temp disable spacelift dependency check

[codevbus]

No description provided.

[spacelift-trufflesecurity]

logwarden-prod plan logs

Click here to expand

[01H52GHA9XKGT7WN6VPHDSXG1Z] Planning changes with 0 custom hooks...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # google_secret_manager_secret.config will be created
  + resource "google_secret_manager_secret" "config" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + labels      = {
          + "secretmanager" = "logwarden"
        }
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "logwarden"

      + replication {
          + automatic = true
        }
    }

  # google_secret_manager_secret_version.config will be created
  + resource "google_secret_manager_secret_version" "config" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = "logwarden"
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.logwarden.data.google_secret_manager_secret.config will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "google_secret_manager_secret" "config" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + labels      = (known after apply)
      + name        = (known after apply)
      + project     = "truffle-audit"
      + replication = (known after apply)
      + rotation    = (known after apply)
      + secret_id   = "logwarden"
      + topics      = (known after apply)
      + ttl         = (known after apply)
    }

  # module.logwarden.google_cloud_run_v2_service.main will be created
  + resource "google_cloud_run_v2_service" "main" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_INTERNAL_ONLY"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-central1"
      + name                    = "logwarden-us-central1-prod"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "--subscription=logwarden-audit-logs-sub-us-central1-prod",
                  + "--project=truffle-audit",
                  + "--secret-name=logwarden",
                  + "--policies=gs://logwarden-policies-us-central1-prod",
                  + "--json",
                ]
              + image = "us-docker.pkg.dev/thog-artifacts/public/logwarden:latest"

              + ports {
                  + container_port = 8080
                  + name           = (known after apply)
                }

              + startup_probe {
                  + failure_threshold     = 3
                  + initial_delay_seconds = 120
                  + period_seconds        = 10
                  + timeout_seconds       = 1

                  + tcp_socket {
                      + port = (known after apply)
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.logwarden.google_logging_organization_sink.audit_logs will be created
  + resource "google_logging_organization_sink" "audit_logs" {
      + description      = "audit logs for the organization"
      + destination      = (known after apply)
      + filter           = <<-EOT
            LOG_ID("cloudaudit.googleapis.com/activity") OR LOG_ID("externalaudit.googleapis.com/activity") OR LOG_ID("cloudaudit.googleapis.com/system_event") OR LOG_ID("externalaudit.googleapis.com/system_event") OR LOG_ID("cloudaudit.googleapis.com/access_transparency") OR LOG_ID("externalaudit.googleapis.com/access_transparency")
            -protoPayload.serviceName="k8s.io"
        EOT
      + id               = (known after apply)
      + include_children = true
      + name             = "logwarden-audit-logs-us-central1-prod"
      + org_id           = "355714717819"
      + writer_identity  = (known after apply)
    }

  # module.logwarden.google_project_iam_member.service will be created
  + resource "google_project_iam_member" "service" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = (known after apply)
      + project = "truffle-audit"
      + role    = "roles/iam.serviceAccountUser"
    }

  # module.logwarden.google_project_service.cloudrun will be created
  + resource "google_project_service" "cloudrun" {
      + disable_on_destroy = true
      + id                 = (known after apply)
      + project            = (known after apply)
      + service            = "run.googleapis.com"
    }

  # module.logwarden.google_pubsub_subscription.logwarden will be created
  + resource "google_pubsub_subscription" "logwarden" {
      + ack_deadline_seconds       = 20
      + enable_message_ordering    = false
      + id                         = (known after apply)
      + message_retention_duration = "3600s"
      + name                       = "logwarden-audit-logs-sub-us-central1-prod"
      + project                    = "truffle-audit"
      + retain_acked_messages      = true
      + topic                      = (known after apply)

      + expiration_policy {
          + ttl = "432000s"
        }

      + retry_policy {
          + maximum_backoff = (known after apply)
          + minimum_backoff = "10s"
        }
    }

  # module.logwarden.google_pubsub_subscription_iam_member.pubsub will be created
  + resource "google_pubsub_subscription_iam_member" "pubsub" {
      + etag         = (known after apply)
      + id           = (known after apply)
      + member       = (known after apply)
      + project      = "truffle-audit"
      + role         = "roles/pubsub.subscriber"
      + subscription = (known after apply)
    }

  # module.logwarden.google_pubsub_topic.audit_logs will be created
  + resource "google_pubsub_topic" "audit_logs" {
      + id      = (known after apply)
      + name    = "logwarden-audit-logs-us-central1-prod"
      + project = "truffle-audit"
    }

  # module.logwarden.google_secret_manager_secret_iam_member.config will be created
  + resource "google_secret_manager_secret_iam_member" "config" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = "truffle-audit"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.logwarden.google_service_account.main will be created
  + resource "google_service_account" "main" {
      + account_id = "logwarden-us-central1-prod"
      + disabled   = false
      + email      = (known after apply)
      + id         = (known after apply)
      + member     = (known after apply)
      + name       = (known after apply)
      + project    = "truffle-audit"
      + unique_id  = (known after apply)
    }

  # module.logwarden.google_storage_bucket.rego_policies will be created
  + resource "google_storage_bucket" "rego_policies" {
      + force_destroy               = true
      + id                          = (known after apply)
      + location                    = "US"
      + name                        = "logwarden-policies-us-central1-prod"
      + project                     = (known after apply)
      + public_access_prevention    = "enforced"
      + self_link                   = (known after apply)
      + storage_class               = "STANDARD"
      + uniform_bucket_level_access = true
      + url                         = (known after apply)
    }

Plan: 12 to add, 0 to change, 0 to destroy.

[01H52GHA9XKGT7WN6VPHDSXG1Z] Changes are GO
[01H52GHA9XKGT7WN6VPHDSXG1Z] Uploading the list of managed resources...
[01H52GHA9XKGT7WN6VPHDSXG1Z] Please be aware that Run changes calculation includes Terraform output changes.
[01H52GHA9XKGT7WN6VPHDSXG1Z] Resource list upload is GO
[01H52GHA9XKGT7WN6VPHDSXG1Z] Generating JSON representation of the plan...
[01H52GHA9XKGT7WN6VPHDSXG1Z] JSON representation is GO
[01H52GHA9XKGT7WN6VPHDSXG1Z] Loading custom plan policy inputs...
[01H52GHA9XKGT7WN6VPHDSXG1Z] 0 custom plan policy inputs found
[01H52GHA9XKGT7WN6VPHDSXG1Z] No plan policies to evaluate