feat(platform/infra): Create prod service account and pool

[aarushik93]

Background

Need a service account with the right perms for prod

Changes 🏗️

created a prod service account
created a workload identity pool
gave account all the right permissions

Testing 🔍

Note

Only for the new autogpt platform, currently in autogpt_platform/

• Create from scratch and execute an agent with at least 3 blocks
• Import an agent from file upload, and confirm it executes correctly
• Upload agent to marketplace
• Import an agent from marketplace and confirm it executes correctly
• Edit an agent from monitor, and confirm it executes correctly

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The PR introduces new service account emails and workload identity pool configurations in the Terraform files (dev.tfvars and prod.tfvars). While these are typically not considered secrets, they could potentially be used in conjunction with other information for unauthorized access. It's important to ensure that these configurations are appropriate for the intended environment and that access is properly restricted.

⚡ Recommended focus areas for review Security Concern The attribute condition in the google_iam_workload_identity_pool_provider resource is hardcoded to a specific repository owner. This might limit flexibility and require manual updates if the repository ownership changes. Potential Misconfiguration The workflow is configured to run on push to the 'dev' branch, but it's deploying to production environments. This could lead to unintended deployments to production. Configuration Error The liveness probe path has been changed from '/heath' to '/health'. Ensure this is the correct endpoint for the health check.

The base branch was changed.