-
-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[infra.ci.jenkins.io] Azure AD Password expired for terraform-production
(jenkins-infra/azure)
#4045
Comments
Rotated credentials with the following change (private link): https://github.com/jenkins-infra/terraform-states/commit/bbab9fe5e97ce12d1bdcc9be5581941515e7dbe1 It involved:
=> we'll have to apply this change (rotation + expiry) to all the other projects in https://github.com/jenkins-infra/terraform-states |
As per jenkins-infra/helpdesk#4045 (comment), the [name of the Azure SP used by Terraform in production for the `azure`project changed](jenkins-infra/terraform-states@bbab9fe) This PR updates the code to maps this change Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
Update:
|
Next steps before closing:
|
Update: jenkins-infra/azure-net has been updated:
|
The other projects have been updated (jenkins-infra/aws, jenkins-infra/cloudflare, jenkins-infra/digitalocean and jenkins-infra/fastly). Note that jenkins-infra/datadog has NOT been updated: it appears that its state is NOT managed in jenkins-infra/terraform-states (most probably never migrated from legacy state). Same method has been used:
|
Update: calendar events added. it won't 100% ensure we catch it before expiration but it is a start! |
Issue opened: #4051 |
Service(s)
Azure, infra.ci.jenkins.io
Summary
The credentials used by infra.ci.jenkins.io to manage the Terraform project jenkins-infra/azure are expired: any job quickly fail on early Terraform phases when accessing the shared state with the following error:
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: