Skip to content

Commit

Permalink
Remove unused project mentions (#12188)
Browse files Browse the repository at this point in the history
* Remove unused project mentions

* Remove unused project mentions
  • Loading branch information
akiioto authored Oct 22, 2024
1 parent 045b9b3 commit 0ba5f3b
Show file tree
Hide file tree
Showing 9 changed files with 0 additions and 79 deletions.
4 changes: 0 additions & 4 deletions configs/terraform/environments/prod/output.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,6 @@ output "terraform_executor_gcp_prow_project_iam_member" {
value = google_project_iam_member.terraform_executor_prow_project_owner
}

output "terraform_executor_gcp_workloads_project_iam_member" {
value = google_project_iam_member.terraform_executor_workloads_project_owner
}

output "terraform_executor_gcp_workload_identity" {
value = google_service_account_iam_binding.terraform_workload_identity
}
Expand Down
6 changes: 0 additions & 6 deletions configs/terraform/environments/prod/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,6 @@ provider "google" {
region = var.kyma_project_gcp_region
}

provider "google" {
alias = "workloads"
project = var.workloads_project_id
region = var.gcp_region
}

provider "google-beta" {
project = var.gcp_project_id
region = var.gcp_region
Expand Down
14 changes: 0 additions & 14 deletions configs/terraform/environments/prod/secrets-rotator.tf
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,6 @@ output "service_account_keys_rotator" {
value = module.service_account_keys_rotator
}

resource "google_project_iam_member" "service_account_keys_rotator_workloads_project" {
provider = google.workloads
project = var.workloads_project_id
role = "roles/iam.serviceAccountKeyAdmin"
member = "serviceAccount:${module.service_account_keys_rotator.service_account_keys_rotator_service_account.email}"
}

module "service_account_keys_cleaner" {
source = "../../modules/service-account-keys-cleaner"

Expand All @@ -65,13 +58,6 @@ output "service_account_keys_cleaner" {
value = module.service_account_keys_cleaner
}

resource "google_project_iam_member" "service_account_keys_cleaner_workloads_project" {
provider = google.workloads
project = var.workloads_project_id
role = "roles/iam.serviceAccountKeyAdmin"
member = "serviceAccount:${module.service_account_keys_cleaner.service_account_keys_cleaner_service_account.email}"
}

module "signify_secret_rotator" {
source = "../../modules/signify-secret-rotator"

Expand Down
6 changes: 0 additions & 6 deletions configs/terraform/environments/prod/service_accounts.tf
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,6 @@ resource "google_service_account" "sa-secret-update" {
description = "Can update secrets in Secret Manager"
}

resource "google_service_account" "sa-kyma-dns-serviceuser" {
account_id = "sa-kyma-dns-serviceuser"
display_name = "sa-kyma-dns-serviceuser"
description = "<Used by api-gateway> Service Account used to manipulate DNS entries in sap-kyma-prow-workloads. Will be removed with Prow"
}

resource "google_service_account" "sa-security-dashboard-oauth" {
account_id = "sa-security-dashboard-oauth"
display_name = "sa-security-dashboard-oauth"
Expand Down
18 changes: 0 additions & 18 deletions configs/terraform/environments/prod/terraform-executor.tf
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,6 @@ resource "google_service_account_iam_binding" "terraform_workload_identity" {
service_account_id = google_service_account.terraform_executor.name
}


# Grant owner role to terraform executor service account in the gcp workloads project.
resource "google_project_iam_member" "terraform_executor_workloads_project_owner" {
project = var.workloads_project_id
role = "roles/owner"
member = "serviceAccount:${google_service_account.terraform_executor.email}"
}

# Create the terraform planner GCP service account.
# Grants the browser permissions to refresh state of the resources.

Expand Down Expand Up @@ -76,16 +68,6 @@ resource "google_service_account_iam_binding" "terraform_planner_workload_identi
service_account_id = google_service_account.terraform_planner.name
}


resource "google_project_iam_member" "terraform_planner_workloads_project_read_access" {
for_each = toset([
"roles/viewer",
])
project = var.workloads_project_id
role = each.key
member = "serviceAccount:${google_service_account.terraform_planner.email}"
}

resource "google_service_account_iam_member" "terraform_executor_workload_identity_user" {
member = "principal://iam.googleapis.com/${module.gh_com_kyma_project_workload_identity_federation.pool_name}/subject/repository_id:${data.github_repository.test_infra.repo_id}:repository_owner_id:${var.github_kyma_project_organization_id}:workflow:${var.github_terraform_apply_workflow_name}"
role = "roles/iam.workloadIdentityUser"
Expand Down
6 changes: 0 additions & 6 deletions configs/terraform/environments/prod/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,6 @@ variable "gcp_project_id" {
description = "Google Cloud project to create resources."
}

variable "workloads_project_id" {
type = string
default = "sap-kyma-prow-workloads"
description = "Additional Google Cloud project ID."
}

variable "gatekeeper_manifest_path" {
type = string
default = "../../../../opa/gatekeeper/deployments/gatekeeper.yaml"
Expand Down
10 changes: 0 additions & 10 deletions pkg/tools/pjtester/test_artifacts/test-prow-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -377,16 +377,6 @@ presets:
env:
- name: CLOUDSDK_COMPUTE_REGION
value: "europe-west4"
- labels:
preset-gc-project-env: "true"
env:
- name: CLOUDSDK_CORE_PROJECT
value: "sap-kyma-prow-workloads"
- labels:
preset-kms-gc-project-env: "true"
env:
- name: CLOUDSDK_KMS_PROJECT
value: "sap-kyma-prow-workloads"
- labels:
preset-sa-vm-kyma-integration: "true" # Service account with "Compute Admin" and "Compute OS Admin Login" roles
env:
Expand Down
10 changes: 0 additions & 10 deletions prow/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -529,16 +529,6 @@ presets:
env:
- name: CLOUDSDK_COMPUTE_REGION
value: "europe-west4"
- labels:
preset-gc-project-env: "true"
env:
- name: CLOUDSDK_CORE_PROJECT
value: "sap-kyma-prow-workloads"
- labels:
preset-kms-gc-project-env: "true"
env:
- name: CLOUDSDK_KMS_PROJECT
value: "sap-kyma-prow-workloads"
- labels:
preset-sa-vm-kyma-integration: "true" # Service account with "Compute Admin" and "Compute OS Admin Login" roles
env:
Expand Down
5 changes: 0 additions & 5 deletions prow/jobs/kyma-project/test-infra/periodics.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ periodics: # runs on schedule
prow.k8s.io/pubsub.project: "sap-kyma-prow"
prow.k8s.io/pubsub.runID: "utilities-kyma-integration-cleaner"
prow.k8s.io/pubsub.topic: "prowjobs"
preset-gc-project-env: "true"
cron: "30 * * * 1-5"
skip_report: false
decorate: true
Expand Down Expand Up @@ -43,7 +42,6 @@ periodics: # runs on schedule
prow.k8s.io/pubsub.project: "sap-kyma-prow"
prow.k8s.io/pubsub.runID: "orphaned-disks-cleaner"
prow.k8s.io/pubsub.topic: "prowjobs"
preset-gc-project-env: "true"
preset-sa-gke-kyma-integration: "true"
cron: "30 * * * *"
skip_report: false
Expand Down Expand Up @@ -107,7 +105,6 @@ periodics: # runs on schedule
prow.k8s.io/pubsub.project: "sap-kyma-prow"
prow.k8s.io/pubsub.runID: "orphaned-clusters-cleaner"
prow.k8s.io/pubsub.topic: "prowjobs"
preset-gc-project-env: "true"
preset-sa-gke-kyma-integration: "true"
cron: "0 * * * *"
skip_report: false
Expand Down Expand Up @@ -139,7 +136,6 @@ periodics: # runs on schedule
prow.k8s.io/pubsub.project: "sap-kyma-prow"
prow.k8s.io/pubsub.runID: "orphaned-vms-cleaner"
prow.k8s.io/pubsub.topic: "prowjobs"
preset-gc-project-env: "true"
preset-sa-gke-kyma-integration: "true"
cron: "15,45 * * * *"
skip_report: false
Expand Down Expand Up @@ -172,7 +168,6 @@ periodics: # runs on schedule
prow.k8s.io/pubsub.project: "sap-kyma-prow"
prow.k8s.io/pubsub.runID: "orphaned-loadbalancer-cleaner"
prow.k8s.io/pubsub.topic: "prowjobs"
preset-gc-project-env: "true"
preset-sa-gke-kyma-integration: "true"
cron: "15 * * * *"
skip_report: false
Expand Down

0 comments on commit 0ba5f3b

Please sign in to comment.