Skip to content

Instantly share code, notes, and snippets.

@ghost-not-in-the-shell

ghost-not-in-the-shell/terraform-plan

Created August 20, 2020 23:39
Show Gist options
  • Save ghost-not-in-the-shell/7ac2b3e4cc08bbc5e3eb1fc29169e943 to your computer and use it in GitHub Desktop.
Save ghost-not-in-the-shell/7ac2b3e4cc08bbc5e3eb1fc29169e943 to your computer and use it in GitHub Desktop.
Download ZIP
terraform-plan-result-for-permission-change
Raw
terraform-plan
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.buildkite-east1-compute.aws_iam_user_policy.buildkite_aws_policy will be updated in-place
~ resource "aws_iam_user_policy" "buildkite_aws_policy" {
id = "buildkite-gke-east1:buildkite_agent_policy"
name = "buildkite_agent_policy"
~ policy = jsonencode(
~ {
~ Statement = [
{
Action = [
"secretsmanager:TagResource",
"secretsmanager:ListSecrets",
"secretsmanager:GetSecretValue",
]
Effect = "Allow"
Resource = "*"
Sid = ""
},
{
Action = [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::snark-keys.o1test.net/*",
"arn:aws:s3:::packages.o1test.net/*",
]
Sid = ""
},
~ {
~ Action = "s3:GetObject" -> [
+ "s3:PutObject",
+ "s3:GetObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::o1labs-terraform-state/*",
"arn:aws:s3:::o1labs-terraform-state-destination/*",
]
Sid = ""
},
]
Version = "2012-10-17"
}
)
user = "buildkite-gke-east1"
}
# module.buildkite-east1-compute.google_storage_bucket_iam_binding.buildkite_gcs_binding[0] will be updated in-place
~ resource "google_storage_bucket_iam_binding" "buildkite_gcs_binding" {
bucket = "b/buildkite_k8s"
etag = "CBg="
id = "b/buildkite_k8s/roles/storage.objectAdmin"
~ members = [
+ "serviceAccount:[email protected]",
- "serviceAccount:[email protected]",
]
role = "roles/storage.objectAdmin"
}
# module.buildkite-east4-compute.aws_iam_user_policy.buildkite_aws_policy will be updated in-place
~ resource "aws_iam_user_policy" "buildkite_aws_policy" {
id = "buildkite-gke-east4:buildkite_agent_policy"
name = "buildkite_agent_policy"
~ policy = jsonencode(
~ {
~ Statement = [
{
Action = [
"secretsmanager:TagResource",
"secretsmanager:ListSecrets",
"secretsmanager:GetSecretValue",
]
Effect = "Allow"
Resource = "*"
Sid = ""
},
{
Action = [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::snark-keys.o1test.net/*",
"arn:aws:s3:::packages.o1test.net/*",
]
Sid = ""
},
~ {
~ Action = "s3:GetObject" -> [
+ "s3:PutObject",
+ "s3:GetObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::o1labs-terraform-state/*",
"arn:aws:s3:::o1labs-terraform-state-destination/*",
]
Sid = ""
},
]
Version = "2012-10-17"
}
)
user = "buildkite-gke-east4"
}
Plan: 0 to add, 3 to change, 0 to destroy.
Warning: This resource is deprecated and will be removed in the next major version.
Please supply the URL of your repository to helm_release resources directly, using the repository attribute.
See: https://www.terraform.io/docs/providers/helm/r/release.html#example-usage
on ../../modules/kubernetes/buildkite-agent/helm.tf line 141, in data "helm_repository" "buildkite_helm_repo":
141: data "helm_repository" "buildkite_helm_repo" {
(and one more similar warning elsewhere)
------------------------------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment