[仮][変更] Secert Manager Addonを有効化

[xpadev-net]

多分合ってる
やったこと

• providerのv4.xにはSecretManagerの項目がなかったので6.xに更新
• なんか発生していたエラーを修正
• 24/08/29の会議で爆破されたポスグレ11のDBの定義を削除

terraform apply -refresh-onlyを実行したら差分がだいぶみえたので一旦定義側を更新したほうが良いかもしれない

[github-actions]

terraform/basic

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan

```terraform Acquiring state lock. This may take a few moments... google_monitoring_uptime_check_config.https_check: Refreshing state... [id=projects/mitou-jr/uptimeCheckConfigs/10816343371595221599] google_pubsub_topic.default: Refreshing state... [id=projects/mitou-jr/topics/mattermost-alert] google_compute_network.default: Refreshing state... [id=projects/mitou-jr/global/networks/default] google_kms_key_ring.primary-keyring: Refreshing state... [id=projects/mitou-jr/locations/asia-northeast1/keyRings/primary-keyring] google_compute_managed_ssl_certificate.default: Refreshing state... [id=projects/mitou-jr/global/sslCertificates/primary-cert] google_monitoring_notification_channel.email: Refreshing state... [id=projects/mitou-jr/notificationChannels/12221508552024516705] google_sql_database_instance.primary: Refreshing state... [id=primary] google_compute_health_check.http-health-check: Refreshing state... [id=projects/mitou-jr/global/healthChecks/http-health-check] google_storage_bucket.gcs-tf-basic: Refreshing state... [id=mitou-jr-tf-basic] google_storage_bucket.default: Refreshing state... [id=mitou-jr] google_dns_managed_zone.primary-zone: Refreshing state... [id=projects/mitou-jr/managedZones/mattermost-dnszone] google_storage_bucket.secrets: Refreshing state... [id=mitou-jr-secret] google_storage_bucket.gcs-tf-iam: Refreshing state... [id=mitou-jr-tf-iam] google_compute_global_address.lb-address: Refreshing state... [id=projects/mitou-jr/global/addresses/lb-address] google_monitoring_notification_channel.default: Refreshing state... [id=projects/mitou-jr/notificationChannels/5741651829358921573] google_compute_backend_service.default: Refreshing state... [id=projects/mitou-jr/global/backendServices/backend-service] google_compute_firewall.allow-mattertmost: Refreshing state... [id=projects/mitou-jr/global/firewalls/allow-mattermost] google_compute_firewall.default: Refreshing state... [id=projects/mitou-jr/global/firewalls/allow-egress] google_compute_firewall.ssh: Refreshing state... [id=projects/mitou-jr/global/firewalls/allow-ssh] google_compute_firewall.allow-hc: Refreshing state... [id=projects/mitou-jr/global/firewalls/allow-hc] google_compute_subnetwork.default: Refreshing state... [id=projects/mitou-jr/regions/asia-northeast1/subnetworks/main-subnet] google_dns_record_set.primary-a-record: Refreshing state... [id=projects/mitou-jr/managedZones/mattermost-dnszone/rrsets/mattermost.jr.mitou.org./A] google_monitoring_alert_policy.https_check_alert: Refreshing state... [id=projects/mitou-jr/alertPolicies/21376706582861365] google_compute_url_map.default: Refreshing state... [id=projects/mitou-jr/global/urlMaps/urlmap] google_kms_crypto_key.primary-key: Refreshing state... [id=projects/mitou-jr/locations/asia-northeast1/keyRings/primary-keyring/cryptoKeys/primary-key] google_compute_target_https_proxy.default: Refreshing state... [id=projects/mitou-jr/global/targetHttpsProxies/primary-https-proxy] google_container_cluster.primary: Refreshing state... [id=projects/mitou-jr/locations/asia-northeast1/clusters/primary-cluster] google_compute_global_forwarding_rule.google_compute_forwarding_rule: Refreshing state... [id=projects/mitou-jr/global/forwardingRules/l7-forwarding-rule]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

google_kms_crypto_key.primary-key has been changed

~ resource "google_kms_crypto_key" "primary-key" {
~ destroy_scheduled_duration = "86400s" -> "2592000s"
+ effective_labels = {}
id = "projects/mitou-jr/locations/asia-northeast1/keyRings/primary-keyring/cryptoKeys/primary-key"
name = "primary-key"
+ primary = [
+ {
+ name = "projects/mitou-jr/locations/asia-northeast1/keyRings/primary-keyring/cryptoKeys/primary-key/cryptoKeyVersions/1"
+ state = "ENABLED"
},
]
+ terraform_labels = {}
# (5 unchanged attributes hidden)

    # (1 unchanged block hidden)
}

google_storage_bucket.gcs-tf-iam has been changed

~ resource "google_storage_bucket" "gcs-tf-iam" {
+ enable_object_retention = false
id = "mitou-jr-tf-iam"
name = "mitou-jr-tf-iam"
+ project_number = 233207969476
+ public_access_prevention = "inherited"
+ terraform_labels = {}
# (11 unchanged attributes hidden)

  + soft_delete_policy {
      + effective_time             = "2024-03-01T08:00:00.000Z"
      + retention_duration_seconds = 604800
    }
}

google_compute_global_forwarding_rule.google_compute_forwarding_rule has been changed

~ resource "google_compute_global_forwarding_rule" "google_compute_forwarding_rule" {
+ effective_labels = {}
id = "projects/mitou-jr/global/forwardingRules/l7-forwarding-rule"
name = "l7-forwarding-rule"
~ port_range = "443" -> "443-443"
+ source_ip_ranges = []
~ target = "projects/mitou-jr/global/targetHttpsProxies/primary-https-proxy" -> "https://www.googleapis.com/compute/v1/projects/mitou-jr/global/targetHttpsProxies/primary-https-proxy"
+ terraform_labels = {}
# (7 unchanged attributes hidden)
}

google_compute_network.default has been changed

~ resource "google_compute_network" "default" {
+ enable_ula_internal_ipv6 = false
id = "projects/mitou-jr/global/networks/default"
name = "default"
+ network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
+ numeric_id = "2878907759851297012"
# (6 unchanged attributes hidden)
}

google_monitoring_notification_channel.default has been changed

~ resource "google_monitoring_notification_channel" "default" {
+ force_delete = false
id = "projects/mitou-jr/notificationChannels/5741651829358921573"
name = "projects/mitou-jr/notificationChannels/5741651829358921573"
# (6 unchanged attributes hidden)
}

google_dns_managed_zone.primary-zone has been changed

~ resource "google_dns_managed_zone" "primary-zone" {
+ creation_time = "2021-12-04T11:40:01.127Z"
+ effective_labels = {}
id = "projects/mitou-jr/managedZones/mattermost-dnszone"
+ managed_zone_id = 8452461933058921255
name = "mattermost-dnszone"
+ terraform_labels = {}
# (7 unchanged attributes hidden)

  + cloud_logging_config {
      + enable_logging = false
    }
}

google_compute_managed_ssl_certificate.default has been changed

~ resource "google_compute_managed_ssl_certificate" "default" {
~ expire_time = "2023-09-17T23:40:40.000-07:00" -> "2024-10-18T11:54:40.000-07:00"
id = "projects/mitou-jr/global/sslCertificates/primary-cert"
name = "primary-cert"
# (6 unchanged attributes hidden)

    # (1 unchanged block hidden)
}

google_compute_url_map.default has been changed

~ resource "google_compute_url_map" "default" {
~ fingerprint = "z44lRc7jl98=" -> "UEMFqxUsNvo="
id = "projects/mitou-jr/global/urlMaps/urlmap"
name = "urlmap"
# (6 unchanged attributes hidden)

    # (2 unchanged blocks hidden)
}

google_monitoring_uptime_check_config.https_check has been changed

~ resource "google_monitoring_uptime_check_config" "https_check" {
id = "projects/mitou-jr/uptimeCheckConfigs/10816343371595221599"
name = "projects/mitou-jr/uptimeCheckConfigs/10816343371595221599"
+ user_labels = {}
# (7 unchanged attributes hidden)

  ~ http_check {
        # (7 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

    # (2 unchanged blocks hidden)
}

google_monitoring_alert_policy.https_check_alert has been changed

~ resource "google_monitoring_alert_policy" "https_check_alert" {
id = "projects/mitou-jr/alertPolicies/21376706582861365"
name = "projects/mitou-jr/alertPolicies/21376706582861365"
# (7 unchanged attributes hidden)

  ~ conditions {
        name         = "projects/mitou-jr/alertPolicies/21376706582861365/conditions/5939228043259956913"
        # (1 unchanged attribute hidden)

      ~ condition_threshold {
            # (4 unchanged attributes hidden)


            # (2 unchanged blocks hidden)
        }
    }
}

google_compute_subnetwork.default has been changed

~ resource "google_compute_subnetwork" "default" {
id = "projects/mitou-jr/regions/asia-northeast1/subnetworks/main-subnet"
name = "main-subnet"
~ private_ip_google_access = false -> true
# (10 unchanged attributes hidden)

  ~ secondary_ip_range {
        # (2 unchanged attributes hidden)
    }
  ~ secondary_ip_range {
        # (2 unchanged attributes hidden)
    }
}

google_container_cluster.primary has been changed

~ resource "google_container_cluster" "primary" {
+ effective_labels = {}
+ enable_cilium_clusterwide_network_policy = false
+ enable_fqdn_network_policy = false
+ enable_l4_ilb_subsetting = false
+ enable_multi_networking = false
id = "projects/mitou-jr/locations/asia-northeast1/clusters/primary-cluster"
~ master_version = "1.26.5-gke.1200" -> "1.29.7-gke.1104000"
name = "primary-cluster"
~ node_version = "1.26.5-gke.1200" -> "1.29.7-gke.1104000"
~ self_link = "https://container.googleapis.com/v1/projects/mitou-jr/locations/asia-northeast1/clusters/primary-cluster" -> "https://container.googleapis.com/v1beta1/projects/mitou-jr/locations/asia-northeast1/clusters/primary-cluster"
+ terraform_labels = {}
# (22 unchanged attributes hidden)

  ~ addons_config {

      + dns_cache_config {
          + enabled = true
        }

      + gce_persistent_disk_csi_driver_config {
          + enabled = true
        }

      + gcp_filestore_csi_driver_config {
          + enabled = true
        }

      + gcs_fuse_csi_driver_config {
          + enabled = true
        }

        # (1 unchanged block hidden)
    }

  + binary_authorization {
      + enabled = false
    }

  ~ cluster_autoscaling {
      + auto_provisioning_locations = []
      + autoscaling_profile         = "OPTIMIZE_UTILIZATION"
        # (1 unchanged attribute hidden)

      ~ auto_provisioning_defaults {
          + disk_size       = 0
          + image_type      = "COS_CONTAINERD"
            # (2 unchanged attributes hidden)

          + management {
              + auto_repair     = true
              + auto_upgrade    = true
              + upgrade_options = []
            }

          + upgrade_settings {
              + max_surge       = 1
              + max_unavailable = 0
              + strategy        = "SURGE"
            }
        }

        # (4 unchanged blocks hidden)
    }

  + cluster_telemetry {
      + type = "ENABLED"
    }



  ~ ip_allocation_policy {
      + stack_type                    = "IPV4"
        # (4 unchanged attributes hidden)
    }



  ~ monitoring_config {
        # (1 unchanged attribute hidden)

      + managed_prometheus {
          + enabled = true
        }
    }


  ~ node_config {
      + effective_taints            = []
      + enable_confidential_storage = false
      + logging_variant             = "DEFAULT"
      + resource_labels             = {}
      + resource_manager_tags       = {}
      + spot                        = false
        tags                        = []
        # (10 unchanged attributes hidden)

      + reservation_affinity {
          + consume_reservation_type = "NO_RESERVATION"
          + values                   = []
        }


        # (2 unchanged blocks hidden)
    }

  ~ node_pool {
        name                        = "nap-v4ripvaw"
      ~ version                     = "1.26.5-gke.1200" -> "1.29.7-gke.1104000"
        # (6 unchanged attributes hidden)

      ~ autoscaling {
          + location_policy      = "BALANCED"
          + total_max_node_count = 0
          + total_min_node_count = 0
            # (2 unchanged attributes hidden)
        }


      + network_config {
          + create_pod_range     = false
          + enable_private_nodes = false
          + pod_ipv4_cidr_block  = "10.1.0.0/20"
          + pod_range            = "pods"
        }

      ~ node_config {
          + effective_taints            = []
          + enable_confidential_storage = false
          + logging_variant             = "DEFAULT"
          + resource_labels             = {}
          + resource_manager_tags       = {}
          + spot                        = false
            tags                        = []
            # (10 unchanged attributes hidden)

          + reservation_affinity {
              + consume_reservation_type = "NO_RESERVATION"
              + values                   = []
            }


            # (2 unchanged blocks hidden)
        }

      ~ upgrade_settings {
          + strategy        = "SURGE"
            # (2 unchanged attributes hidden)
        }
        # (1 unchanged block hidden)
    }

  + node_pool_defaults {
      + node_config_defaults {
          + logging_variant = "DEFAULT"
        }
    }

  + notification_config {
      + pubsub {
          + enabled = false
        }
    }

  + pod_security_policy_config {
      + enabled = false
    }

  + private_cluster_config {
      + enable_private_endpoint = false
      + enable_private_nodes    = false
      + private_endpoint        = "10.10.10.62"
      + public_endpoint         = "34.84.41.237"

      + master_global_access_config {
          + enabled = false
        }
    }


  + secret_manager_config {
      + enabled = false
    }

  + service_external_ips_config {
      + enabled = false
    }


    # (8 unchanged blocks hidden)
}

google_compute_target_https_proxy.default has been changed

~ resource "google_compute_target_https_proxy" "default" {
+ certificate_manager_certificates = []
+ http_keep_alive_timeout_sec = 0
id = "projects/mitou-jr/global/targetHttpsProxies/primary-https-proxy"
name = "primary-https-proxy"
+ tls_early_data = "DISABLED"
# (8 unchanged attributes hidden)
}

google_storage_bucket.default has been changed

~ resource "google_storage_bucket" "default" {
+ enable_object_retention = false
id = "mitou-jr"
name = "mitou-jr"
+ project_number = 233207969476
+ public_access_prevention = "inherited"
+ terraform_labels = {}
# (11 unchanged attributes hidden)

  + soft_delete_policy {
      + effective_time             = "2024-03-01T08:00:00.000Z"
      + retention_duration_seconds = 604800
    }
}

google_monitoring_notification_channel.email has been changed

~ resource "google_monitoring_notification_channel" "email" {
+ force_delete = false
id = "projects/mitou-jr/notificationChannels/12221508552024516705"
name = "projects/mitou-jr/notificationChannels/12221508552024516705"
# (6 unchanged attributes hidden)
}

google_sql_database_instance.primary has been deleted

• resource "google_sql_database_instance" "primary" {

  • connection_name = "mitou-jr:asia-northeast1:primary" -> null

  • database_version = "POSTGRES_11" -> null

  • deletion_protection = true -> null

  • first_ip_address = "35.187.209.37" -> null

  • id = "primary" -> null

  • ip_address = [

    • {
      • ip_address = "35.187.209.37"
      • time_to_retire = ""
      • type = "PRIMARY"
        },
    • {
      • ip_address = "34.146.119.19"
      • time_to_retire = ""
      • type = "OUTGOING"
        },
        ] -> null

  • name = "primary" -> null

  • project = "mitou-jr" -> null

  • public_ip_address = "35.187.209.37" -> null

  • region = "asia-northeast1" -> null

  • self_link = "https://sqladmin.googleapis.com/sql/v1beta4/projects/mitou-jr/instances/primary" -> null

  • server_ca_cert = (sensitive value)

  • service_account_email_address = "[email protected]" -> null

  • settings {

    • activation_policy = "ALWAYS" -> null

    • availability_type = "ZONAL" -> null

    • disk_autoresize = true -> null

    • disk_autoresize_limit = 0 -> null

    • disk_size = 10 -> null

    • disk_type = "PD_SSD" -> null

    • pricing_plan = "PER_USE" -> null

    • tier = "db-f1-micro" -> null

    • user_labels = {} -> null

    • version = 134 -> null

    • backup_configuration {

      • binary_log_enabled = false -> null

      • enabled = true -> null

      • location = "asia-northeast1" -> null

      • point_in_time_recovery_enabled = false -> null

      • start_time = "03:00" -> null

      • transaction_log_retention_days = 3 -> null

      • backup_retention_settings {

        • retained_backups = 3 -> null
        • retention_unit = "COUNT" -> null
          }
          }

    • ip_configuration {

      • ipv4_enabled = true -> null

      • authorized_networks {

        • name = "anonymous_allow" -> null
        • value = "0.0.0.0/0" -> null
          }
          }

    • location_preference {

      • zone = "asia-northeast1-a" -> null
        }
        }
        }

google_storage_bucket.secrets has been changed

~ resource "google_storage_bucket" "secrets" {
+ enable_object_retention = false
id = "mitou-jr-secret"
name = "mitou-jr-secret"
+ project_number = 233207969476
+ public_access_prevention = "inherited"
+ terraform_labels = {}
# (11 unchanged attributes hidden)

  + soft_delete_policy {
      + effective_time             = "2024-03-01T08:00:00.000Z"
      + retention_duration_seconds = 604800
    }

    # (1 unchanged block hidden)
}

google_compute_health_check.http-health-check has been changed

~ resource "google_compute_health_check" "http-health-check" {
id = "projects/mitou-jr/global/healthChecks/http-health-check"
name = "http-health-check"
+ source_regions = []
# (8 unchanged attributes hidden)

    # (2 unchanged blocks hidden)
}

google_storage_bucket.gcs-tf-basic has been changed

~ resource "google_storage_bucket" "gcs-tf-basic" {
+ enable_object_retention = false
id = "mitou-jr-tf-basic"
name = "mitou-jr-tf-basic"
+ project_number = 233207969476
+ public_access_prevention = "inherited"
+ terraform_labels = {}
# (11 unchanged attributes hidden)

  + soft_delete_policy {
      + effective_time             = "2024-03-01T08:00:00.000Z"
      + retention_duration_seconds = 604800
    }
}

google_pubsub_topic.default has been changed

~ resource "google_pubsub_topic" "default" {
+ effective_labels = {}
id = "projects/mitou-jr/topics/mattermost-alert"
name = "mattermost-alert"
+ terraform_labels = {}
# (2 unchanged attributes hidden)
}

google_compute_global_address.lb-address has been changed

~ resource "google_compute_global_address" "lb-address" {
+ effective_labels = {}
id = "projects/mitou-jr/global/addresses/lb-address"
+ label_fingerprint = "42WmSpB8rSM="
+ labels = {}
name = "lb-address"
+ terraform_labels = {}
# (6 unchanged attributes hidden)
}

google_compute_backend_service.default has been changed

~ resource "google_compute_backend_service" "default" {
+ generated_id = 8046822275384705745
id = "projects/mitou-jr/global/backendServices/backend-service"
name = "backend-service"
# (15 unchanged attributes hidden)

  + iap {
      + enabled                     = false
      + oauth2_client_secret_sha256 = (sensitive value)
    }
    # (3 unchanged blocks hidden)
}

Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place

Terraform will perform the following actions:

google_compute_backend_service.default will be updated in-place

~ resource "google_compute_backend_service" "default" {
id = "projects/mitou-jr/global/backendServices/backend-service"
name = "backend-service"
# (16 unchanged attributes hidden)

  - iap {
      - enabled                     = false -> null
      - oauth2_client_secret_sha256 = (sensitive value)
    }
    # (3 unchanged blocks hidden)
}

google_container_cluster.primary will be updated in-place

~ resource "google_container_cluster" "primary" {
id = "projects/mitou-jr/locations/asia-northeast1/clusters/primary-cluster"
name = "primary-cluster"
# (31 unchanged attributes hidden)

  ~ secret_manager_config {
      ~ enabled = false -> true
    }



    # (21 unchanged blocks hidden)
}

Plan: 0 to add, 2 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

</details>

[xpadev-net]

ここあっているかわからないので確認をお願いします 🙇‍♂️