is using a restricted secret.\n          input.review.object.spec.volumes[j].secret.secretName == input.parameters.restrictedSecrets[k]\n          container.volumeMounts[_].name == input.review.object.spec.volumes[j].name\n        \n          # Check if container is not matching trusted usage criteria.\n          not trustedUsages(container)\n        \n          # Format violation message.\n          msg := sprintf(\"Container %v is not allowed to use restricted secret: %v.\", [container.name, input.parameters.restrictedSecrets[k]])\n        }\n        \n        trustedUsages(container) {\n          some j\n          trustedSA := object.get(input.parameters, \"trustedServiceAccounts\", [input.review.object.spec.serviceAccountName])\n          input.review.object.spec.serviceAccountName == trustedSA[_]\n          glob.match(input.parameters.trustedImages[j].image, null, container.image)\n          checkCommand(container, input.parameters.trustedImages[j])\n          checkArgs(container, input.parameters.trustedImages[j])\n          checkLabels(input.review.object, input.parameters)\n        }\n  \n        # Check if trusted usage criteria does not define required labels.\n        # Function evaluate too true if required labels are not defined.\n        checkLabels(reviewObject, inputParameters) if {\n          paramLabels := object.get(inputParameters, \"labels\", [])\n        \n          # Check if the required labels array is empty.\n          count(paramLabels) == 0\n  \n          # Getting pod labels to prevent unused variable error.\n          _ := object.get(reviewObject.metadata, \"labels\", [])\n        }\n  \n        # Check if the pod has required labels.\n        checkLabels(reviewObject, inputParameters) if {\n          # Check if the required labels array is not empty.\n          paramLabels := object.get(inputParameters, \"labels\", [])\n          count(paramLabels) > 0\n        \n          # Check if the pod labels array is not empty.\n          reviewLabels := object.get(reviewObject.metadata, \"labels\", [])\n          count(reviewLabels) > 0\n        \n          # Check if the pod has required labels.\n          value := reviewLabels[key]\n          expected := input.parameters.labels[_]\n          expected.key == key\n        \n          # Check if the label value matches the regular expression.\n          # If the required label does not define allowedRegex, use default value \".*\" to match any value.\n          reg := object.get(expected, \"allowedRegex\", \".*\")\n          regex.match(reg, value)\n        }\n  \n        # Check if trusted usage criteria does not define trusted commands.\n        checkCommand(container, trustedImage) if {\n          trustedCommand := object.get(trustedImage, \"command\", [])\n          count(trustedCommand) == 0\n        \n          # Getting container command to prevent unused variable error.\n          _ := object.get(container, \"command\", [])\n        }\n  \n        # Check if the container is using a trusted commands.\n        # Function evaluate too true if the container is using exactly the same trusted commands.\n        # Number and order of commands must match.\n        checkCommand(container, trustedImage) if {\n          trustedCommand := object.get(trustedImage, \"command\", [])\n          containerCommand := object.get(container, \"command\", [])\n          count(containerCommand) == count(trustedCommand)\n        \n          # Allow using wildcard to match variable part of the command.\n          glob.match(trustedCommand[i], null, containerCommand[i])\n        }\n  \n        # Check if trusted usage criteria does not define trusted arguments.\n        checkArgs(container, trustedImage) if {\n          trustedArgs := object.get(trustedImage, \"args\", [])\n          count(trustedArgs) == 0\n        \n          # Getting container args to prevent unused variable error.\n          _ := object.get(container, \"args\", [])\n        }\n  \n        # Check if the container is using a trusted arguments.\n        # Function evaluate too true if the container is using exactly the same trusted arguments.\n        # Number and order of commands must match.\n        checkArgs(container, trustedImage) if {\n          trustedArgs := object.get(trustedImage, \"args\", [])\n          containerArgs := object.get(container, \"args\", [])\n          count(containerArgs) == count(trustedArgs)\n  \n          # Allow using wildcard to match variable part of the argument.\n          glob.match(trustedArgs[i], null, containerArgs[i])\n        }\n  \n        # Get all pod containers.\n        input_containers contains c if {\n          c := input.review.object.spec.containers[_]\n        }\n  \n        # Get all pod init containers.\n        input_containers contains c if {\n          c := input.review.object.spec.initContainers[_]\n        }"]: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/secrettrustedusage]
module.prow_gatekeeper.kubectl_manifest.constraint_templates["apiVersion: templates.gatekeeper.sh/v1\nkind: ConstraintTemplate\nmetadata:\n  name: serviceaccounttrustedusage\n  annotations:\n    metadata.gatekeeper.sh/title: \"ServiceAccount Trusted Usage\"\n    metadata.gatekeeper.sh/version: 1.0.0\n    description: >-\n      Controls a k8s workloads ability to use use restricted service accounts.\n      Workloads controlled by this constraint template are: ReplicationController, ReplicaSet, Deployment, StatefulSet, DaemonSet, Job, CronJob, Pod.\nspec:\n  crd:\n    spec:\n      names:\n        kind: ServiceAccountTrustedUsage\n      validation:\n        openAPIV3Schema:\n          type: object\n          description: >-\n            Controls a k8s workloads ability to use use restricted service accounts.\n          properties:\n            labels:\n              type: array\n              description: >-\n                A list of labels and values the object must specify.\n              items:\n                type: object\n                properties:\n                  key:\n                    type: string\n                    description: >-\n                      The required label.\n                  allowedRegex:\n                    type: string\n                    description: >-\n                      Regular expression the label's value must match. The value must contain one exact match for\n                      the regular expression.\n            restrictedServiceAccounts:\n              type: array\n              description: >-\n                A list of restricted service accounts.\n              items:\n                type: string\n                description: >-\n                  The restricted service account name.\n            trustedImages:\n              type: array\n              description: >-\n                A list of trusted images. If a Pod match criteria from trustedImage, it is allowed to use restricted secret.\n              items:\n                type: object\n                description: >-\n                  The trusted image criteria.\n                properties:\n                  image:\n                    type: string\n                    description: >-\n                      The container trusted image name.\n                  command:\n                    type: array\n                    description: >-\n                      The list of container trusted commands to run.\n                    items:\n                      type: string\n                      description: >-\n                        The trusted command to run.\n                  args:\n                    type: array\n                    description: >-\n                      The trusted arguments to pass to the command.\n                    items:\n                      type: string\n                      description: >-\n                        The trusted argument to pass to the command.\n  targets:\n    - target: admission.k8s.gatekeeper.sh\n      rego: |\n        package kubernetes.serviceaccounttrustedusage\n        \n          import future.keywords.contains\n          import future.keywords.if\n          import future.keywords.in\n       \n        # Report violation if the pod is using a restricted service account and does not match trusted usage criteria.\n        \n        violation contains {\"msg\": msg} if {\n          some k\n          # Iterate over all containers in the pod.\n        \n          container := input_containers[_]\n        \n          # Check if the pod is using a restricted service account.\n        \n          get_service_account(input.review.object) == input.parameters.restrictedServiceAccounts[k]\n        \n          # Check if the pod is not matching trusted usage criteria.\n        \n          not trustedUsages(container)\n        \n          # Format the violation message.\n        \n          msg := sprintf(\"Container %v is not allowed to use restricted service account: %v.\", [container.name, input.parameters.restrictedServiceAccounts[k]])\n        }\n        \n        # trustedUsages function checks if the pod is matching trusted usage criteria.\n        # Trusted usage criteria are defined in the constraint template parameters.\n        \n        trustedUsages(container) if {\n          some j\n        \n          # Check if the container is using a trusted image.\n        \n          glob.match(input.parameters.trustedImages[j].image, null, container.image)\n        \n          # Check if the container is using a trusted commands.\n        \n          checkCommand(container, input.parameters.trustedImages[j])\n        \n          # Check if the container is using a trusted arguments.\n        \n          checkArgs(container, input.parameters.trustedImages[j])\n        \n          # Check if the container has required labels.\n        \n          checkLabels(input.review.object, input.parameters)\n        }\n        \n        # Check if trusted usage criteria does not define required labels.\n        # Function evaluate too true if required labels are not defined.\n        \n        checkLabels(reviewObject, inputParameters) if {\n          # Get the required labels from the constraint template parameters.\n          # If the required labels are not defined, return empty array.\n          # Empty array is required to prevent undefined expression result.\n        \n          paramLabels := object.get(inputParameters, \"labels\", [])\n        \n          # Check if the required labels array is empty.\n        \n          count(paramLabels) == 0\n        \n          # Getting pod labels to prevent unused variable error.\n        \n          _ := object.get(reviewObject.metadata, \"labels\", [])\n        }\n        \n        # Check if the pod has required labels.\n        checkLabels(reviewObject, inputParameters) if {\n          # Check if the required labels array is not empty.\n          paramLabels := object.get(inputParameters, \"labels\", [])\n          count(paramLabels) > 0\n        \n          # Check if the pod labels array is not empty.\n          reviewLabels := object.get(reviewObject.metadata, \"labels\", [])\n          count(reviewLabels) > 0\n        \n          # Check if the pod has all required labels.\n          value := reviewLabels[key]\n          expected := input.parameters.labels[_]\n          expected.key == key\n        \n          # Check if the pod label value matches the required labels regular expression.\n          # If the required label does not define allowedRegex, use default value \".*\" to match any value.\n          reg := object.get(expected, \"allowedRegex\", \".*\")\n          regex.match(reg, value)\n        }\n        \

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

ainerArgs) == count(trustedArgs)\n        \n          # Allow using wildcard to match variable part of the argument.\n          glob.match(trustedArgs[i], null, containerArgs[i])\n        }\n        \n        # Get service account name from different type of k8s resources.\n        get_service_account(obj) = spec if {\n          obj.kind == \"Pod\"\n          spec := obj.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"ReplicationController\"\n          spec := obj.spec.template.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"ReplicaSet\"\n          spec := obj.spec.template.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"Deployment\"\n          spec := obj.spec.template.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"StatefulSet\"\n          spec := obj.spec.template.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"DaemonSet\"\n          spec := obj.spec.template.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"Job\"\n          spec := obj.spec.template.spec.serviceAccountName\n        }\n          \n        get_service_account(obj) = spec if {\n          obj.kind == \"CronJob\"\n          spec := obj.spec.jobTemplate.spec.template.spec.serviceAccountName\n        }\n        \n        # Get all pod containers.\n        input_containers contains c if {\n          c := input.review.object.spec.containers[_]\n        }\n        \n        # Get all pod init containers.\n        input_containers contains c if {\n          c := input.review.object.spec.initContainers[_]\n        }"]: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/serviceaccounttrustedusage]
google_project_iam_member.terraform_executor_owner: Refreshing state... [id=sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh]
module.untrusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role]
module.untrusted_workload_terraform_executor_k8s_service_account.kubernetes_secret.terraform_executor: Refreshing state... [id=default/terraform-executor]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role]
module.trusted_workload_terraform_executor_k8s_service_account.kubernetes_secret.terraform_executor: Refreshing state... [id=default/terraform-executor]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with module.trusted_workload_terraform_executor_k8s_service_account.kubernetes_service_account.terraform_executor,
  on ../../../../development/terraform-executor/terraform/modules/k8s-terraform-executor/main.tf line 15, in resource "kubernetes_service_account" "terraform_executor":
  15: resource "kubernetes_service_account" "terraform_executor" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty

(and 2 more similar warnings elsewhere)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

tekton_gatekeeper = <sensitive>
tekton_terraform_executor_k8s_service_account = {
  "terraform_executor_k8s_service_account" = {
    "automount_service_account_token" = true
    "default_secret_name" = ""
    "id" = "default/terraform-executor"
    "image_pull_secret" = toset([])
    "metadata" = tolist([
      {
        "annotations" = tomap({
          "iam.gke.io/gcp-service-account" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "generate_name" = ""
        "generation" = 0
        "labels" = tomap({})
        "name" = "terraform-executor"
        "namespace" = "default"
        "resource_version" = "128307926"
        "uid" = "51d95a38-fc8f-434f-bcb4-fa84ce96db29"
      },
    ])
    "secret" = toset([])
    "timeouts" = null /* object */
  }
}
terraform_executor_gcp_service_account = <sensitive>
trusted_workload_gatekeeper = <sensitive>
trusted_workload_terraform_executor_k8s_service_account = {
  "terraform_executor_k8s_service_account" = {
    "automount_service_account_token" = true
    "default_secret_name" = ""
    "id" = "default/terraform-executor"
    "image_pull_secret" = toset([])
    "metadata" = tolist([
      {
        "annotations" = tomap({
          "iam.gke.io/gcp-service-account" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "generate_name" = ""
        "generation" = 0
        "labels" = tomap({})
        "name" = "terraform-executor"
        "namespace" = "default"
        "resource_version" = "604056833"
        "uid" = "802f1b39-dbf0-4429-9612-cbc74ca7bccf"
      },
    ])
    "secret" = toset([])
    "timeouts" = null /* object */
  }
}
untrusted_workload_gatekeeper = <sensitive>
untrusted_workload_terraform_executor_k8s_service_account = {
  "terraform_executor_k8s_service_account" = {
    "automount_service_account_token" = true
    "default_secret_name" = ""
    "id" = "default/terraform-executor"
    "image_pull_secret" = toset([])
    "metadata" = tolist([
      {
        "annotations" = tomap({
          "iam.gke.io/gcp-service-account" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "generate_name" = ""
        "generation" = 0
        "labels" = tomap({})
        "name" = "terraform-executor"
        "namespace" = "default"
        "resource_version" = "599762309"
        "uid" = "e14bae6f-2239-4e1d-8b99-708e3c63c19c"
      },
    ])
    "secret" = toset([])
    "timeouts" = null /* object */
  }
}

halamix2 · 2023-06-01T08:51:06Z

/retest

kyma-bot · 2023-06-01T08:57:06Z

✅ Apply Succeeded

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Details (Click me)

data.google_secret_manager_secret.gh_tools_kyma_bot_token: Reading...
google_service_account.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
data.google_secret_manager_secret.common_slack_bot_token: Reading...
google_storage_bucket.kyma_prow_logs_secured: Refreshing state... [id=kyma-prow-logs-secured]
google_service_account.github_issue_finder: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-issue-finder@sap-kyma-prow.iam.gserviceaccount.com]
data.google_storage_bucket.kyma_prow_logs: Reading...
google_service_account.secrets_leak_detector: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
google_monitoring_alert_policy.secrets_leak_log_scanner: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/15677332264241438988]
google_monitoring_alert_policy.github_issue_finder: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/15999866418925089607]
google_monitoring_alert_policy.github_issue_creator: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/9821277804074506500]
data.google_storage_bucket.kyma_prow_logs: Read complete after 0s [id=kyma-prow-logs]
google_service_account.gcs_bucket_mover: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
data.google_project.project: Reading...
data.google_secret_manager_secret.gh_tools_kyma_bot_token: Read complete after 1s [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token]
data.google_secret_manager_secret.common_slack_bot_token: Read complete after 1s [id=projects/sap-kyma-prow/secrets/common-slack-bot-token]
google_service_account.secrets_leak_log_scanner: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/secrets-leak-log-scanner@sap-kyma-prow.iam.gserviceaccount.com]
google_monitoring_alert_policy.slack_message_sender: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/16641435238811176146]
google_service_account.github_issue_creator: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/github-issue-creator@sap-kyma-prow.iam.gserviceaccount.com]
google_monitoring_alert_policy.gcs_bucket_mover: Refreshing state... [id=projects/sap-kyma-prow/alertPolicies/5579410898419231270]
google_storage_bucket_iam_member.kyma_prow_logs_secured_object_admin: Refreshing state... [id=b/kyma-prow-logs-secured/roles/storage.objectAdmin/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
google_storage_bucket_iam_member.kyma_prow_logs_viewer: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectViewer/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
data.google_iam_policy.run_invoker: Reading...
google_storage_bucket_iam_member.kyma_prow_logs_object_admin: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectAdmin/serviceAccount:gcs-bucket-mover@sap-kyma-prow.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.gh_issue_creator_gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-issue-creator@sap-kyma-prow.iam.gserviceaccount.com]
data.google_iam_policy.run_invoker: Read complete after 0s [id=735823064]
google_storage_bucket_iam_member.secrets_leak_detector: Refreshing state... [id=b/kyma-prow-logs/roles/storage.objectViewer/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.slack_msg_sender_common_slack_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/common-slack-bot-token/roles/secretmanager.secretAccessor/serviceAccount:slack-message-sender@sap-kyma-prow.iam.gserviceaccount.com]
google_cloud_run_service.secrets_leak_log_scanner: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/secrets-leak-log-scanner]
google_cloud_run_service.gcs_bucket_mover: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/gcs-bucket-mover]
google_secret_manager_secret_iam_member.gh_issue_finder_gh_tools_kyma_bot_token_accessor: Refreshing state... [id=projects/sap-kyma-prow/secrets/trusted_default_kyma-bot-github-sap-token/roles/secretmanager.secretAccessor/serviceAccount:github-issue-finder@sap-kyma-prow.iam.gserviceaccount.com]
google_cloud_run_service_iam_policy.secrets_leak_log_scanner: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/secrets-leak-log-scanner]
google_cloud_run_service_iam_policy.gcs_bucket_mover: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/gcs-bucket-mover]
google_cloud_run_service.slack_message_sender: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/slack-message-sender]
google_cloud_run_service.github_issue_creator: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-creator]
google_cloud_run_service_iam_policy.slack_message_sender: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/slack-message-sender]
google_cloud_run_service_iam_policy.github_issue_creator: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/github-issue-creator]
data.google_project.project: Read complete after 1s [id=projects/sap-kyma-prow]
google_project_iam_member.project_log_writer: Refreshing state... [id=projects/sap-kyma-prow/roles/logging.logWriter/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
google_project_iam_member.project_workflows_invoker: Refreshing state... [id=projects/sap-kyma-prow/roles/workflows.invoker/serviceAccount:secrets-leak-detector@sap-kyma-prow.iam.gserviceaccount.com]
google_cloud_run_service.github_issue_finder: Refreshing state... [id=locations/europe-west3/namespaces/sap-kyma-prow/services/github-issue-finder]
google_cloud_run_service_iam_policy.github_issue_finder: Refreshing state... [id=v1/projects/sap-kyma-prow/locations/europe-west3/services/github-issue-finder]
data.template_file.scan_logs_for_secrets_yaml: Reading...
data.template_file.scan_logs_for_secrets_yaml: Read complete after 0s [id=dcbef9488681987e8a9c24044636fe27acb15ea295bb5c102da628aab0fa79ec]
google_workflows_workflow.secrets_leak_detector: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/workflows/secrets-leak-detector]
google_eventarc_trigger.secrets_leak_detector_workflow: Refreshing state... [id=projects/sap-kyma-prow/locations/europe-west3/triggers/secrets-leak-detector]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

kyma-bot · 2023-06-01T08:57:48Z

✅ Apply Succeeded

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Details (Click me)

module.terraform_executor_gcp_service_account.google_service_account.terraform_executor: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
data.google_client_config.gcp: Reading...
data.google_client_config.gcp: Read complete after 0s [id=projects/"sap-kyma-prow"/regions/"europe-west4"/zones/<null>]
data.google_container_cluster.prow_k8s_cluster: Reading...
data.google_container_cluster.trusted_workload_k8s_cluster: Reading...
data.google_container_cluster.untrusted_workload_k8s_cluster: Reading...
data.google_container_cluster.tekton_k8s_cluster: Reading...
data.google_container_cluster.prow_k8s_cluster: Read complete after 0s [id=projects/sap-kyma-prow/locations/europe-west3-a/clusters/prow]
data.google_container_cluster.tekton_k8s_cluster: Read complete after 0s [id=projects/sap-kyma-prow/locations/europe-west4/clusters/tekton]
data.google_container_cluster.trusted_workload_k8s_cluster: Read complete after 0s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/trusted-workload-kyma-prow]
data.google_container_cluster.untrusted_workload_k8s_cluster: Read complete after 1s [id=projects/sap-kyma-prow/locations/europe-west3/clusters/untrusted-workload-kyma-prow]
google_project_iam_member.terraform_executor_owner: Refreshing state... [id=sap-kyma-prow-workloads/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
module.tekton_terraform_executor_k8s_service_account.kubernetes_service_account.terraform_executor: Refreshing state... [id=default/terraform-executor]
module.prow_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/prow/**.yaml"]: Reading...
module.terraform_executor_gcp_service_account.google_service_account_iam_binding.terraform_workload_identity: Refreshing state... [id=projects/sap-kyma-prow/serviceAccounts/terraform-executor@sap-kyma-prow.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
module.prow_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Reading...
module.prow_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/prow/**.yaml"]: Read complete after 0s [id=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]
module.terraform_executor_gcp_service_account.google_project_iam_member.terraform_executor_owner: Refreshing state... [id=sap-kyma-prow/roles/owner/serviceAccount:terraform-executor@sap-kyma-prow.iam.gserviceaccount.com]
module.untrusted_workload_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading...
module.prow_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading...
module.untrusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/workloads/**.yaml"]: Reading...
module.untrusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/untrusted/**.yaml"]: Reading...
module.untrusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/workloads/**.yaml"]: Read complete after 0s [id=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]
module.untrusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/untrusted/**.yaml"]: Read complete after 0s [id=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]
module.tekton_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Reading...
module.tekton_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading...
module.tekton_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Read complete after 0s [id=5b3a4f4c27e588b7f9aefeb7caad50497b6c947ee312fe430446dff5c810fd6c]
module.tekton_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../tekton/deployments/gatekeeper-constraints/**.yaml"]: Reading...
module.tekton_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../tekton/deployments/gatekeeper-constraints/**.yaml"]: Read complete after 0s [id=52507a6b3cc8faadb69b744f7cb223e9cc5ccbb6e6abe6fdc3bade397df3e14d]
module.prow_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Read complete after 0s [id=5b3a4f4c27e588b7f9aefeb7caad50497b6c947ee312fe430446dff5c810fd6c]
module.untrusted_workload_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Reading...
module.untrusted_workload_terraform_executor_k8s_service_account.kubernetes_service_account.terraform_executor: Refreshing state... [id=default/terraform-executor]
module.untrusted_workload_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Read complete after 0s [id=5b3a4f4c27e588b7f9aefeb7caad50497b6c947ee312fe430446dff5c810fd6c]
module.trusted_workload_gatekeeper.data.kubectl_file_documents.gatekeeper: Reading...
module.trusted_workload_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Reading...
module.trusted_workload_gatekeeper.data.kubectl_path_documents.constraint_templates_path["../../../../opa/gatekeeper/constraint-templates/**.yaml"]: Read complete after 0s [id=5b3a4f4c27e588b7f9aefeb7caad50497b6c947ee312fe430446dff5c810fd6c]
module.trusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/workloads/**.yaml"]: Reading...
module.trusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/workloads/**.yaml"]: Read complete after 0s [id=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]
module.trusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/trusted/**.yaml"]: Reading...
module.trusted_workload_gatekeeper.data.kubectl_path_documents.constraints_path["../../../../prow/cluster/resources/gatekeeper-constraints/trusted/**.yaml"]: Read complete after 0s [id=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]
module.tekton_gatekeeper.kubectl_manifest.constraint_templates["apiVersion: templates.gatekeeper.sh/v1\nkind: ConstraintTemplate\nmetadata:\n  name: secrettrustedusage\n  annotations:\n    metadata.gatekeeper.sh/title: \"Secret Trusted Usage\"\n    metadata.gatekeeper.sh/version: 1.0.0\n    description: >-\n      Controls any Pod ability to use restricted secret.\nspec:\n  crd:\n    spec:\n      names:\n        kind: SecretTrustedUsage\n      validation:\n        openAPIV3Schema:\n          type: object\n          description: >-\n            Controls any Pod ability to use use restricted secret.\n          properties:\n            labels:\n              type: array\n              description: >-\n                A list of labels and values the object must specify.\n              items:\n                type: object\n                properties:\n                  key:\n                    type: string\n                    description: >-\n                      The required label.\n                  allowedRegex:\n                    type: string\n                    description: >-\n                      Regular expression the label's value must match. The value must contain one exact match for\n                      the regular expression.\n            restrictedSecrets:\n              type: array\n              description: >-\n                A list of restricted secrets.\n              items:\n                type: string\n                description: >-\n                  The restricted secret name.\n            trustedServiceAccounts:\n              type: array\n              description: >-\n                A list of trusted service accounts. If a Pod match criteria from trustedServiceAccount, it is allowed to use restricted secret.\n              items:\n                type: string\n                description: >-\n                  The trusted service account name.\n            trustedImages:\n              type: array\n              description: >-\n                A list of trusted images. If a Pod match criteria from trustedImage, it is allowed to use restricted secret.\n              items:\n                type: object\n                description: >-\n                  The trusted image criteria.\n                properties:\n                  image:\n                    type: string\n                    description: >-\n                      The container trusted image name.\n                  command:\n                    type: array\n                    description: >-\n                      The list of container trusted commands to run.\n                    items:\n                      type: string\n                      description: >-\n                        The trusted command to run.\n                  args:\n                    type: array\n                    description: >-\n                      The trusted arguments to pass to the command.\n                    items:\n                      type: string\n                      description: >-\n                        The trusted argument to pass to the command.\n  targets:\n    - target: admission.k8s.gatekeeper.sh\n      rego: |\n        package kubernetes.secrettrustedusage\n        \n        import future.keywords.contains\n        import future.keywords.if\n        import future.keywords.in\n  \n        # Report violation if the container is using a restricted secret and does not match trusted usage criteria.\n        # Violation is check if secret is used in env.envFrom container spec.\n        violation[{\"msg\": msg}] {\n          some k\n          # Iterate over all containers in the pod.\n          container := input_containers[_]\n        \n          # Check if the container is using a restricted secret.\n          container.envFrom[_].secretRef.name == input.parameters.restrictedSecrets[k]\n        \n          # Check if container is not matching trusted usage criteria.\n          not trustedUsages(container)\n        \n          # Format violation message.\n          msg := sprintf(\"Container %v is not allowed to use restricted secret: %v.\", [container.name, input.parameters.restrictedSecrets[k]])\n        }\n  \n        # Report violation if the container is using a restricted secret and does not match trusted usage criteria.\n        # Violation is check if secret is used in env.valueFrom container spec.\n        violation[{\"msg\": msg}] {\n          some k\n          # Iterate over all containers in the pod.\n          container := input_containers[_]\n        \n          # Check if the container is using a restricted secret.\n          container.env[_].valueFrom.secretKeyRef.name == input.parameters.restrictedSecrets[k]\n        \n          # Check if container is not matching trusted usage criteria.\n          not trustedUsages(container)\n        \n          # Format violation message.\n          msg := sprintf(\"Container %v is not allowed to use restricted secret: %v.\", [container.name, input.parameters.restrictedSecrets[k]])\n        }\n  \n        # Report violation if the container is using a restricted secret and does not match trusted usage criteria.\n        # Violation is check if secret is mount as volume.\n        violation[{\"msg\": msg}] {\n          some k, j\n          # Iterate over all containers in the pod.\n          container := input_containers[_]\n        \n          # Check if the container is using a restricted secret.\n          input.review.object.spec.volumes[j].secret.secretName == input.parameters.restrictedSecrets[k]\n          container.volumeMounts[_].name == input.review.object.spec.volumes[j].name\n        \n          # Check if container is not matching trusted usage criteria.\n          not trustedUsages(container)\n        \n          # Format violation message.\n          msg := sprintf(\"Container %v is not allowed to use restricted secret: %v.\", [container.name, input.parameters.restrictedSecrets[k]])\n        }\n        \n        trustedUsages(container) {\n          some j\n          trustedSA := object.get(input.parameters, \"trustedServiceAccounts\", [input.review.object.spec.serviceAccountName])\n          input.review.object.spec.serviceAccountName == trustedSA[_]\n          glob.match(input.parameters.trustedImages[j].image, null, container.image)\n          checkCommand(container, input.parameters.trustedImages[j])\n          checkArgs(container, input.parameters.trustedImages[j])\n          checkLabels(input.review.object, input.parameters)\n        }\n  \n        # Check if trusted usage criteria does not define required labels.\n        # Function evaluate too true if required labels are not defined.\n        checkLabels(reviewObject, inputParameters) if {\n          paramLabels := object.get(inputParameters, \"labels\", [])\n        \n          # Check if the required labels array is empty.\n          count(paramLabels) == 0\n  \n          # Getting pod labels to prevent unused variable error.\n          _ := object.get(reviewObject.metadata, \"labels\", [])\n        }\n  \n        # Check if the pod has required labels.\n        checkLabels(reviewObject, inputParameters) if {\n          # Check if the required labels array is not empty.\n          paramLabels := object.get(inputParameters, \"labels\", [])\n          count(paramLabels) > 0\n        \n          # Check if the pod labels array is not empty.\n          reviewLabels := object.get(reviewObject.metadata, \"labels\", [])\n          count(reviewLabels) > 0\n        \n          # Check if the pod has required labels.\n          value := reviewLabels[key]\n          expected := input.parameters.labels[_]\n          expected.key == key\n        \n          # Check if the label value matches the regular expression.\n          # If the required label does not define allowedRegex, use default value \".*\" to match any value.\n          reg := object.get(expected, \"allowedRegex\", \".*\")\n          regex.match(reg, value)\n        }\n  \n        # Check if trusted usage criteria does not define trusted commands.\n        checkCommand(container, trustedImage) if {\n          trustedCommand := object.get(trustedImage, \"command\", [])\n          count(trustedCommand) == 0\n        \n          # Getting container command to prevent unused variable error.\n          _ := object.get(container, \"command\", [])\n        }\n  \n        # Check if the container is using a trusted commands.\n        # Function evaluate too true if the container is using exactly the same trusted commands.\n        # Number and order of commands must match.\n        checkCommand(container, trustedImage) if {\n          trustedCommand := object.get(trustedImage, \"command\", [])\n          containerCommand := object.get(container, \"command\", [])\n          count(containerCommand) == count(trustedCommand)\n        \n          # Allow using wildcard to match variable part of the command.\n          glob.match(trustedCommand[i], null, containerCommand[i])\n        }\n  \n        # Check if trusted usage criteria does not define trusted arguments.\n        checkArgs(container, trustedImage) if {\n          trustedArgs := object.get(trustedImage, \"args\", [])\n          count(trustedArgs) == 0\n        \n          # Getting container args to prevent unused variable error.\n          _ := object.get(container, \"args\", [])\n        }\n  \n        # Check if the container is using a trusted arguments.\n        # Function evaluate too true if the container is using exactly the same trusted arguments.\n        # Number and order of commands must match.\n        checkArgs(container, trustedImage) if {\n          trustedArgs := object.get(trustedImage, \"args\", [])\n          containerArgs := object.get(container, \"args\", [])\n          count(containerArgs) == count(trustedArgs)\n  \n          # Allow using wildcard to match variable part of the argument.\n          glob.match(trustedArgs[i], null, containerArgs[i])\n        }\n  \n        # Get all pod containers.\n        input_containers contains c if {\n          c := input.review.object.spec.containers[_]\n        }\n  \n        # Get all pod init containers.\n        input_containers contains c if {\n          c := input.review.object.spec.initContainers[_]\n        }"]: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/secrettrustedusage]
module.tekton_gatekeeper.kubectl_manifest.constraints["# Constraint to allow only image-builder tool trusted usage on tekton cluster run as image-builder service account identity.\napiVersion: constraints.gatekeeper.sh/v1beta1\nkind: ServiceAccountTrustedUsage\nmetadata:\n  name: tekton-image-builder-sa-trusted-usage\nspec:\n  enforcementAction: warn\n  match:\n    kinds:\n      - apiGroups: [\"\"]\n        kinds: [\"Pod\"]\n  parameters:\n    restrictedServiceAccounts:\n      - image-builder\n    trustedImages:\n      - image: \"eu.gcr.io/sap-kyma-neighbors-dev/image-builder:*\"\n        command:\n          - /tekton/bin/entrypoint\n        args:\n          - -wait_file\n          - /tekton/downward/ready\n          - -wait_file_content\n          - -post_file\n          - /tekton/run/0/out\n          - -termination_path\n          - /tekton/termination\n          - -step_metadata_dir\n          - /tekton/run/0/status\n          - -entrypoint\n          - /image-builder\n          - --\n          - '--name=*'\n          - '--config=*'\n          - '--context=*'\n          - '--dockerfile=*'\n          - --log-dir=/\n      - image: \"gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:*\"\n        command:\n          - /ko-app/entrypoint\n          - init\n          - /ko-app/entrypoint\n          - /tekton/bin/entrypoint\n          - step-build-image"]: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/serviceaccounttrustedusages/tekton-image-builder-sa-trusted-usage]
module.tekton_gatekeeper.kubectl_manifest.constraint_templates["apiVersion: templates.gatekeeper.sh/v1\nkind: ConstraintTemplate\nmetadata:\n  name: serviceaccounttrustedusage\n  annotations:\n    metadata.gatekeeper.sh/title: \"ServiceAccount Trusted Usage\"\n    metadata.gatekeeper.sh/version: 1.0.0\n    description: >-\n      Controls a k8s workloads ability to use use restricted service accounts.\n      Workloads controlled by this constraint template are: ReplicationController, ReplicaSet, Deployment, StatefulSet, DaemonSet, Job, CronJob, Pod.\nspec:\n  crd:\n    spec:\n      names:\n        kind: ServiceAccountTrustedUsage\n      validation:\n        openAPIV3Schema:\n          type: object\n          description: >-\n            Controls a k8s workloads ability to use use restricted service accounts.\n          properties:\n            labels:\n              type: array\n              description: >-\n                A list of labels and values the object must specify.\n              items:\n                type: object\n                properties:\n                  key:\n                    type: string\n                    description: >-\n                      The required label.\n                  allowedRegex:\n                    type: string\n                    description: >-\n                      Regular expression the label's value must match. The value must contain one exact match for\n                      the regular expression.\n     

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

tate... [id=/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager]
module.prow_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit]
module.tekton_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assign.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplate.expansion.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/rolebindings/gatekeeper-manager-rolebinding]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/services/gatekeeper-webhook-service]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/expansiontemplatepodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignimage.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/resourcequotas/gatekeeper-critical-pods]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/policy/v1/namespaces/gatekeeper-system/poddisruptionbudgets/gatekeeper-controller-manager]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/gatekeeper-manager-rolebinding]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplatepodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/gatekeeper-validating-webhook-configuration]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/assignmetadata.mutations.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/namespaces/gatekeeper-system/roles/gatekeeper-manager-role]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/configs.config.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration"]: Refreshing state... [id=/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/gatekeeper-mutating-webhook-configuration]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/serviceaccounts/gatekeeper-admin]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constrainttemplates.templates.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.externaldata.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-controller-manager]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/constraintpodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system/secrets/gatekeeper-webhook-server-cert]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit"]: Refreshing state... [id=/apis/apps/v1/namespaces/gatekeeper-system/deployments/gatekeeper-audit]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/mutatorpodstatuses.status.gatekeeper.sh]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role"]: Refreshing state... [id=/apis/rbac.authorization.k8s.io/v1/clusterroles/gatekeeper-manager-role]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/api/v1/namespaces/gatekeeper-system"]: Refreshing state... [id=/api/v1/namespaces/gatekeeper-system]
module.trusted_workload_gatekeeper.kubectl_manifest.gatekeeper["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh"]: Refreshing state... [id=/apis/apiextensions.k8s.io/v1/customresourcedefinitions/modifyset.mutations.gatekeeper.sh]
module.trusted_workload_terraform_executor_k8s_service_account.kubernetes_secret.terraform_executor: Refreshing state... [id=default/terraform-executor]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with module.untrusted_workload_terraform_executor_k8s_service_account.kubernetes_service_account.terraform_executor,
  on ../../../../development/terraform-executor/terraform/modules/k8s-terraform-executor/main.tf line 15, in resource "kubernetes_service_account" "terraform_executor":
  15: resource "kubernetes_service_account" "terraform_executor" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty

(and 2 more similar warnings elsewhere)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

tekton_gatekeeper = <sensitive>
tekton_terraform_executor_k8s_service_account = {
  "terraform_executor_k8s_service_account" = {
    "automount_service_account_token" = true
    "default_secret_name" = ""
    "id" = "default/terraform-executor"
    "image_pull_secret" = toset([])
    "metadata" = tolist([
      {
        "annotations" = tomap({
          "iam.gke.io/gcp-service-account" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "generate_name" = ""
        "generation" = 0
        "labels" = tomap({})
        "name" = "terraform-executor"
        "namespace" = "default"
        "resource_version" = "128307926"
        "uid" = "51d95a38-fc8f-434f-bcb4-fa84ce96db29"
      },
    ])
    "secret" = toset([])
    "timeouts" = null /* object */
  }
}
terraform_executor_gcp_service_account = <sensitive>
trusted_workload_gatekeeper = <sensitive>
trusted_workload_terraform_executor_k8s_service_account = {
  "terraform_executor_k8s_service_account" = {
    "automount_service_account_token" = true
    "default_secret_name" = ""
    "id" = "default/terraform-executor"
    "image_pull_secret" = toset([])
    "metadata" = tolist([
      {
        "annotations" = tomap({
          "iam.gke.io/gcp-service-account" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "generate_name" = ""
        "generation" = 0
        "labels" = tomap({})
        "name" = "terraform-executor"
        "namespace" = "default"
        "resource_version" = "604056833"
        "uid" = "802f1b39-dbf0-4429-9612-cbc74ca7bccf"
      },
    ])
    "secret" = toset([])
    "timeouts" = null /* object */
  }
}
untrusted_workload_gatekeeper = <sensitive>
untrusted_workload_terraform_executor_k8s_service_account = {
  "terraform_executor_k8s_service_account" = {
    "automount_service_account_token" = true
    "default_secret_name" = ""
    "id" = "default/terraform-executor"
    "image_pull_secret" = toset([])
    "metadata" = tolist([
      {
        "annotations" = tomap({
          "iam.gke.io/gcp-service-account" = "terraform-executor@sap-kyma-prow.iam.gserviceaccount.com"
        })
        "generate_name" = ""
        "generation" = 0
        "labels" = tomap({})
        "name" = "terraform-executor"
        "namespace" = "default"
        "resource_version" = "599762309"
        "uid" = "e14bae6f-2239-4e1d-8b99-708e3c63c19c"
      },
    ])
    "secret" = toset([])
    "timeouts" = null /* object */
  }
}

dependabot bot requested a review from a team as a code owner May 30, 2023 19:03

dependabot bot requested review from Ressetkk and KacperMalachowski May 30, 2023 19:03

dependabot bot added area/dependency Issues or PRs related to dependency changes kind/chore Categorizes issue or PR as related to a chore. terraform Issues or PRs related to terraform. labels May 30, 2023

dependabot bot mentioned this pull request May 30, 2023

tf(deps): bump hashicorp/google from 4.65.2 to 4.66.0 in /configs/terraform/secrets-leaks-log-scanner #7748

Closed

dependabot bot assigned neighbors-dev-bot May 30, 2023

dependabot bot requested a review from Sawthis May 30, 2023 19:03

kyma-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. no-changes labels May 30, 2023

kyma-bot removed the no-changes label May 30, 2023

kyma-bot added the no-changes label Jun 1, 2023

halamix2 requested a review from neighbors-dev-bot June 1, 2023 08:52

halamix2 approved these changes Jun 1, 2023

View reviewed changes

kyma-bot assigned halamix2 Jun 1, 2023

kyma-bot added the lgtm Looks good to me! label Jun 1, 2023

neighbors-dev-bot approved these changes Jun 1, 2023

View reviewed changes

neighbors-dev-bot added the auto-approved Denotes a PR that was approved by automation. label Jun 1, 2023

kyma-bot merged commit 6c2c132 into main Jun 1, 2023
7 checks passed

kyma-bot deleted the dependabot/terraform/configs/terraform/secrets-leaks-log-scanner/hashicorp/google-4.67.0 branch June 1, 2023 08:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tf(deps): bump hashicorp/google from 4.65.2 to 4.67.0 in /configs/terraform/secrets-leaks-log-scanner #7787

tf(deps): bump hashicorp/google from 4.65.2 to 4.67.0 in /configs/terraform/secrets-leaks-log-scanner #7787

dependabot bot commented on behalf of github May 30, 2023

kyma-bot commented May 30, 2023 •

edited

kyma-bot commented May 30, 2023

halamix2 commented Jun 1, 2023

kyma-bot commented Jun 1, 2023

kyma-bot commented Jun 1, 2023

tf(deps): bump hashicorp/google from 4.65.2 to 4.67.0 in /configs/terraform/secrets-leaks-log-scanner #7787

tf(deps): bump hashicorp/google from 4.65.2 to 4.67.0 in /configs/terraform/secrets-leaks-log-scanner #7787

Conversation

dependabot bot commented on behalf of github May 30, 2023

v4.67.0

v4.66.0

4.67.0 (Unreleased)

4.66.0 (May 22, 2023)

kyma-bot commented May 30, 2023 • edited

Plan Result

kyma-bot commented May 30, 2023

✅ Apply Succeeded

halamix2 commented Jun 1, 2023

kyma-bot commented Jun 1, 2023

✅ Apply Succeeded

kyma-bot commented Jun 1, 2023

✅ Apply Succeeded

kyma-bot commented May 30, 2023 •

edited