search

near / mpc

30 stars 6 forks source link

feat: separate sign key for signing protocol messages #565

Closed ChaoticTempest closed 1 month ago

ChaoticTempest commented 2 months ago

This introduces a separate signing key for messages to be sent over the wire for protocols like triple, presignature and signature generation. @ppca this also adds in multichain-sign-sk-* to terraform so this introduces a new key needed to be added by partner nodes. This key can be generated via: 


    #[test]
    fn test() {
        let sk = near_crypto::SecretKey::from_random(near_crypto::KeyType::ED25519);
        println!("{sk}");
    }
github-actions[bot] commented 2 months ago

Terraform Feature Environment (dev-565)

Terraform Initialization ⚙️success

Terraform Apply success

Show Apply Plan ``` data.external.git_checkout: Reading... data.external.git_checkout: Read complete after 0s [id=-] data.google_compute_subnetwork.dev_subnetwork: Reading... data.google_compute_subnetwork.prod_subnetwork: Reading... data.google_compute_network.dev_network: Reading... data.google_compute_network.prod_network: Reading... google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser] google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_network.dev_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/dev] google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_subnetwork.prod_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-prod-us-east1] google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_subnetwork.dev_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-dev-us-east1] google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_network.prod_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/prod] google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565] module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565] module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565] module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565/roles/run.invoker/allUsers] module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565/roles/run.invoker/allUsers] module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565/roles/run.invoker/allUsers] module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565] module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565/roles/run.invoker/allUsers] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.leader.google_cloud_run_v2_service.leader will be updated in-place ~ resource "google_cloud_run_v2_service" "leader" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565" name = "mpc-recovery-leader-dev-565" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:f0a4026d10b83eb0eb8176c70c62e3486618401f" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" # (2 unchanged attributes hidden) # (16 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.signer[0].google_cloud_run_v2_service.signer will be updated in-place ~ resource "google_cloud_run_v2_service" "signer" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565" name = "mpc-recovery-signer-0-dev-565" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:f0a4026d10b83eb0eb8176c70c62e3486618401f" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.signer[1].google_cloud_run_v2_service.signer will be updated in-place ~ resource "google_cloud_run_v2_service" "signer" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565" name = "mpc-recovery-signer-1-dev-565" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:f0a4026d10b83eb0eb8176c70c62e3486618401f" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.signer[2].google_cloud_run_v2_service.signer will be updated in-place ~ resource "google_cloud_run_v2_service" "signer" { id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565" name = "mpc-recovery-signer-2-dev-565" # (17 unchanged attributes hidden) ~ template { # (6 unchanged attributes hidden) ~ containers { ~ image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:f0a4026d10b83eb0eb8176c70c62e3486618401f" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" # (2 unchanged attributes hidden) # (11 unchanged blocks hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } Plan: 0 to add, 4 to change, 0 to destroy. module.signer[0].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565] module.signer[1].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565] module.signer[2].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565] module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-565, 10s elapsed] module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-565, 10s elapsed] module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-565, 10s elapsed] module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-565, 20s elapsed] module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-565, 20s elapsed] module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-565, 20s elapsed] module.signer[2].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565] module.signer[0].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565] module.signer[1].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565] module.leader.google_cloud_run_v2_service.leader: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565] module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-565, 10s elapsed] module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-565, 20s elapsed] module.leader.google_cloud_run_v2_service.leader: Modifications complete after 22s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565] Apply complete! Resources: 0 added, 4 changed, 0 destroyed. Outputs: leader_node = "https://mpc-recovery-leader-dev-565-7tk2cmmtcq-ue.a.run.app" ```

Pusher: @ChaoticTempest, Action: pull_request, Working Directory: `, Workflow:Terraform Feature Env`

URL: https://mpc-recovery-leader-dev-565-7tk2cmmtcq-ue.a.run.app

ppca commented 2 months ago

Can we add a script to infra/scripts that partners can run easily so I could point them to it?

ppca commented 2 months ago

when we decrypt a message we are fetching the sign_pk from contract state(code), so we need to change contract state's sign_pk's to reflect this. How do we plan to change contract state? Can we add code for it? Also we'd expect down time before all partners change their node and we push the change to the contract.

ChaoticTempest commented 2 months ago

@ppca so how I imagine this would work is that the partners would actually still use their account sk in the mean time, while newer nodes that join the network will have their separate sign secret key. This way we have minimal changes for now, and there's no restriction anyways where a node cannot use their account secret key to sign. This just allows the ability for a separate sign secret key to be provided. The partner network is testnet anyways, so it'll be fine.

Can we add a script to infra/scripts that partners can run easily so I could point them to it?

Was looking for an easy way to do this, but doesn't seem quite feasible in the format that our keys are required to be in. We might have to have a separate rust project where nodes can compile and run to generate all these keys

volovyks commented 2 months ago

@ChaoticTempest @ppca we definitely can use NEAR CLI for ED25519 key generation. Why should we ask partners to do that with tests?

volovyks commented 2 months ago

@ChaoticTempest @ppca I agree that current partners can use the same key for signing messages and interactions with NEAR Blockchain. Ideally, they can use the same key for signing messages, but rotate and update their NEAR Key. But that is not necessary, since it's still on testnet. MAinnet partners will have 2 separate keys anyway.

ppca commented 2 months ago

So for testnet, existing partners can run with what they have, no need to add new sign key, while new joining partners will generate a separate sign key. For mainnet, we will require that all partners start off with separate sign key.

This plan sounds good to me, but then the PR actually requires the MPC_RECOVERY_SIGN_SK to be present once we push the code changes to testnet partners. We could ask partners to do gcloud compute instances update-container multichain-dev-0 --container-env MPC_RECOVERY_SIGN_SK={near_private_key} to add the env var to their node. Do we need to convert their near private key to any certain format tho?

I could test above process on dev network first. Btw, if this PR merges before dev nodes update their env vars, dev network might be down for a while because our dev nodes now redeploys on every PR merge. BUt should be fine. as long as we fix it before we push changes to partner testnet.

btw, do we still need account_sk then?

ppca commented 2 months ago

@ChaoticTempest @ppca we definitely can use NEAR CLI for ED25519 key generation. Why should we ask partners to do that with tests?

That will work for me as long as the near cli command can output the exact command we need.

volovyks commented 2 months ago

btw, do we still need account_sk then?

Not sure what you mean. Each node still needs to interact with NEAR Blockchain, so the key is still required.

ChaoticTempest commented 1 month ago

@ppca made changes to this PR so that the terraform should only check if the resource is present then set the env for it, which thereby defaults to using the account secret key if it's the sign secret key is not supplied. Can you also check if my terraform code is correct here?

github-actions[bot] commented 1 month ago

Terraform Feature Environment Destroy (dev-565)

Terraform Initialization ⚙️success

Terraform Destroy success

Show Destroy Plan ``` data.external.git_checkout: Reading... data.external.git_checkout: Read complete after 0s [id=-] data.google_compute_network.prod_network: Reading... data.google_compute_subnetwork.prod_subnetwork: Reading... data.google_compute_subnetwork.dev_subnetwork: Reading... data.google_compute_network.dev_network: Reading... google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser] google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_subnetwork.dev_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-dev-us-east1] google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_subnetwork.prod_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-prod-us-east1] google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_network.dev_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/dev] google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] data.google_compute_network.prod_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/prod] module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565] module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565] module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565] module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565/roles/run.invoker/allUsers] module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565/roles/run.invoker/allUsers] module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565/roles/run.invoker/allUsers] module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565] module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565/roles/run.invoker/allUsers] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # google_project_iam_member.service-account-datastore-user will be destroyed - resource "google_project_iam_member" "service-account-datastore-user" { - etag = "BwYYT99mURY=" -> null - id = "pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/datastore.user" -> null } # google_secret_manager_secret_iam_member.account_creator_secret_access will be destroyed - resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" { - etag = "BwYYT+ArACI=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev" -> null } # google_secret_manager_secret_iam_member.cipher_key_secret_access[0] will be destroyed - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" { - etag = "BwYYT+EV+XU=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev" -> null } # google_secret_manager_secret_iam_member.cipher_key_secret_access[1] will be destroyed - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" { - etag = "BwYYT+EV0oY=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev" -> null } # google_secret_manager_secret_iam_member.cipher_key_secret_access[2] will be destroyed - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" { - etag = "BwYYT+EWEzs=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev" -> null } # google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be destroyed - resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" { - etag = "BwYYT+AmRMo=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev" -> null } # google_secret_manager_secret_iam_member.secret_share_secret_access[0] will be destroyed - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" { - etag = "BwYYT+EXb5s=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev" -> null } # google_secret_manager_secret_iam_member.secret_share_secret_access[1] will be destroyed - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" { - etag = "BwYYT+EWGdg=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev" -> null } # google_secret_manager_secret_iam_member.secret_share_secret_access[2] will be destroyed - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" { - etag = "BwYYT+EV6DY=" -> null - id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/secretmanager.secretAccessor" -> null - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev" -> null } # google_service_account.service_account will be destroyed - resource "google_service_account" "service_account" { - account_id = "mpc-recovery-dev-565" -> null - disabled = false -> null - display_name = "MPC Recovery dev-565 Account" -> null - email = "mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - member = "serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - name = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - project = "pagoda-discovery-platform-dev" -> null - unique_id = "117840629356165413081" -> null } # google_service_account_iam_binding.serivce-account-iam will be destroyed - resource "google_service_account_iam_binding" "serivce-account-iam" { - etag = "BwYVzVgXL2w=" -> null - id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser" -> null - members = [ - "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com", ] -> null - role = "roles/iam.serviceAccountUser" -> null - service_account_id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null } # module.leader.google_cloud_run_v2_service.leader will be destroyed - resource "google_cloud_run_v2_service" "leader" { - annotations = {} -> null - conditions = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:56.034368Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "RoutesReady" }, - { - execution_reason = "" - last_transition_time = "2024-04-11T07:46:20.079065Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "ConfigurationsReady" }, ] -> null - etag = "\"CLK297EGEMDbyMAC/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1sZWFkZXItZGV2LTU2NQ\"" -> null - generation = "3" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565" -> null - ingress = "INGRESS_TRAFFIC_ALL" -> null - labels = {} -> null - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565/revisions/mpc-recovery-leader-dev-565-00003-ssp" -> null - latest_ready_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565/revisions/mpc-recovery-leader-dev-565-00003-ssp" -> null - launch_stage = "GA" -> null - location = "us-east1" -> null - name = "mpc-recovery-leader-dev-565" -> null - observed_generation = "3" -> null - project = "pagoda-discovery-platform-dev" -> null - reconciling = false -> null - terminal_condition = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:56.087500Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "Ready" }, ] -> null - traffic_statuses = [ - { - percent = 100 - revision = "" - tag = "" - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" - uri = "" }, ] -> null - uid = "eccaf07c-82cd-42a3-9c58-c322af28375f" -> null - uri = "https://mpc-recovery-leader-dev-565-7tk2cmmtcq-ue.a.run.app" -> null - template { - annotations = {} -> null - labels = {} -> null - max_instance_request_concurrency = 80 -> null - service_account = "mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - session_affinity = false -> null - timeout = "300s" -> null - containers { - args = [ - "start-leader", ] -> null - command = [] -> null - image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" -> null - env { - name = "MPC_RECOVERY_WEB_PORT" -> null - value = "3000" -> null } - env { - name = "MPC_RECOVERY_SIGN_NODES" -> null - value = "https://mpc-recovery-signer-0-dev-565-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-1-dev-565-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-2-dev-565-7tk2cmmtcq-ue.a.run.app" -> null } - env { - name = "MPC_RECOVERY_NEAR_RPC" -> null - value = "https://rpc.testnet.near.org" -> null } - env { - name = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT" -> null - value = "testnet" -> null } - env { - name = "MPC_RECOVERY_ACCOUNT_CREATOR_ID" -> null - value = "mpc-recovery-dev-creator.testnet" -> null } - env { - name = "MPC_RECOVERY_GCP_PROJECT_ID" -> null - value = "pagoda-discovery-platform-dev" -> null } - env { - name = "MPC_RECOVERY_ENV" -> null - value = "dev-565" -> null } - env { - name = "MPC_RECOVERY_ACCOUNT_CREATOR_SK" -> null - value_source { - secret_key_ref { - secret = "mpc-recovery-account-creator-sk-dev" -> null - version = "latest" -> null } } } - env { - name = "FAST_AUTH_PARTNERS" -> null - value_source { - secret_key_ref { - secret = "mpc-fast-auth-partners-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null } - env { - name = "MPC_RECOVERY_OTLP_ENDPOINT" -> null - value = "https://otel.dev.api.pagoda.co:443/v1/traces" -> null } - env { - name = "MPC_RECOVERY_OPENTELEMETRY_LEVEL" -> null - value = "debug" -> null } - env { - name = "RUST_LOG" -> null - value = "mpc_recovery=debug" -> null } - ports { - container_port = 3000 -> null - name = "http1" -> null } - resources { - cpu_idle = false -> null - limits = { - "cpu" = "2" - "memory" = "2Gi" } -> null - startup_cpu_boost = false -> null } - startup_probe { - failure_threshold = 1 -> null - initial_delay_seconds = 0 -> null - period_seconds = 240 -> null - timeout_seconds = 240 -> null - tcp_socket { - port = 3000 -> null } } } - scaling { - max_instance_count = 1 -> null - min_instance_count = 1 -> null } - vpc_access { - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null - egress = "PRIVATE_RANGES_ONLY" -> null } } - traffic { - percent = 100 -> null - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null } } # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be destroyed - resource "google_cloud_run_v2_service_iam_member" "allow_all" { - etag = "BwYVzVsTgB0=" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565/roles/run.invoker/allUsers" -> null - location = "us-east1" -> null - member = "allUsers" -> null - name = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/run.invoker" -> null } # module.signer[0].google_cloud_run_v2_service.signer will be destroyed - resource "google_cloud_run_v2_service" "signer" { - annotations = {} -> null - conditions = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:32.194086Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "RoutesReady" }, - { - execution_reason = "" - last_transition_time = "2024-04-11T07:45:55.133122Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "ConfigurationsReady" }, ] -> null - etag = "\"CJ2297EGEMj0pxs/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMC1kZXYtNTY1\"" -> null - generation = "3" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565" -> null - ingress = "INGRESS_TRAFFIC_ALL" -> null - labels = {} -> null - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565/revisions/mpc-recovery-signer-0-dev-565-00003-rnb" -> null - latest_ready_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565/revisions/mpc-recovery-signer-0-dev-565-00003-rnb" -> null - launch_stage = "GA" -> null - location = "us-east1" -> null - name = "mpc-recovery-signer-0-dev-565" -> null - observed_generation = "3" -> null - project = "pagoda-discovery-platform-dev" -> null - reconciling = false -> null - terminal_condition = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:32.234117Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "Ready" }, ] -> null - traffic_statuses = [ - { - percent = 100 - revision = "" - tag = "" - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" - uri = "" }, ] -> null - uid = "39d83497-b206-4360-a194-642e0c5df482" -> null - uri = "https://mpc-recovery-signer-0-dev-565-7tk2cmmtcq-ue.a.run.app" -> null - template { - annotations = {} -> null - labels = {} -> null - max_instance_request_concurrency = 80 -> null - service_account = "mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - session_affinity = false -> null - timeout = "300s" -> null - containers { - args = [ - "start-sign", ] -> null - command = [] -> null - image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" -> null - env { - name = "MPC_RECOVERY_WEB_PORT" -> null - value = "3000" -> null } - env { - name = "MPC_RECOVERY_NODE_ID" -> null - value = "0" -> null } - env { - name = "MPC_RECOVERY_GCP_PROJECT_ID" -> null - value = "pagoda-discovery-platform-dev" -> null } - env { - name = "MPC_RECOVERY_ENV" -> null - value = "dev-565" -> null } - env { - name = "MPC_RECOVERY_CIPHER_KEY" -> null - value_source { - secret_key_ref { - secret = "mpc-cipher-0-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_SK_SHARE" -> null - value_source { - secret_key_ref { - secret = "mpc-sk-share-0-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null } - env { - name = "RUST_LOG" -> null - value = "mpc_recovery=debug" -> null } - ports { - container_port = 3000 -> null - name = "http1" -> null } - resources { - cpu_idle = false -> null - limits = { - "cpu" = "2" - "memory" = "2Gi" } -> null - startup_cpu_boost = false -> null } - startup_probe { - failure_threshold = 1 -> null - initial_delay_seconds = 0 -> null - period_seconds = 240 -> null - timeout_seconds = 240 -> null - tcp_socket { - port = 3000 -> null } } } - scaling { - max_instance_count = 1 -> null - min_instance_count = 1 -> null } - vpc_access { - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null - egress = "PRIVATE_RANGES_ONLY" -> null } } - traffic { - percent = 100 -> null - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null } } # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be destroyed - resource "google_cloud_run_v2_service_iam_member" "allow_all" { - etag = "BwYVzVmXjQs=" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565/roles/run.invoker/allUsers" -> null - location = "us-east1" -> null - member = "allUsers" -> null - name = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/run.invoker" -> null } # module.signer[1].google_cloud_run_v2_service.signer will be destroyed - resource "google_cloud_run_v2_service" "signer" { - annotations = {} -> null - conditions = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:32.192847Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "RoutesReady" }, - { - execution_reason = "" - last_transition_time = "2024-04-11T07:45:55.154149Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "ConfigurationsReady" }, ] -> null - etag = "\"CJ2297EGEIDc7DM/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMS1kZXYtNTY1\"" -> null - generation = "3" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565" -> null - ingress = "INGRESS_TRAFFIC_ALL" -> null - labels = {} -> null - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565/revisions/mpc-recovery-signer-1-dev-565-00003-j8r" -> null - latest_ready_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565/revisions/mpc-recovery-signer-1-dev-565-00003-j8r" -> null - launch_stage = "GA" -> null - location = "us-east1" -> null - name = "mpc-recovery-signer-1-dev-565" -> null - observed_generation = "3" -> null - project = "pagoda-discovery-platform-dev" -> null - reconciling = false -> null - terminal_condition = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:32.240951Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "Ready" }, ] -> null - traffic_statuses = [ - { - percent = 100 - revision = "" - tag = "" - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" - uri = "" }, ] -> null - uid = "efbb0901-5475-471a-a5a2-355d3a6a2748" -> null - uri = "https://mpc-recovery-signer-1-dev-565-7tk2cmmtcq-ue.a.run.app" -> null - template { - annotations = {} -> null - labels = {} -> null - max_instance_request_concurrency = 80 -> null - service_account = "mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - session_affinity = false -> null - timeout = "300s" -> null - containers { - args = [ - "start-sign", ] -> null - command = [] -> null - image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" -> null - env { - name = "MPC_RECOVERY_WEB_PORT" -> null - value = "3000" -> null } - env { - name = "MPC_RECOVERY_NODE_ID" -> null - value = "1" -> null } - env { - name = "MPC_RECOVERY_GCP_PROJECT_ID" -> null - value = "pagoda-discovery-platform-dev" -> null } - env { - name = "MPC_RECOVERY_ENV" -> null - value = "dev-565" -> null } - env { - name = "MPC_RECOVERY_CIPHER_KEY" -> null - value_source { - secret_key_ref { - secret = "mpc-cipher-1-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_SK_SHARE" -> null - value_source { - secret_key_ref { - secret = "mpc-sk-share-1-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null } - env { - name = "RUST_LOG" -> null - value = "mpc_recovery=debug" -> null } - ports { - container_port = 3000 -> null - name = "http1" -> null } - resources { - cpu_idle = false -> null - limits = { - "cpu" = "2" - "memory" = "2Gi" } -> null - startup_cpu_boost = false -> null } - startup_probe { - failure_threshold = 1 -> null - initial_delay_seconds = 0 -> null - period_seconds = 240 -> null - timeout_seconds = 240 -> null - tcp_socket { - port = 3000 -> null } } } - scaling { - max_instance_count = 1 -> null - min_instance_count = 1 -> null } - vpc_access { - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null - egress = "PRIVATE_RANGES_ONLY" -> null } } - traffic { - percent = 100 -> null - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null } } # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be destroyed - resource "google_cloud_run_v2_service_iam_member" "allow_all" { - etag = "BwYVzVmZHVg=" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565/roles/run.invoker/allUsers" -> null - location = "us-east1" -> null - member = "allUsers" -> null - name = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/run.invoker" -> null } # module.signer[2].google_cloud_run_v2_service.signer will be destroyed - resource "google_cloud_run_v2_service" "signer" { - annotations = {} -> null - conditions = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:35.165891Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "RoutesReady" }, - { - execution_reason = "" - last_transition_time = "2024-04-11T07:45:55.089551Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "ConfigurationsReady" }, ] -> null - etag = "\"CJ2297EGELiUuRc/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMi1kZXYtNTY1\"" -> null - generation = "3" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565" -> null - ingress = "INGRESS_TRAFFIC_ALL" -> null - labels = {} -> null - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565/revisions/mpc-recovery-signer-2-dev-565-00003-5g7" -> null - latest_ready_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565/revisions/mpc-recovery-signer-2-dev-565-00003-5g7" -> null - launch_stage = "GA" -> null - location = "us-east1" -> null - name = "mpc-recovery-signer-2-dev-565" -> null - observed_generation = "3" -> null - project = "pagoda-discovery-platform-dev" -> null - reconciling = false -> null - terminal_condition = [ - { - execution_reason = "" - last_transition_time = "2024-05-10T08:30:35.211310Z" - message = "" - reason = "" - revision_reason = "" - severity = "" - state = "CONDITION_SUCCEEDED" - type = "Ready" }, ] -> null - traffic_statuses = [ - { - percent = 100 - revision = "" - tag = "" - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" - uri = "" }, ] -> null - uid = "89436ddb-d5c2-4ccd-9021-3a6102c333b5" -> null - uri = "https://mpc-recovery-signer-2-dev-565-7tk2cmmtcq-ue.a.run.app" -> null - template { - annotations = {} -> null - labels = {} -> null - max_instance_request_concurrency = 80 -> null - service_account = "mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null - session_affinity = false -> null - timeout = "300s" -> null - containers { - args = [ - "start-sign", ] -> null - command = [] -> null - image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:37479df571a6d7796c13de5025aa527cc1c0aab7" -> null - env { - name = "MPC_RECOVERY_WEB_PORT" -> null - value = "3000" -> null } - env { - name = "MPC_RECOVERY_NODE_ID" -> null - value = "2" -> null } - env { - name = "MPC_RECOVERY_GCP_PROJECT_ID" -> null - value = "pagoda-discovery-platform-dev" -> null } - env { - name = "MPC_RECOVERY_ENV" -> null - value = "dev-565" -> null } - env { - name = "MPC_RECOVERY_CIPHER_KEY" -> null - value_source { - secret_key_ref { - secret = "mpc-cipher-2-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_SK_SHARE" -> null - value_source { - secret_key_ref { - secret = "mpc-sk-share-2-dev" -> null - version = "latest" -> null } } } - env { - name = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null } - env { - name = "RUST_LOG" -> null - value = "mpc_recovery=debug" -> null } - ports { - container_port = 3000 -> null - name = "http1" -> null } - resources { - cpu_idle = false -> null - limits = { - "cpu" = "2" - "memory" = "2Gi" } -> null - startup_cpu_boost = false -> null } - startup_probe { - failure_threshold = 1 -> null - initial_delay_seconds = 0 -> null - period_seconds = 240 -> null - timeout_seconds = 240 -> null - tcp_socket { - port = 3000 -> null } } } - scaling { - max_instance_count = 1 -> null - min_instance_count = 1 -> null } - vpc_access { - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null - egress = "PRIVATE_RANGES_ONLY" -> null } } - traffic { - percent = 100 -> null - type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null } } # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be destroyed - resource "google_cloud_run_v2_service_iam_member" "allow_all" { - etag = "BwYVzVmXkkc=" -> null - id = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565/roles/run.invoker/allUsers" -> null - location = "us-east1" -> null - member = "allUsers" -> null - name = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565" -> null - project = "pagoda-discovery-platform-dev" -> null - role = "roles/run.invoker" -> null } Plan: 0 to add, 0 to change, 19 to destroy. Changes to Outputs: - leader_node = "https://mpc-recovery-leader-dev-565-7tk2cmmtcq-ue.a.run.app" -> null module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565/roles/run.invoker/allUsers] google_service_account_iam_binding.serivce-account-iam: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser] google_project_iam_member.service-account-datastore-user: Destroying... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_service_account_iam_binding.serivce-account-iam: Destruction complete after 4s module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 6s module.leader.google_cloud_run_v2_service.leader: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-565] google_project_iam_member.service-account-datastore-user: Destruction complete after 8s module.leader.google_cloud_run_v2_service.leader: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-565, 10s elapsed] module.leader.google_cloud_run_v2_service.leader: Destruction complete after 11s google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565/roles/run.invoker/allUsers] google_secret_manager_secret_iam_member.account_creator_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565/roles/run.invoker/allUsers] module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565/roles/run.invoker/allUsers] google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destruction complete after 4s module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s module.signer[0].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-565] google_secret_manager_secret_iam_member.account_creator_secret_access: Destruction complete after 5s module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s module.signer[1].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-565] module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s module.signer[2].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-565] module.signer[0].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-565, 10s elapsed] module.signer[0].google_cloud_run_v2_service.signer: Destruction complete after 11s module.signer[1].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-565, 10s elapsed] module.signer[2].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-565, 10s elapsed] module.signer[1].google_cloud_run_v2_service.signer: Destruction complete after 11s module.signer[2].google_cloud_run_v2_service.signer: Destruction complete after 11s google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destruction complete after 4s google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destruction complete after 4s google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destruction complete after 4s google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destruction complete after 4s google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destruction complete after 4s google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destruction complete after 4s google_service_account.service_account: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-565@pagoda-discovery-platform-dev.iam.gserviceaccount.com] google_service_account.service_account: Destruction complete after 0s Destroy complete! Resources: 19 destroyed. ```

Pusher: @ChaoticTempest, Action: pull_request, Working Directory: `, Workflow:Terraform Feature Env (Destroy)`