Closed volovyks closed 2 months ago
@ChaoticTempest @ppca I think it is ready for review. Kick-node logic works + I've prepared our tests for havier resharing testing. Currently, incremental resharing above 6 is not stable. After 1 or more resharing signing can be stuck.
I will address those separately.
Locally longer resharing like this one works just fine:
assert!(ctx.remove_participant(None).await.is_ok());
// Going below T should error out
assert!(ctx.remove_participant(None).await.is_err());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
assert!(ctx.add_participant().await.is_ok());
assert!(ctx.remove_participant(None).await.is_ok());
LGTM. Why did the resharing test get stuck 50% of the time previously?
@ppca not sure, but I've refactored test logic heavily
success
success
Pusher: @volovyks, Action: pull_request
, Working Directory: `, Workflow:
Terraform Feature Env (Destroy)`
Terraform Feature Environment (dev-556)
Terraform Initialization ⚙️
success
Terraform Apply
success
Show Apply Plan
``` data.external.git_checkout: Reading... data.external.git_checkout: Read complete after 0s [id=-] data.google_compute_subnetwork.dev_subnetwork: Reading... data.google_compute_network.prod_network: Reading... data.google_compute_subnetwork.prod_subnetwork: Reading... data.google_compute_network.dev_network: Reading... google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_subnetwork.dev_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-dev-us-east1] google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_subnetwork.prod_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-prod-us-east1] google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser] data.google_compute_network.dev_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/dev] google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_network.prod_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/prod] google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-556@pagoda-discovery-platform-dev.iam.gserviceaccount.com] module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-556] module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-556] module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-556] module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-556/roles/run.invoker/allUsers] module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-556/roles/run.invoker/allUsers] module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-556/roles/run.invoker/allUsers] module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-556] module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-556/roles/run.invoker/allUsers] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.leader.google_cloud_run_v2_service.leader will be updated in-place ~ resource "google_cloud_run_v2_service" "leader" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-556" name = "mpc-recovery-leader-dev-556" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:0334f75c7d5f1f1d92239cd438e72ee881d84273" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3297353eee4bb9b19f4859be094ac4976f6f6dbb" # (2 unchanged attributes hidden) # (16 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.signer[0].google_cloud_run_v2_service.signer will be updated in-place ~ resource "google_cloud_run_v2_service" "signer" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-556" name = "mpc-recovery-signer-0-dev-556" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:0334f75c7d5f1f1d92239cd438e72ee881d84273" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3297353eee4bb9b19f4859be094ac4976f6f6dbb" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.signer[1].google_cloud_run_v2_service.signer will be updated in-place ~ resource "google_cloud_run_v2_service" "signer" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-556" name = "mpc-recovery-signer-1-dev-556" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:0334f75c7d5f1f1d92239cd438e72ee881d84273" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3297353eee4bb9b19f4859be094ac4976f6f6dbb" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.signer[2].google_cloud_run_v2_service.signer will be updated in-place ~ resource "google_cloud_run_v2_service" "signer" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-556" name = "mpc-recovery-signer-2-dev-556" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:0334f75c7d5f1f1d92239cd438e72ee881d84273" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3297353eee4bb9b19f4859be094ac4976f6f6dbb" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } Plan: 0 to add, 4 to change, 0 to destroy. module.signer[0].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-556] module.signer[1].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-556] module.signer[2].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-556] module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-556, 10s elapsed] module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-556, 10s elapsed] module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-556, 10s elapsed] module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-556, 20s elapsed] module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-556, 20s elapsed] module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-556, 20s elapsed] module.signer[0].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-556] module.signer[1].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-556] module.signer[2].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-556] module.leader.google_cloud_run_v2_service.leader: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-556] module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-556, 10s elapsed] module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-556, 20s elapsed] module.leader.google_cloud_run_v2_service.leader: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-556] Apply complete! Resources: 0 added, 4 changed, 0 destroyed. Outputs: leader_node = "https://mpc-recovery-leader-dev-556-7tk2cmmtcq-ue.a.run.app" ```Pusher: @volovyks, Action:
pull_request
, Working Directory:`, Workflow:
Terraform Feature Env`URL:
https://mpc-recovery-leader-dev-556-7tk2cmmtcq-ue.a.run.app