Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: decouple secret management from terraform #300

Merged
merged 1 commit into from
Sep 24, 2023
Merged

feat: decouple secret management from terraform #300

merged 1 commit into from
Sep 24, 2023

Conversation

itegulov
Copy link
Contributor

WARNING: This PR is targeting main

Apologies for the last minute changes, but the more I use terraform the less and less I like that we manage secrets through TF variables, it's even worse that we are planning to make our partners do the same (which mean they can't persist their tfvars file or ever share it with us for debugging). This PR makes so that all secret values are replaced with their secret ID counterparts (e.g. account_creator_sk -> account_creator_sk_secret_id), which presumes that the secret already exists and is managed outside of terraform.

This, against my initial concerns, does not create any complications for deploying feature envs as we can just safely share the secrets with dev enviornment and not store anything in git or even GHA.

@github-actions
Copy link

Terraform Feature Environment (dev-300)

Terraform Initialization ⚙️success

Terraform Apply success

Show Apply Plan 

data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # docker_registry_image.mpc_recovery will be created
  + resource "docker_registry_image" "mpc_recovery" {
      + id                   = (known after apply)
      + insecure_skip_verify = false
      + keep_remotely        = true
      + name                 = (known after apply)
      + sha256_digest        = (known after apply)
    }

  # docker_tag.mpc_recovery will be created
  + resource "docker_tag" "mpc_recovery" {
      + id              = (known after apply)
      + source_image    = "near/mpc-recovery"
      + source_image_id = (known after apply)
      + target_image    = (known after apply)
    }

  # google_artifact_registry_repository.mpc_recovery will be created
  + resource "google_artifact_registry_repository" "mpc_recovery" {
      + create_time   = (known after apply)
      + format        = "DOCKER"
      + id            = (known after apply)
      + location      = (known after apply)
      + mode          = "STANDARD_REPOSITORY"
      + name          = (known after apply)
      + project       = (known after apply)
      + repository_id = "mpc-recovery-dev-300"
      + update_time   = (known after apply)
    }

  # google_project_iam_member.service-account-datastore-user will be created
  + resource "google_project_iam_member" "service-account-datastore-user" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = (known after apply)
      + project = "pagoda-discovery-platform-dev"
      + role    = "roles/datastore.user"
    }

  # google_secret_manager_secret_iam_member.account_creator_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-account-creator-sk-dev"
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[0] will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-cipher-0-dev"
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[1] will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-cipher-1-dev"
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[2] will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-cipher-2-dev"
    }

  # google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-fast-auth-partners-dev"
    }

  # google_secret_manager_secret_iam_member.oidc_providers_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-allowed-oidc-providers-dev"
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[0] will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-sk-share-0-dev"
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[1] will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-sk-share-1-dev"
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[2] will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-sk-share-2-dev"
    }

  # google_service_account.service_account will be created
  + resource "google_service_account" "service_account" {
      + account_id   = "mpc-recovery-dev-300"
      + disabled     = false
      + display_name = "MPC Recovery dev-300 Account"
      + email        = (known after apply)
      + id           = (known after apply)
      + member       = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # google_service_account_iam_binding.serivce-account-iam will be created
  + resource "google_service_account_iam_binding" "serivce-account-iam" {
      + etag               = (known after apply)
      + id                 = (known after apply)
      + members            = [
          + "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com",
        ]
      + role               = "roles/iam.serviceAccountUser"
      + service_account_id = (known after apply)
    }

  # module.leader.google_cloud_run_v2_service.leader will be created
  + resource "google_cloud_run_v2_service" "leader" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-leader-dev-300"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-leader",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_SIGN_NODES"
                  + value = (known after apply)
                }
              + env {
                  + name  = "MPC_RECOVERY_NEAR_RPC"
                  + value = "https://rpc.testnet.near.org"
                }
              + env {
                  + name  = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT"
                  + value = "testnet"
                }
              + env {
                  + name  = "MPC_RECOVERY_ACCOUNT_CREATOR_ID"
                  + value = "mpc-recovery-dev-creator.testnet"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-300"
                }
              + env {
                  + name = "MPC_RECOVERY_ACCOUNT_CREATOR_SK"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-account-creator-sk-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "FAST_AUTH_PARTNERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-fast-auth-partners-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-leader-dev-300"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be created
  + resource "google_cloud_run_v2_service" "signer" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-signer-0-dev-300"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-sign",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_NODE_ID"
                  + value = "0"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-300"
                }
              + env {
                  + name = "MPC_RECOVERY_CIPHER_KEY"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-cipher-0-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "MPC_RECOVERY_SK_SHARE"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-sk-share-0-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "OIDC_PROVIDERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-allowed-oidc-providers-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-signer-0-dev-300"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be created
  + resource "google_cloud_run_v2_service" "signer" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-signer-1-dev-300"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-sign",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_NODE_ID"
                  + value = "1"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-300"
                }
              + env {
                  + name = "MPC_RECOVERY_CIPHER_KEY"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-cipher-1-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "MPC_RECOVERY_SK_SHARE"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-sk-share-1-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "OIDC_PROVIDERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-allowed-oidc-providers-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-signer-1-dev-300"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be created
  + resource "google_cloud_run_v2_service" "signer" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-signer-2-dev-300"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-sign",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_NODE_ID"
                  + value = "2"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-300"
                }
              + env {
                  + name = "MPC_RECOVERY_CIPHER_KEY"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-cipher-2-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "MPC_RECOVERY_SK_SHARE"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-sk-share-2-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "OIDC_PROVIDERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-allowed-oidc-providers-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-signer-2-dev-300"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

Plan: 23 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + leader_node = (known after apply)
google_service_account.service_account: Creating...
google_artifact_registry_repository.mpc_recovery: Creating...
google_service_account.service_account: Creation complete after 2s [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Creating...
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Creating...
google_project_iam_member.service-account-datastore-user: Creating...
google_service_account_iam_binding.serivce-account-iam: Creating...
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Creating...
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Creating...
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Creating...
google_secret_manager_secret_iam_member.account_creator_secret_access: Creating...
google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creating...
google_service_account_iam_binding.serivce-account-iam: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Creating...
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-allowed-oidc-providers-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.account_creator_secret_access: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Creation complete after 3s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Creating...
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_project_iam_member.service-account-datastore-user: Creation complete after 7s [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_artifact_registry_repository.mpc_recovery: Still creating... [10s elapsed]
google_artifact_registry_repository.mpc_recovery: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-300]
docker_tag.mpc_recovery: Creating...
docker_tag.mpc_recovery: Creation complete after 0s [id=near/mpc-recovery.us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d]
docker_registry_image.mpc_recovery: Creating...
docker_registry_image.mpc_recovery: Creation complete after 9s [id=sha256:25a3435a9f5194d7b74211776ef660480580f67d74d82b51c8ef635338d40f3a]
module.signer[2].google_cloud_run_v2_service.signer: Creating...
module.signer[1].google_cloud_run_v2_service.signer: Creating...
module.signer[0].google_cloud_run_v2_service.signer: Creating...
module.signer[2].google_cloud_run_v2_service.signer: Still creating... [10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still creating... [10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Still creating... [10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.signer[1].google_cloud_run_v2_service.signer: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.signer[0].google_cloud_run_v2_service.signer: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300/roles/run.invoker/allUsers]
module.leader.google_cloud_run_v2_service.leader: Creating...
module.leader.google_cloud_run_v2_service.leader: Still creating... [10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Still creating... [20s elapsed]
module.leader.google_cloud_run_v2_service.leader: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300/roles/run.invoker/allUsers]

Apply complete! Resources: 23 added, 0 changed, 0 destroyed.

Outputs:

leader_node = "https://mpc-recovery-leader-dev-300-7tk2cmmtcq-ue.a.run.app"

Pusher: @itegulov, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env

URL: https://mpc-recovery-leader-dev-300-7tk2cmmtcq-ue.a.run.app

@github-actions
Copy link

Terraform Dev Environment

Terraform Format and Style 🖌success

Format Check Output

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 

data.external.git_checkout: Reading...
docker_image.mpc_recovery: Refreshing state... [id=sha256:e10efcae3a11f94a70b22eafa663df1357a919f8f41344dd4760fbde1abacfa2us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:77f0cab88afa18509a70addb76793b105ea57221]
data.external.git_checkout: Read complete after 0s [id=-]
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_artifact_registry_repository.mpc_recovery: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
docker_registry_image.mpc_recovery: Refreshing state... [id=sha256:a2d5d918d0f79f83035b7ed69add521077ce1f455f2831f587a338663e8785a3]
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev]
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev/versions/1]
module.signer[1].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev]
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev/versions/1]
module.signer[0].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev]
module.signer[2].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev]
module.signer[2].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev]
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev/versions/1]
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-1-dev/versions/1]
module.signer[2].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-2-dev/versions/1]
module.signer[1].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev]
module.signer[1].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev]
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev]
module.signer[0].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev]
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-0-dev/versions/1]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev/roles/run.invoker/allUsers]
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret.account_creator_sk: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev]
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev/versions/2]
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret.fast_auth_partners: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev]
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/versions/1]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # docker_registry_image.mpc_recovery must be replaced
-/+ resource "docker_registry_image" "mpc_recovery" {
      ~ id                   = "sha256:a2d5d918d0f79f83035b7ed69add521077ce1f455f2831f587a338663e8785a3" -> (known after apply)
      ~ name                 = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:77f0cab88afa18509a70addb76793b105ea57221" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:7d9c08b7702fe313816c223ffdd593f3e8db235d" # forces replacement
      ~ sha256_digest        = "sha256:a2d5d918d0f79f83035b7ed69add521077ce1f455f2831f587a338663e8785a3" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

  # docker_tag.mpc_recovery will be created
  + resource "docker_tag" "mpc_recovery" {
      + id              = (known after apply)
      + source_image    = "near/mpc-recovery"
      + source_image_id = (known after apply)
      + target_image    = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:7d9c08b7702fe313816c223ffdd593f3e8db235d"
    }

  # google_project_iam_member.service-account-datastore-user will be created
  + resource "google_project_iam_member" "service-account-datastore-user" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project = "pagoda-discovery-platform-dev"
      + role    = "roles/datastore.user"
    }

  # google_secret_manager_secret_iam_member.account_creator_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-account-creator-sk-dev"
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[0] will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-cipher-0-dev"
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[1] will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-cipher-1-dev"
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[2] will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-cipher-2-dev"
    }

  # google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-fast-auth-partners-dev"
    }

  # google_secret_manager_secret_iam_member.oidc_providers_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-allowed-oidc-providers-dev"
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[0] will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-sk-share-0-dev"
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[1] will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-sk-share-1-dev"
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[2] will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mpc-sk-share-2-dev"
    }

  # module.leader.google_cloud_run_v2_service.leader will be updated in-place
  ~ resource "google_cloud_run_v2_service" "leader" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev"
        name                    = "mpc-recovery-leader-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:77f0cab88afa18509a70addb76793b105ea57221" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:7d9c08b7702fe313816c223ffdd593f3e8db235d"
                # (2 unchanged attributes hidden)

              ~ env {
                  ~ name  = "RUST_LOG" -> "MPC_RECOVERY_ACCOUNT_CREATOR_SK"
                  - value = "mpc_recovery=debug" -> null

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-account-creator-sk-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "FAST_AUTH_PARTNERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-fast-auth-partners-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

                # (10 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.leader.google_secret_manager_secret.account_creator_sk will be destroyed
  # (because google_secret_manager_secret.account_creator_sk is not in configuration)
  - resource "google_secret_manager_secret" "account_creator_sk" {
      - create_time = "2023-07-14T09:19:23.530353Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-account-creator-sk-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.leader.google_secret_manager_secret.fast_auth_partners will be destroyed
  # (because google_secret_manager_secret.fast_auth_partners is not in configuration)
  - resource "google_secret_manager_secret" "fast_auth_partners" {
      - create_time = "2023-09-14T09:24:22.952633Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-leader-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.account_creator_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      - etag      = "BwYGGDJFVt0=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev" -> null
    }

  # module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.fast_auth_partners_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      - etag      = "BwYGGDJFHog=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev" -> null
    }

  # module.leader.google_secret_manager_secret_version.account_creator_sk_data will be destroyed
  # (because google_secret_manager_secret_version.account_creator_sk_data is not in configuration)
  - resource "google_secret_manager_secret_version" "account_creator_sk_data" {
      - create_time = "2023-08-17T05:02:47.491121Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev/versions/2" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev/versions/2" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "2" -> null
    }

  # module.leader.google_secret_manager_secret_version.fast_auth_partners_data will be destroyed
  # (because google_secret_manager_secret_version.fast_auth_partners_data is not in configuration)
  - resource "google_secret_manager_secret_version" "fast_auth_partners_data" {
      - create_time = "2023-09-14T09:24:23.951254Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev"
        name                    = "mpc-recovery-signer-0-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:77f0cab88afa18509a70addb76793b105ea57221" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:7d9c08b7702fe313816c223ffdd593f3e8db235d"
                # (2 unchanged attributes hidden)

              ~ env {
                  ~ name  = "RUST_LOG" -> "MPC_RECOVERY_CIPHER_KEY"
                  - value = "mpc_recovery=debug" -> null

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-cipher-0-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "MPC_RECOVERY_SK_SHARE"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-sk-share-0-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "OIDC_PROVIDERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-allowed-oidc-providers-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

                # (7 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[0].google_secret_manager_secret.cipher_key will be destroyed
  # (because google_secret_manager_secret.cipher_key is not in configuration)
  - resource "google_secret_manager_secret" "cipher_key" {
      - create_time = "2023-07-14T09:14:45.479740Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-encryption-cipher-0-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[0].google_secret_manager_secret.oidc_providers will be destroyed
  # (because google_secret_manager_secret.oidc_providers is not in configuration)
  - resource "google_secret_manager_secret" "oidc_providers" {
      - create_time = "2023-09-14T09:23:56.574652Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-0-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[0].google_secret_manager_secret.secret_share will be destroyed
  # (because google_secret_manager_secret.secret_share is not in configuration)
  - resource "google_secret_manager_secret" "secret_share" {
      - create_time = "2023-07-14T09:14:45.474806Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-secret-share-0-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.cipher_key_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYGGHbYjls=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev" -> null
    }

  # module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.oidc_providers_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYGGHbYmOo=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev" -> null
    }

  # module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.secret_share_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYGGHbYhTY=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev" -> null
    }

  # module.signer[0].google_secret_manager_secret_version.cipher_key_data will be destroyed
  # (because google_secret_manager_secret_version.cipher_key_data is not in configuration)
  - resource "google_secret_manager_secret_version" "cipher_key_data" {
      - create_time = "2023-07-14T09:14:46.351174Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[0].google_secret_manager_secret_version.oidc_providers_data will be destroyed
  # (because google_secret_manager_secret_version.oidc_providers_data is not in configuration)
  - resource "google_secret_manager_secret_version" "oidc_providers_data" {
      - create_time = "2023-09-14T09:23:57.465396Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[0].google_secret_manager_secret_version.secret_share_data will be destroyed
  # (because google_secret_manager_secret_version.secret_share_data is not in configuration)
  - resource "google_secret_manager_secret_version" "secret_share_data" {
      - create_time = "2023-07-14T09:14:46.178226Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev"
        name                    = "mpc-recovery-signer-1-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:77f0cab88afa18509a70addb76793b105ea57221" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:7d9c08b7702fe313816c223ffdd593f3e8db235d"
                # (2 unchanged attributes hidden)

              ~ env {
                  ~ name  = "RUST_LOG" -> "MPC_RECOVERY_CIPHER_KEY"
                  - value = "mpc_recovery=debug" -> null

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-cipher-1-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "MPC_RECOVERY_SK_SHARE"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-sk-share-1-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "OIDC_PROVIDERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-allowed-oidc-providers-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

                # (7 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[1].google_secret_manager_secret.cipher_key will be destroyed
  # (because google_secret_manager_secret.cipher_key is not in configuration)
  - resource "google_secret_manager_secret" "cipher_key" {
      - create_time = "2023-07-14T09:14:45.336725Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-encryption-cipher-1-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[1].google_secret_manager_secret.oidc_providers will be destroyed
  # (because google_secret_manager_secret.oidc_providers is not in configuration)
  - resource "google_secret_manager_secret" "oidc_providers" {
      - create_time = "2023-09-14T09:23:56.443955Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-1-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[1].google_secret_manager_secret.secret_share will be destroyed
  # (because google_secret_manager_secret.secret_share is not in configuration)
  - resource "google_secret_manager_secret" "secret_share" {
      - create_time = "2023-07-14T09:14:45.536136Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-secret-share-1-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.cipher_key_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYGGDNnWSE=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev" -> null
    }

  # module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.oidc_providers_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYFTjxEdHQ=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev" -> null
    }

  # module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.secret_share_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYGGDNopJE=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev" -> null
    }

  # module.signer[1].google_secret_manager_secret_version.cipher_key_data will be destroyed
  # (because google_secret_manager_secret_version.cipher_key_data is not in configuration)
  - resource "google_secret_manager_secret_version" "cipher_key_data" {
      - create_time = "2023-07-14T09:14:46.110937Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[1].google_secret_manager_secret_version.oidc_providers_data will be destroyed
  # (because google_secret_manager_secret_version.oidc_providers_data is not in configuration)
  - resource "google_secret_manager_secret_version" "oidc_providers_data" {
      - create_time = "2023-09-14T09:23:57.315753Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[1].google_secret_manager_secret_version.secret_share_data will be destroyed
  # (because google_secret_manager_secret_version.secret_share_data is not in configuration)
  - resource "google_secret_manager_secret_version" "secret_share_data" {
      - create_time = "2023-07-14T09:14:47.009639Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev"
        name                    = "mpc-recovery-signer-2-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:77f0cab88afa18509a70addb76793b105ea57221" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:7d9c08b7702fe313816c223ffdd593f3e8db235d"
                # (2 unchanged attributes hidden)

              ~ env {
                  ~ name  = "RUST_LOG" -> "MPC_RECOVERY_CIPHER_KEY"
                  - value = "mpc_recovery=debug" -> null

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-cipher-2-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "MPC_RECOVERY_SK_SHARE"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-sk-share-2-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name = "OIDC_PROVIDERS"

                  + value_source {
                      + secret_key_ref {
                          + secret  = "mpc-allowed-oidc-providers-dev"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

                # (7 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[2].google_secret_manager_secret.cipher_key will be destroyed
  # (because google_secret_manager_secret.cipher_key is not in configuration)
  - resource "google_secret_manager_secret" "cipher_key" {
      - create_time = "2023-07-14T09:14:45.337148Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-encryption-cipher-2-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[2].google_secret_manager_secret.oidc_providers will be destroyed
  # (because google_secret_manager_secret.oidc_providers is not in configuration)
  - resource "google_secret_manager_secret" "oidc_providers" {
      - create_time = "2023-09-14T09:23:56.590812Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-2-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[2].google_secret_manager_secret.secret_share will be destroyed
  # (because google_secret_manager_secret.secret_share is not in configuration)
  - resource "google_secret_manager_secret" "secret_share" {
      - create_time = "2023-07-14T09:14:45.344160Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-secret-share-2-dev" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.cipher_key_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYGGDNnUwI=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev" -> null
    }

  # module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.oidc_providers_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYFTjxHYSY=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev" -> null
    }

  # module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access will be destroyed
  # (because google_secret_manager_secret_iam_member.secret_share_secret_access is not in configuration)
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYGGDNopWg=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev" -> null
    }

  # module.signer[2].google_secret_manager_secret_version.cipher_key_data will be destroyed
  # (because google_secret_manager_secret_version.cipher_key_data is not in configuration)
  - resource "google_secret_manager_secret_version" "cipher_key_data" {
      - create_time = "2023-07-14T09:14:46.254971Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[2].google_secret_manager_secret_version.oidc_providers_data will be destroyed
  # (because google_secret_manager_secret_version.oidc_providers_data is not in configuration)
  - resource "google_secret_manager_secret_version" "oidc_providers_data" {
      - create_time = "2023-09-14T09:23:57.421894Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[2].google_secret_manager_secret_version.secret_share_data will be destroyed
  # (because google_secret_manager_secret_version.secret_share_data is not in configuration)
  - resource "google_secret_manager_secret_version" "secret_share_data" {
      - create_time = "2023-07-14T09:14:46.156279Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

Plan: 12 to add, 4 to change, 34 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @itegulov, Action: pull_request, Working Directory: ``, Workflow: Terraform Dev

@itegulov
Copy link
Contributor Author

Merging this as I need this to deploy one of the partners in an hour, but feel free to review this. Will upstream to develop later.

@itegulov itegulov merged commit b37dfb8 into main Sep 24, 2023
4 of 5 checks passed
@github-actions
Copy link

Terraform Feature Environment Destroy (dev-300)

Terraform Initialization ⚙️success

Terraform Destroy success

Show Destroy Plan 

data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_artifact_registry_repository.mpc_recovery: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-300]
google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-allowed-oidc-providers-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
docker_tag.mpc_recovery: Refreshing state... [id=near/mpc-recovery.us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d]
docker_registry_image.mpc_recovery: Refreshing state... [id=sha256:25a3435a9f5194d7b74211776ef660480580f67d74d82b51c8ef635338d40f3a]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300/roles/run.invoker/allUsers]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # docker_registry_image.mpc_recovery will be destroyed
  - resource "docker_registry_image" "mpc_recovery" {
      - id                   = "sha256:25a3435a9f5194d7b74211776ef660480580f67d74d82b51c8ef635338d40f3a" -> null
      - insecure_skip_verify = false -> null
      - keep_remotely        = true -> null
      - name                 = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null
      - sha256_digest        = "sha256:25a3435a9f5194d7b74211776ef660480580f67d74d82b51c8ef635338d40f3a" -> null
    }

  # docker_tag.mpc_recovery will be destroyed
  - resource "docker_tag" "mpc_recovery" {
      - id              = "near/mpc-recovery.us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null
      - source_image    = "near/mpc-recovery" -> null
      - source_image_id = "sha256:81e9c2d1a84537001665bc927ba4cb2f3a8d91f1249e506ea2020250ea5d7c97" -> null
      - target_image    = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null
    }

  # google_artifact_registry_repository.mpc_recovery will be destroyed
  - resource "google_artifact_registry_repository" "mpc_recovery" {
      - create_time   = "2023-09-24T11:06:08.256781Z" -> null
      - format        = "DOCKER" -> null
      - id            = "projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-300" -> null
      - labels        = {} -> null
      - location      = "us-east1" -> null
      - mode          = "STANDARD_REPOSITORY" -> null
      - name          = "mpc-recovery-dev-300" -> null
      - project       = "pagoda-discovery-platform-dev" -> null
      - repository_id = "mpc-recovery-dev-300" -> null
      - update_time   = "2023-09-24T11:06:08.256781Z" -> null
    }

  # google_project_iam_member.service-account-datastore-user will be destroyed
  - resource "google_project_iam_member" "service-account-datastore-user" {
      - etag    = "BwYGGNRhUEc=" -> null
      - id      = "pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member  = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project = "pagoda-discovery-platform-dev" -> null
      - role    = "roles/datastore.user" -> null
    }

  # google_secret_manager_secret_iam_member.account_creator_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      - etag      = "BwYGGNQrPiM=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-account-creator-sk-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[0] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYGGNQrTgM=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[1] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYGGNRjrOc=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[2] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYGGNQrSWI=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev" -> null
    }

  # google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      - etag      = "BwYGGNQrVJM=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev" -> null
    }

  # google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYGGNQrVuA=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-allowed-oidc-providers-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-allowed-oidc-providers-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[0] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYGGNQrP7Q=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[1] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYGGNRjzBI=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[2] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYGGNQrQdQ=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev" -> null
    }

  # google_service_account.service_account will be destroyed
  - resource "google_service_account" "service_account" {
      - account_id   = "mpc-recovery-dev-300" -> null
      - disabled     = false -> null
      - display_name = "MPC Recovery dev-300 Account" -> null
      - email        = "mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - id           = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member       = "serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - name         = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project      = "pagoda-discovery-platform-dev" -> null
      - unique_id    = "110774852648049770860" -> null
    }

  # google_service_account_iam_binding.serivce-account-iam will be destroyed
  - resource "google_service_account_iam_binding" "serivce-account-iam" {
      - etag               = "BwYGGNQrQbQ=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser" -> null
      - members            = [
          - "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com",
        ] -> null
      - role               = "roles/iam.serviceAccountUser" -> null
      - service_account_id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
    }

  # module.leader.google_cloud_run_v2_service.leader will be destroyed
  - resource "google_cloud_run_v2_service" "leader" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:53.313253Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:42.734302Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CMKwwKgGENDh1vAB/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1sZWFkZXItZGV2LTMwMA\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300/revisions/mpc-recovery-leader-dev-300-00001-h7q" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300/revisions/mpc-recovery-leader-dev-300-00001-h7q" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-leader-dev-300" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:53.313253Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "8afc97bc-3649-4b24-9855-0743d208d692" -> null
      - uri                     = "https://mpc-recovery-leader-dev-300-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-leader",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_SIGN_NODES" -> null
                  - value = "https://mpc-recovery-signer-0-dev-300-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-1-dev-300-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-2-dev-300-7tk2cmmtcq-ue.a.run.app" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_RPC" -> null
                  - value = "https://rpc.testnet.near.org" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT" -> null
                  - value = "testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ACCOUNT_CREATOR_ID" -> null
                  - value = "mpc-recovery-dev-creator.testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-300" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_ACCOUNT_CREATOR_SK" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-account-creator-sk-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "FAST_AUTH_PARTNERS" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-fast-auth-partners-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYGGNdtXZo=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:33.195619Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:27.431797Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CLOwwKgGEJDFpUg/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMC1kZXYtMzAw\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300/revisions/mpc-recovery-signer-0-dev-300-00001-jjw" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300/revisions/mpc-recovery-signer-0-dev-300-00001-jjw" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-0-dev-300" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:33.195619Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "94f385a5-9fc9-4d31-9cc4-11c3bb94a841" -> null
      - uri                     = "https://mpc-recovery-signer-0-dev-300-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "0" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-300" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-0-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-0-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "OIDC_PROVIDERS" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-allowed-oidc-providers-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYGGNXu1a4=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:33.214048Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:27.984073Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CLOwwKgGELC-2Fc/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMS1kZXYtMzAw\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300/revisions/mpc-recovery-signer-1-dev-300-00001-sjr" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300/revisions/mpc-recovery-signer-1-dev-300-00001-sjr" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-1-dev-300" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:33.214048Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "e842c9b5-7578-4660-9457-40cc5e6b3e22" -> null
      - uri                     = "https://mpc-recovery-signer-1-dev-300-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "1" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-300" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-1-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-1-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "OIDC_PROVIDERS" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-allowed-oidc-providers-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYGGNXtZv4=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:33.070258Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:27.423449Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CLOwwKgGELj17kA/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMi1kZXYtMzAw\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300/revisions/mpc-recovery-signer-2-dev-300-00001-z9x" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300/revisions/mpc-recovery-signer-2-dev-300-00001-z9x" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-2-dev-300" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-24T11:06:33.070258Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "32f2b0cf-8b5e-4cf7-8004-69d4ec75140a" -> null
      - uri                     = "https://mpc-recovery-signer-2-dev-300-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "2" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-300" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-2-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-2-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "OIDC_PROVIDERS" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-allowed-oidc-providers-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYGGNXuamg=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

Plan: 0 to add, 0 to change, 23 to destroy.

Changes to Outputs:
  - leader_node = "https://mpc-recovery-leader-dev-300-7tk2cmmtcq-ue.a.run.app" -> null
google_project_iam_member.service-account-datastore-user: Destroying... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300/roles/run.invoker/allUsers]
google_service_account_iam_binding.serivce-account-iam: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_service_account_iam_binding.serivce-account-iam: Destruction complete after 4s
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.leader.google_cloud_run_v2_service.leader: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-300]
google_project_iam_member.service-account-datastore-user: Destruction complete after 8s
module.leader.google_cloud_run_v2_service.leader: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-300, 10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Destruction complete after 10s
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300/roles/run.invoker/allUsers]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300/roles/run.invoker/allUsers]
google_secret_manager_secret_iam_member.account_creator_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destruction complete after 4s
google_secret_manager_secret_iam_member.account_creator_secret_access: Destruction complete after 5s
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.signer[1].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-300]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.signer[2].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-300]
module.signer[0].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-300]
module.signer[1].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-300, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-300, 10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-300, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Destruction complete after 10s
module.signer[1].google_cloud_run_v2_service.signer: Destruction complete after 10s
module.signer[0].google_cloud_run_v2_service.signer: Destruction complete after 10s
docker_registry_image.mpc_recovery: Destroying... [id=sha256:25a3435a9f5194d7b74211776ef660480580f67d74d82b51c8ef635338d40f3a]
docker_registry_image.mpc_recovery: Destruction complete after 0s
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
docker_tag.mpc_recovery: Destroying... [id=near/mpc-recovery.us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-300/mpc-recovery-dev-300:7d9c08b7702fe313816c223ffdd593f3e8db235d]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-allowed-oidc-providers-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
docker_tag.mpc_recovery: Destruction complete after 0s
google_artifact_registry_repository.mpc_recovery: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-300]
google_artifact_registry_repository.mpc_recovery: Destruction complete after 0s
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destruction complete after 4s
google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destruction complete after 4s
google_service_account.service_account: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-300@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account.service_account: Destruction complete after 1s

Destroy complete! Resources: 23 destroyed.

Pusher: @itegulov, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env (Destroy)

volovyks
volovyks reviewed Sep 24, 2023
View reviewed changes
Copy link
Collaborator

@volovyks volovyks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!
@DavidM-D after this is merged to develop we will need to set secrets (including Firebase app IDs) in Secret Manager directly. Not in Terraform.

itegulov added a commit that referenced this pull request Sep 25, 2023
@itegulov
feat: decouple secret management from terraform (#300)
2cbcfec
@ChaoticTempest ChaoticTempest deleted the daniyar/unmanaged-secrets branch October 3, 2023 18:06
kmaus-near added a commit that referenced this pull request Nov 15, 2023
@volovyks @itegulov @kmaus-near
Internal LB (#321)
ef95741 
* feat: decouple secret management from terraform (#300)

* initial commit for internal LB

* added working dynamic TF for ILBs

* separate prod and dev infra

* changed connector id for dev

* removed dev workflow, updated prod workflow

* reflected dev and prod env

* updated directory of dev workflow

* updated all workflow dev directories

* removed odic variable

* updated prod workflow to have selectable networks

* added var.env back to fix pipeline

* reverted credential selection

* made SA dynamic again

* reverted GHA workflows

* added back jwt signer url

* updated prod env to include OTLP data

* added correct naming convention for LB stuff

* added correct credential info

* added correct credential info

---------

Co-authored-by: Daniyar Itegulov <ditegulov@gmail.com>
Co-authored-by: kmaus-near <kody.maus.bluepisces@near.org>
Co-authored-by: kmaus-near <109096383+kmaus-near@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@volovyks volovyks volovyks left review comments

@ChaoticTempest ChaoticTempest Awaiting requested review from ChaoticTempest

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@itegulov @volovyks