Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: secure p2p #354

Merged
merged 24 commits into from
Nov 23, 2023
Merged

feat: secure p2p #354

merged 24 commits into from
Nov 23, 2023

Conversation

ChaoticTempest
Copy link
Member

@ChaoticTempest ChaoticTempest commented Nov 13, 2023
edited
Loading

This implements secure p2p communication between two nodes.

  • Adds /msg-private endpoint for secure messaging on protocol SendPrivate actions. msg endpoint is now encrypted when sending messages
  • State transitions are now transactional when progressing the protocol. A clone is made on the state each time, with the exception of triple managers and each protocols which have Arc/RwLock on top of them.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 13, 2023
edited
Loading

Terraform Feature Environment (dev-354)

Terraform Initialization ⚙️success

Terraform Apply success

Show Apply Plan 

data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
data.google_compute_network.prod_network: Reading...
data.google_compute_subnetwork.dev_subnetwork: Reading...
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_subnetwork.prod_subnetwork: Reading...
data.google_compute_network.dev_network: Reading...
data.google_compute_network.prod_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/prod]
data.google_compute_network.dev_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/dev]
data.google_compute_subnetwork.dev_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/dev-us-central1]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_subnetwork.prod_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/prod-us-central1]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354/roles/run.invoker/allUsers]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # module.leader.google_cloud_run_v2_service.leader will be updated in-place
  ~ resource "google_cloud_run_v2_service" "leader" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354"
        name                    = "mpc-recovery-leader-dev-354"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:c01f92b72e29be8047171c4210b82fc05bb38929" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:1dfd0788c6ffeb632dc52e20206d468c1f857ee6"
                # (2 unchanged attributes hidden)

              ~ env {
                    name = "MPC_RECOVERY_ACCOUNT_CREATOR_SK"

                  ~ value_source {
                      ~ secret_key_ref {
                          ~ version = "1" -> "latest"
                            # (1 unchanged attribute hidden)
                        }
                    }
                }

                # (15 unchanged blocks hidden)
            }

          + vpc_access {
              + connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/prod-us-east1-connector"
              + egress    = "PRIVATE_RANGES_ONLY"
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.mpc-leader-lb.google_compute_forwarding_rule.default will be created
  + resource "google_compute_forwarding_rule" "default" {
      + base_forwarding_rule  = (known after apply)
      + creation_timestamp    = (known after apply)
      + id                    = (known after apply)
      + ip_address            = (known after apply)
      + ip_protocol           = "TCP"
      + label_fingerprint     = (known after apply)
      + load_balancing_scheme = "INTERNAL_MANAGED"
      + name                  = "mpc-dev-354-leader-forwarding-rule"
      + network               = "projects/pagoda-shared-infrastructure/global/networks/prod"
      + network_tier          = "PREMIUM"
      + port_range            = "80"
      + project               = "pagoda-discovery-platform-dev"
      + psc_connection_id     = (known after apply)
      + psc_connection_status = (known after apply)
      + region                = "us-central1"
      + self_link             = (known after apply)
      + service_name          = (known after apply)
      + subnetwork            = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/prod-us-central1"
      + target                = (known after apply)
    }

  # module.mpc-leader-lb.google_compute_region_backend_service.default will be created
  + resource "google_compute_region_backend_service" "default" {
      + connection_draining_timeout_sec = 0
      + creation_timestamp              = (known after apply)
      + fingerprint                     = (known after apply)
      + id                              = (known after apply)
      + load_balancing_scheme           = "INTERNAL_MANAGED"
      + name                            = "mpc-dev-354-leader-backend-service"
      + port_name                       = (known after apply)
      + project                         = "pagoda-discovery-platform-dev"
      + protocol                        = "HTTP"
      + region                          = "us-central1"
      + self_link                       = (known after apply)
      + session_affinity                = (known after apply)
      + timeout_sec                     = 30

      + backend {
          + balancing_mode  = "UTILIZATION"
          + capacity_scaler = 1
          + failover        = (known after apply)
          + group           = (known after apply)
        }
    }

  # module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg will be created
  + resource "google_compute_region_network_endpoint_group" "default_neg" {
      + id                    = (known after apply)
      + name                  = "mpc-dev-354-leader-neg"
      + network_endpoint_type = "SERVERLESS"
      + project               = "pagoda-discovery-platform-dev"
      + region                = "us-central1"
      + self_link             = (known after apply)

      + cloud_run {
          + service = "mpc-recovery-leader-dev-354"
        }
    }

  # module.mpc-leader-lb.google_compute_region_target_http_proxy.default will be created
  + resource "google_compute_region_target_http_proxy" "default" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = "mpc-dev-354-leader-http-proxy"
      + project            = "pagoda-discovery-platform-dev"
      + proxy_id           = (known after apply)
      + region             = "us-central1"
      + self_link          = (known after apply)
      + url_map            = (known after apply)
    }

  # module.mpc-leader-lb.google_compute_region_url_map.default will be created
  + resource "google_compute_region_url_map" "default" {
      + creation_timestamp = (known after apply)
      + default_service    = (known after apply)
      + fingerprint        = (known after apply)
      + id                 = (known after apply)
      + map_id             = (known after apply)
      + name               = "mpc-dev-354-leader-url-map"
      + project            = "pagoda-discovery-platform-dev"
      + region             = "us-central1"
      + self_link          = (known after apply)
    }

  # module.mpc-signer-lb[0].google_compute_forwarding_rule.default will be created
  + resource "google_compute_forwarding_rule" "default" {
      + base_forwarding_rule  = (known after apply)
      + creation_timestamp    = (known after apply)
      + id                    = (known after apply)
      + ip_address            = (known after apply)
      + ip_protocol           = "TCP"
      + label_fingerprint     = (known after apply)
      + load_balancing_scheme = "INTERNAL_MANAGED"
      + name                  = "mpc-dev-354-signer-0-forwarding-rule"
      + network               = "projects/pagoda-shared-infrastructure/global/networks/prod"
      + network_tier          = "PREMIUM"
      + port_range            = "80"
      + project               = "pagoda-discovery-platform-dev"
      + psc_connection_id     = (known after apply)
      + psc_connection_status = (known after apply)
      + region                = "us-central1"
      + self_link             = (known after apply)
      + service_name          = (known after apply)
      + subnetwork            = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/prod-us-central1"
      + target                = (known after apply)
    }

  # module.mpc-signer-lb[0].google_compute_region_backend_service.default will be created
  + resource "google_compute_region_backend_service" "default" {
      + connection_draining_timeout_sec = 0
      + creation_timestamp              = (known after apply)
      + fingerprint                     = (known after apply)
      + id                              = (known after apply)
      + load_balancing_scheme           = "INTERNAL_MANAGED"
      + name                            = "mpc-dev-354-signer-0-backend-service"
      + port_name                       = (known after apply)
      + project                         = "pagoda-discovery-platform-dev"
      + protocol                        = "HTTP"
      + region                          = "us-central1"
      + self_link                       = (known after apply)
      + session_affinity                = (known after apply)
      + timeout_sec                     = 30

      + backend {
          + balancing_mode  = "UTILIZATION"
          + capacity_scaler = 1
          + failover        = (known after apply)
          + group           = (known after apply)
        }
    }

  # module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg will be created
  + resource "google_compute_region_network_endpoint_group" "default_neg" {
      + id                    = (known after apply)
      + name                  = "mpc-dev-354-signer-0-neg"
      + network_endpoint_type = "SERVERLESS"
      + project               = "pagoda-discovery-platform-dev"
      + region                = "us-central1"
      + self_link             = (known after apply)

      + cloud_run {
          + service = "mpc-recovery-signer-0-dev-354"
        }
    }

  # module.mpc-signer-lb[0].google_compute_region_target_http_proxy.default will be created
  + resource "google_compute_region_target_http_proxy" "default" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = "mpc-dev-354-signer-0-http-proxy"
      + project            = "pagoda-discovery-platform-dev"
      + proxy_id           = (known after apply)
      + region             = "us-central1"
      + self_link          = (known after apply)
      + url_map            = (known after apply)
    }

  # module.mpc-signer-lb[0].google_compute_region_url_map.default will be created
  + resource "google_compute_region_url_map" "default" {
      + creation_timestamp = (known after apply)
      + default_service    = (known after apply)
      + fingerprint        = (known after apply)
      + id                 = (known after apply)
      + map_id             = (known after apply)
      + name               = "mpc-dev-354-signer-0-url-map"
      + project            = "pagoda-discovery-platform-dev"
      + region             = "us-central1"
      + self_link          = (known after apply)
    }

  # module.mpc-signer-lb[1].google_compute_forwarding_rule.default will be created
  + resource "google_compute_forwarding_rule" "default" {
      + base_forwarding_rule  = (known after apply)
      + creation_timestamp    = (known after apply)
      + id                    = (known after apply)
      + ip_address            = (known after apply)
      + ip_protocol           = "TCP"
      + label_fingerprint     = (known after apply)
      + load_balancing_scheme = "INTERNAL_MANAGED"
      + name                  = "mpc-dev-354-signer-1-forwarding-rule"
      + network               = "projects/pagoda-shared-infrastructure/global/networks/prod"
      + network_tier          = "PREMIUM"
      + port_range            = "80"
      + project               = "pagoda-discovery-platform-dev"
      + psc_connection_id     = (known after apply)
      + psc_connection_status = (known after apply)
      + region                = "us-central1"
      + self_link             = (known after apply)
      + service_name          = (known after apply)
      + subnetwork            = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/prod-us-central1"
      + target                = (known after apply)
    }

  # module.mpc-signer-lb[1].google_compute_region_backend_service.default will be created
  + resource "google_compute_region_backend_service" "default" {
      + connection_draining_timeout_sec = 0
      + creation_timestamp              = (known after apply)
      + fingerprint                     = (known after apply)
      + id                              = (known after apply)
      + load_balancing_scheme           = "INTERNAL_MANAGED"
      + name                            = "mpc-dev-354-signer-1-backend-service"
      + port_name                       = (known after apply)
      + project                         = "pagoda-discovery-platform-dev"
      + protocol                        = "HTTP"
      + region                          = "us-central1"
      + self_link                       = (known after apply)
      + session_affinity                = (known after apply)
      + timeout_sec                     = 30

      + backend {
          + balancing_mode  = "UTILIZATION"
          + capacity_scaler = 1
          + failover        = (known after apply)
          + group           = (known after apply)
        }
    }

  # module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg will be created
  + resource "google_compute_region_network_endpoint_group" "default_neg" {
      + id                    = (known after apply)
      + name                  = "mpc-dev-354-signer-1-neg"
      + network_endpoint_type = "SERVERLESS"
      + project               = "pagoda-discovery-platform-dev"
      + region                = "us-central1"
      + self_link             = (known after apply)

      + cloud_run {
          + service = "mpc-recovery-signer-1-dev-354"
        }
    }

  # module.mpc-signer-lb[1].google_compute_region_target_http_proxy.default will be created
  + resource "google_compute_region_target_http_proxy" "default" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = "mpc-dev-354-signer-1-http-proxy"
      + project            = "pagoda-discovery-platform-dev"
      + proxy_id           = (known after apply)
      + region             = "us-central1"
      + self_link          = (known after apply)
      + url_map            = (known after apply)
    }

  # module.mpc-signer-lb[1].google_compute_region_url_map.default will be created
  + resource "google_compute_region_url_map" "default" {
      + creation_timestamp = (known after apply)
      + default_service    = (known after apply)
      + fingerprint        = (known after apply)
      + id                 = (known after apply)
      + map_id             = (known after apply)
      + name               = "mpc-dev-354-signer-1-url-map"
      + project            = "pagoda-discovery-platform-dev"
      + region             = "us-central1"
      + self_link          = (known after apply)
    }

  # module.mpc-signer-lb[2].google_compute_forwarding_rule.default will be created
  + resource "google_compute_forwarding_rule" "default" {
      + base_forwarding_rule  = (known after apply)
      + creation_timestamp    = (known after apply)
      + id                    = (known after apply)
      + ip_address            = (known after apply)
      + ip_protocol           = "TCP"
      + label_fingerprint     = (known after apply)
      + load_balancing_scheme = "INTERNAL_MANAGED"
      + name                  = "mpc-dev-354-signer-2-forwarding-rule"
      + network               = "projects/pagoda-shared-infrastructure/global/networks/prod"
      + network_tier          = "PREMIUM"
      + port_range            = "80"
      + project               = "pagoda-discovery-platform-dev"
      + psc_connection_id     = (known after apply)
      + psc_connection_status = (known after apply)
      + region                = "us-central1"
      + self_link             = (known after apply)
      + service_name          = (known after apply)
      + subnetwork            = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/prod-us-central1"
      + target                = (known after apply)
    }

  # module.mpc-signer-lb[2].google_compute_region_backend_service.default will be created
  + resource "google_compute_region_backend_service" "default" {
      + connection_draining_timeout_sec = 0
      + creation_timestamp              = (known after apply)
      + fingerprint                     = (known after apply)
      + id                              = (known after apply)
      + load_balancing_scheme           = "INTERNAL_MANAGED"
      + name                            = "mpc-dev-354-signer-2-backend-service"
      + port_name                       = (known after apply)
      + project                         = "pagoda-discovery-platform-dev"
      + protocol                        = "HTTP"
      + region                          = "us-central1"
      + self_link                       = (known after apply)
      + session_affinity                = (known after apply)
      + timeout_sec                     = 30

      + backend {
          + balancing_mode  = "UTILIZATION"
          + capacity_scaler = 1
          + failover        = (known after apply)
          + group           = (known after apply)
        }
    }

  # module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg will be created
  + resource "google_compute_region_network_endpoint_group" "default_neg" {
      + id                    = (known after apply)
      + name                  = "mpc-dev-354-signer-2-neg"
      + network_endpoint_type = "SERVERLESS"
      + project               = "pagoda-discovery-platform-dev"
      + region                = "us-central1"
      + self_link             = (known after apply)

      + cloud_run {
          + service = "mpc-recovery-signer-2-dev-354"
        }
    }

  # module.mpc-signer-lb[2].google_compute_region_target_http_proxy.default will be created
  + resource "google_compute_region_target_http_proxy" "default" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = "mpc-dev-354-signer-2-http-proxy"
      + project            = "pagoda-discovery-platform-dev"
      + proxy_id           = (known after apply)
      + region             = "us-central1"
      + self_link          = (known after apply)
      + url_map            = (known after apply)
    }

  # module.mpc-signer-lb[2].google_compute_region_url_map.default will be created
  + resource "google_compute_region_url_map" "default" {
      + creation_timestamp = (known after apply)
      + default_service    = (known after apply)
      + fingerprint        = (known after apply)
      + id                 = (known after apply)
      + map_id             = (known after apply)
      + name               = "mpc-dev-354-signer-2-url-map"
      + project            = "pagoda-discovery-platform-dev"
      + region             = "us-central1"
      + self_link          = (known after apply)
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354"
        name                    = "mpc-recovery-signer-0-dev-354"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:c01f92b72e29be8047171c4210b82fc05bb38929" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:1dfd0788c6ffeb632dc52e20206d468c1f857ee6"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

          + vpc_access {
              + connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1"
              + egress    = "PRIVATE_RANGES_ONLY"
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354"
        name                    = "mpc-recovery-signer-1-dev-354"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:c01f92b72e29be8047171c4210b82fc05bb38929" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:1dfd0788c6ffeb632dc52e20206d468c1f857ee6"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

          + vpc_access {
              + connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1"
              + egress    = "PRIVATE_RANGES_ONLY"
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354"
        name                    = "mpc-recovery-signer-2-dev-354"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:c01f92b72e29be8047171c4210b82fc05bb38929" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:1dfd0788c6ffeb632dc52e20206d468c1f857ee6"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

          + vpc_access {
              + connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1"
              + egress    = "PRIVATE_RANGES_ONLY"
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 20 to add, 4 to change, 0 to destroy.
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Creating...
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Creating...
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Creating...
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Creating...
module.signer[0].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354]
module.signer[1].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354]
module.signer[2].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354]
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Still creating... [10s elapsed]
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Still creating... [10s elapsed]
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Still creating... [10s elapsed]
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Still creating... [10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-354, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-354, 10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-354, 10s elapsed]
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-1-neg]
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Creating...
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-0-neg]
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Creating...
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-leader-neg]
module.mpc-leader-lb.google_compute_region_backend_service.default: Creating...
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-2-neg]
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Creating...
module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-354, 20s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-354, 20s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-354, 20s elapsed]
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Still creating... [10s elapsed]
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Still creating... [10s elapsed]
module.mpc-leader-lb.google_compute_region_backend_service.default: Still creating... [10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354]
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Still creating... [10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Modifications complete after 22s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354]
module.signer[1].google_cloud_run_v2_service.signer: Modifications complete after 22s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354]
module.leader.google_cloud_run_v2_service.leader: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354]
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Still creating... [20s elapsed]
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Still creating... [20s elapsed]
module.mpc-leader-lb.google_compute_region_backend_service.default: Still creating... [20s elapsed]
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Still creating... [20s elapsed]
module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-354, 10s elapsed]
module.mpc-leader-lb.google_compute_region_backend_service.default: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-leader-backend-service]
module.mpc-leader-lb.google_compute_region_url_map.default: Creating...
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-1-backend-service]
module.mpc-signer-lb[1].google_compute_region_url_map.default: Creating...
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-0-backend-service]
module.mpc-signer-lb[0].google_compute_region_url_map.default: Creating...
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Creation complete after 22s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-2-backend-service]
module.mpc-signer-lb[2].google_compute_region_url_map.default: Creating...
module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-354, 20s elapsed]
module.mpc-leader-lb.google_compute_region_url_map.default: Still creating... [10s elapsed]
module.mpc-signer-lb[1].google_compute_region_url_map.default: Still creating... [10s elapsed]
module.mpc-signer-lb[0].google_compute_region_url_map.default: Still creating... [10s elapsed]
module.mpc-signer-lb[2].google_compute_region_url_map.default: Still creating... [10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354]
module.mpc-leader-lb.google_compute_region_url_map.default: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-leader-url-map]
module.mpc-leader-lb.google_compute_region_target_http_proxy.default: Creating...
module.mpc-signer-lb[0].google_compute_region_url_map.default: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-0-url-map]
module.mpc-signer-lb[0].google_compute_region_target_http_proxy.default: Creating...
module.mpc-signer-lb[1].google_compute_region_url_map.default: Creation complete after 12s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-1-url-map]
module.mpc-signer-lb[1].google_compute_region_target_http_proxy.default: Creating...
module.mpc-signer-lb[2].google_compute_region_url_map.default: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-2-url-map]
module.mpc-signer-lb[2].google_compute_region_target_http_proxy.default: Creating...
module.mpc-signer-lb[0].google_compute_region_target_http_proxy.default: Creation complete after 2s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/targetHttpProxies/mpc-dev-354-signer-0-http-proxy]
module.mpc-signer-lb[0].google_compute_forwarding_rule.default: Creating...
module.mpc-leader-lb.google_compute_region_target_http_proxy.default: Still creating... [10s elapsed]
module.mpc-signer-lb[1].google_compute_region_target_http_proxy.default: Still creating... [10s elapsed]
module.mpc-signer-lb[2].google_compute_region_target_http_proxy.default: Still creating... [10s elapsed]
module.mpc-signer-lb[0].google_compute_forwarding_rule.default: Still creating... [10s elapsed]
module.mpc-signer-lb[1].google_compute_region_target_http_proxy.default: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/targetHttpProxies/mpc-dev-354-signer-1-http-proxy]
module.mpc-signer-lb[1].google_compute_forwarding_rule.default: Creating...
module.mpc-leader-lb.google_compute_region_target_http_proxy.default: Creation complete after 12s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/targetHttpProxies/mpc-dev-354-leader-http-proxy]
module.mpc-leader-lb.google_compute_forwarding_rule.default: Creating...
module.mpc-signer-lb[2].google_compute_region_target_http_proxy.default: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/targetHttpProxies/mpc-dev-354-signer-2-http-proxy]
module.mpc-signer-lb[2].google_compute_forwarding_rule.default: Creating...
module.mpc-signer-lb[0].google_compute_forwarding_rule.default: Still creating... [20s elapsed]
module.mpc-signer-lb[1].google_compute_forwarding_rule.default: Still creating... [10s elapsed]
module.mpc-leader-lb.google_compute_forwarding_rule.default: Still creating... [10s elapsed]
module.mpc-signer-lb[2].google_compute_forwarding_rule.default: Still creating... [10s elapsed]
module.mpc-signer-lb[0].google_compute_forwarding_rule.default: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/forwardingRules/mpc-dev-354-signer-0-forwarding-rule]
module.mpc-signer-lb[1].google_compute_forwarding_rule.default: Still creating... [20s elapsed]
module.mpc-leader-lb.google_compute_forwarding_rule.default: Still creating... [20s elapsed]
module.mpc-signer-lb[2].google_compute_forwarding_rule.default: Still creating... [20s elapsed]
module.mpc-signer-lb[1].google_compute_forwarding_rule.default: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/forwardingRules/mpc-dev-354-signer-1-forwarding-rule]
module.mpc-signer-lb[2].google_compute_forwarding_rule.default: Creation complete after 21s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/forwardingRules/mpc-dev-354-signer-2-forwarding-rule]
module.mpc-leader-lb.google_compute_forwarding_rule.default: Creation complete after 22s [id=projects/pagoda-discovery-platform-dev/regions/us-central1/forwardingRules/mpc-dev-354-leader-forwarding-rule]

Apply complete! Resources: 20 added, 4 changed, 0 destroyed.

Outputs:

leader_node = "https://mpc-recovery-leader-dev-354-7tk2cmmtcq-ue.a.run.app"

Pusher: @ChaoticTempest, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env

URL: https://mpc-recovery-leader-dev-354-7tk2cmmtcq-ue.a.run.app

itegulov
itegulov reviewed Nov 16, 2023
View reviewed changes
Copy link
Contributor

@itegulov itegulov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't finished reviewing yet, but this is my thoughts so far

keys/src/hpke.rs Outdated

/// This can be used to customize the generated key. This will be used as a sort of
/// versioning mechanism for the key.
const INFO_ENTROPY: &[u8] = b"session-key-v1";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, can you give an example of a situation when we would want "bump" this version?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is just extra info for generating the derived key fro encryption. So it's more for contextual info. It's useful when we end up using the same key as encryption and signing, but we don't se it can just empty or static like this. I just arbitrarily made it into a versioning scheme

contract/src/lib.rs Show resolved Hide resolved
contract/src/lib.rs
@@ -34,6 +42,7 @@ pub struct InitializingContractState {
#[derive(BorshDeserialize, BorshSerialize, Serialize, Deserialize, Debug)]
pub struct RunningContractState {
pub epoch: u64,
// TODO: why is this account id for participants instead of participant id?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is kind of like a preparation for #330
Ideally nodes should be identified by the account id they use for interacting with the contract and the participant id should be given to them at runtime by the contract

node/src/protocol/cryptography.rs Outdated Show resolved Hide resolved
keys/src/hpke.rs
@@ -0,0 +1,156 @@
use borsh::{self, BorshDeserialize, BorshSerialize};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI I want Michel to take a look at this to make sure we are not misusing anything here, will let you know how it goes

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@itegulov Are we good to go?

volovyks
volovyks approved these changes Nov 22, 2023
View reviewed changes
Copy link
Collaborator

@volovyks volovyks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work. Let's merge this one and #380, merge conflicts, etc. It's hard to proceed with two big PRs not being merged.

contract/src/lib.rs
@@ -22,6 +26,10 @@ pub struct ParticipantInfo {
pub id: ParticipantId,
pub account_id: AccountId,
pub url: String,
/// The public key used for encrypting messages.
pub cipher_pk: hpke::PublicKey,
/// The public key used for verifying messages.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather have longer names here and in other places, like msg_encryption_pk, msg_signature_pk. People and other developers can confuse these with key shares.

keys/src/hpke.rs
@@ -0,0 +1,156 @@
use borsh::{self, BorshDeserialize, BorshSerialize};
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@itegulov Are we good to go?

node/src/http_client.rs
client: &Client,
url: U,
message: MpcMessage,
) -> Result<(), SendError> {
let encrypted = SignedMessage::encrypt(message, participant, sign_sk, cipher_pk)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is encryption and signing in one function, right?

node/src/protocol/cryptography.rs
#[error("sync failed: {0}")]
SyncError(String),
#[error(transparent)]
DataConversion(#[from] serde_json::Error),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: <name>Error(

@itegulov
Copy link
Contributor

Ok, I am merging this to avoid conflicts and we can address comments in a follow up PR

@itegulov itegulov merged commit 2a76c36 into develop Nov 23, 2023
5 of 6 checks passed
@itegulov itegulov deleted the phuong/feat/secure-p2p branch November 23, 2023 00:28
@github-actions GitHub Actions
Copy link

Terraform Feature Environment Destroy (dev-354)

Terraform Initialization ⚙️success

Terraform Destroy success

Show Destroy Plan 

data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
data.google_compute_network.dev_network: Reading...
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.prod_network: Reading...
data.google_compute_subnetwork.prod_subnetwork: Reading...
data.google_compute_subnetwork.dev_subnetwork: Reading...
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-1-neg]
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-2-neg]
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-leader-neg]
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-0-neg]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.dev_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/dev]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_subnetwork.dev_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-dev-us-east1]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.prod_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/prod]
module.mpc-leader-lb.google_compute_region_backend_service.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-leader-backend-service]
data.google_compute_subnetwork.prod_subnetwork: Read complete after 1s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-prod-us-east1]
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-0-backend-service]
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-1-backend-service]
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-2-backend-service]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354]
module.mpc-leader-lb.google_compute_region_url_map.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-leader-url-map]
module.mpc-signer-lb[0].google_compute_region_url_map.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-0-url-map]
module.mpc-signer-lb[2].google_compute_region_url_map.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-2-url-map]
module.mpc-signer-lb[1].google_compute_region_url_map.default: Refreshing state... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-1-url-map]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354/roles/run.invoker/allUsers]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # google_project_iam_member.service-account-datastore-user will be destroyed
  - resource "google_project_iam_member" "service-account-datastore-user" {
      - etag    = "BwYKunSX2NI=" -> null
      - id      = "pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member  = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project = "pagoda-discovery-platform-dev" -> null
      - role    = "roles/datastore.user" -> null
    }

  # google_secret_manager_secret_iam_member.account_creator_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      - etag      = "BwYKunRjmWc=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[0] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYKunRjJHA=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[1] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYKunSkunU=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[2] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYKunSjpmo=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev" -> null
    }

  # google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      - etag      = "BwYKunRjllE=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[0] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYKunSdQDA=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[1] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYKunRjiqU=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[2] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYKunSjRKg=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev" -> null
    }

  # google_service_account.service_account will be destroyed
  - resource "google_service_account" "service_account" {
      - account_id   = "mpc-recovery-dev-354" -> null
      - disabled     = false -> null
      - display_name = "MPC Recovery dev-354 Account" -> null
      - email        = "mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - id           = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member       = "serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - name         = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project      = "pagoda-discovery-platform-dev" -> null
      - unique_id    = "113913599624214855543" -> null
    }

  # google_service_account_iam_binding.serivce-account-iam will be destroyed
  - resource "google_service_account_iam_binding" "serivce-account-iam" {
      - etag               = "BwYKEVgyAeA=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser" -> null
      - members            = [
          - "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com",
        ] -> null
      - role               = "roles/iam.serviceAccountUser" -> null
      - service_account_id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
    }

  # module.leader.google_cloud_run_v2_service.leader will be destroyed
  - resource "google_cloud_run_v2_service" "leader" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:22:25.225778Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:22:09.354034Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"COGd5KoGEJCcsDs/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1sZWFkZXItZGV2LTM1NA\"" -> null
      - generation              = "6" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354" -> null
      - ingress                 = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354/revisions/mpc-recovery-leader-dev-354-00006-74l" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354/revisions/mpc-recovery-leader-dev-354-00006-74l" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-leader-dev-354" -> null
      - observed_generation     = "6" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:22:25.095541Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "2e10af1d-0bfc-45b0-b1f5-379be9fcf8d3" -> null
      - uri                     = "https://mpc-recovery-leader-dev-354-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-leader",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3be4198fb97afdc9170d93951f490ec36fe19529" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_SIGN_NODES" -> null
                  - value = "https://mpc-recovery-signer-0-dev-354-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-1-dev-354-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-2-dev-354-7tk2cmmtcq-ue.a.run.app" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_RPC" -> null
                  - value = "https://rpc.testnet.near.org" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT" -> null
                  - value = "testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ACCOUNT_CREATOR_ID" -> null
                  - value = "mpc-recovery-dev-creator.testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-354" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_ACCOUNT_CREATOR_SK" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-recovery-account-creator-sk-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "FAST_AUTH_PARTNERS" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-fast-auth-partners-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_OTLP_ENDPOINT" -> null
                  - value = "https://otel.dev.api.pagoda.co:443/v1/traces" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_OPENTELEMETRY_LEVEL" -> null
                  - value = "debug" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYKEVtJoT4=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.mpc-leader-lb.google_compute_region_backend_service.default will be destroyed
  - resource "google_compute_region_backend_service" "default" {
      - affinity_cookie_ttl_sec         = 0 -> null
      - connection_draining_timeout_sec = 0 -> null
      - creation_timestamp              = "2023-11-15T13:24:47.365-08:00" -> null
      - enable_cdn                      = false -> null
      - fingerprint                     = "tghagF_TZTQ=" -> null
      - health_checks                   = [] -> null
      - id                              = "projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-leader-backend-service" -> null
      - load_balancing_scheme           = "INTERNAL_MANAGED" -> null
      - name                            = "mpc-dev-354-leader-backend-service" -> null
      - port_name                       = "http" -> null
      - project                         = "pagoda-discovery-platform-dev" -> null
      - protocol                        = "HTTP" -> null
      - region                          = "us-central1" -> null
      - self_link                       = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-leader-backend-service" -> null
      - session_affinity                = "NONE" -> null
      - timeout_sec                     = 30 -> null

      - backend {
          - balancing_mode               = "UTILIZATION" -> null
          - capacity_scaler              = 1 -> null
          - failover                     = false -> null
          - group                        = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-leader-neg" -> null
          - max_connections              = 0 -> null
          - max_connections_per_endpoint = 0 -> null
          - max_connections_per_instance = 0 -> null
          - max_rate                     = 0 -> null
          - max_rate_per_endpoint        = 0 -> null
          - max_rate_per_instance        = 0 -> null
          - max_utilization              = 0 -> null
        }
    }

  # module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg will be destroyed
  - resource "google_compute_region_network_endpoint_group" "default_neg" {
      - id                    = "projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-leader-neg" -> null
      - name                  = "mpc-dev-354-leader-neg" -> null
      - network_endpoint_type = "SERVERLESS" -> null
      - project               = "pagoda-discovery-platform-dev" -> null
      - region                = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1" -> null
      - self_link             = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-leader-neg" -> null

      - cloud_run {
          - service = "mpc-recovery-leader-dev-354" -> null
        }
    }

  # module.mpc-leader-lb.google_compute_region_url_map.default will be destroyed
  - resource "google_compute_region_url_map" "default" {
      - creation_timestamp = "2023-11-15T13:25:08.643-08:00" -> null
      - default_service    = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-leader-backend-service" -> null
      - fingerprint        = "Ww8Z1SP21CA=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-leader-url-map" -> null
      - map_id             = 1583978276856564200 -> null
      - name               = "mpc-dev-354-leader-url-map" -> null
      - project            = "pagoda-discovery-platform-dev" -> null
      - region             = "us-central1" -> null
      - self_link          = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-leader-url-map" -> null
    }

  # module.mpc-signer-lb[0].google_compute_region_backend_service.default will be destroyed
  - resource "google_compute_region_backend_service" "default" {
      - affinity_cookie_ttl_sec         = 0 -> null
      - connection_draining_timeout_sec = 0 -> null
      - creation_timestamp              = "2023-11-15T13:24:47.225-08:00" -> null
      - enable_cdn                      = false -> null
      - fingerprint                     = "1TMQDuvPG-0=" -> null
      - health_checks                   = [] -> null
      - id                              = "projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-0-backend-service" -> null
      - load_balancing_scheme           = "INTERNAL_MANAGED" -> null
      - name                            = "mpc-dev-354-signer-0-backend-service" -> null
      - port_name                       = "http" -> null
      - project                         = "pagoda-discovery-platform-dev" -> null
      - protocol                        = "HTTP" -> null
      - region                          = "us-central1" -> null
      - self_link                       = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-0-backend-service" -> null
      - session_affinity                = "NONE" -> null
      - timeout_sec                     = 30 -> null

      - backend {
          - balancing_mode               = "UTILIZATION" -> null
          - capacity_scaler              = 1 -> null
          - failover                     = false -> null
          - group                        = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-0-neg" -> null
          - max_connections              = 0 -> null
          - max_connections_per_endpoint = 0 -> null
          - max_connections_per_instance = 0 -> null
          - max_rate                     = 0 -> null
          - max_rate_per_endpoint        = 0 -> null
          - max_rate_per_instance        = 0 -> null
          - max_utilization              = 0 -> null
        }
    }

  # module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg will be destroyed
  - resource "google_compute_region_network_endpoint_group" "default_neg" {
      - id                    = "projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-0-neg" -> null
      - name                  = "mpc-dev-354-signer-0-neg" -> null
      - network_endpoint_type = "SERVERLESS" -> null
      - project               = "pagoda-discovery-platform-dev" -> null
      - region                = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1" -> null
      - self_link             = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-0-neg" -> null

      - cloud_run {
          - service = "mpc-recovery-signer-0-dev-354" -> null
        }
    }

  # module.mpc-signer-lb[0].google_compute_region_url_map.default will be destroyed
  - resource "google_compute_region_url_map" "default" {
      - creation_timestamp = "2023-11-15T13:25:08.884-08:00" -> null
      - default_service    = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-0-backend-service" -> null
      - fingerprint        = "bK8-sF4HctU=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-0-url-map" -> null
      - map_id             = 653773576989084200 -> null
      - name               = "mpc-dev-354-signer-0-url-map" -> null
      - project            = "pagoda-discovery-platform-dev" -> null
      - region             = "us-central1" -> null
      - self_link          = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-0-url-map" -> null
    }

  # module.mpc-signer-lb[1].google_compute_region_backend_service.default will be destroyed
  - resource "google_compute_region_backend_service" "default" {
      - affinity_cookie_ttl_sec         = 0 -> null
      - connection_draining_timeout_sec = 0 -> null
      - creation_timestamp              = "2023-11-15T13:24:47.277-08:00" -> null
      - enable_cdn                      = false -> null
      - fingerprint                     = "II8asZ6jr58=" -> null
      - health_checks                   = [] -> null
      - id                              = "projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-1-backend-service" -> null
      - load_balancing_scheme           = "INTERNAL_MANAGED" -> null
      - name                            = "mpc-dev-354-signer-1-backend-service" -> null
      - port_name                       = "http" -> null
      - project                         = "pagoda-discovery-platform-dev" -> null
      - protocol                        = "HTTP" -> null
      - region                          = "us-central1" -> null
      - self_link                       = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-1-backend-service" -> null
      - session_affinity                = "NONE" -> null
      - timeout_sec                     = 30 -> null

      - backend {
          - balancing_mode               = "UTILIZATION" -> null
          - capacity_scaler              = 1 -> null
          - failover                     = false -> null
          - group                        = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-1-neg" -> null
          - max_connections              = 0 -> null
          - max_connections_per_endpoint = 0 -> null
          - max_connections_per_instance = 0 -> null
          - max_rate                     = 0 -> null
          - max_rate_per_endpoint        = 0 -> null
          - max_rate_per_instance        = 0 -> null
          - max_utilization              = 0 -> null
        }
    }

  # module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg will be destroyed
  - resource "google_compute_region_network_endpoint_group" "default_neg" {
      - id                    = "projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-1-neg" -> null
      - name                  = "mpc-dev-354-signer-1-neg" -> null
      - network_endpoint_type = "SERVERLESS" -> null
      - project               = "pagoda-discovery-platform-dev" -> null
      - region                = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1" -> null
      - self_link             = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-1-neg" -> null

      - cloud_run {
          - service = "mpc-recovery-signer-1-dev-354" -> null
        }
    }

  # module.mpc-signer-lb[1].google_compute_region_url_map.default will be destroyed
  - resource "google_compute_region_url_map" "default" {
      - creation_timestamp = "2023-11-15T13:25:08.958-08:00" -> null
      - default_service    = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-1-backend-service" -> null
      - fingerprint        = "92BfPmJPyVc=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-1-url-map" -> null
      - map_id             = 5323494632334068000 -> null
      - name               = "mpc-dev-354-signer-1-url-map" -> null
      - project            = "pagoda-discovery-platform-dev" -> null
      - region             = "us-central1" -> null
      - self_link          = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-1-url-map" -> null
    }

  # module.mpc-signer-lb[2].google_compute_region_backend_service.default will be destroyed
  - resource "google_compute_region_backend_service" "default" {
      - affinity_cookie_ttl_sec         = 0 -> null
      - connection_draining_timeout_sec = 0 -> null
      - creation_timestamp              = "2023-11-15T13:24:47.845-08:00" -> null
      - enable_cdn                      = false -> null
      - fingerprint                     = "ObwX8E-74oo=" -> null
      - health_checks                   = [] -> null
      - id                              = "projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-2-backend-service" -> null
      - load_balancing_scheme           = "INTERNAL_MANAGED" -> null
      - name                            = "mpc-dev-354-signer-2-backend-service" -> null
      - port_name                       = "http" -> null
      - project                         = "pagoda-discovery-platform-dev" -> null
      - protocol                        = "HTTP" -> null
      - region                          = "us-central1" -> null
      - self_link                       = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-2-backend-service" -> null
      - session_affinity                = "NONE" -> null
      - timeout_sec                     = 30 -> null

      - backend {
          - balancing_mode               = "UTILIZATION" -> null
          - capacity_scaler              = 1 -> null
          - failover                     = false -> null
          - group                        = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-2-neg" -> null
          - max_connections              = 0 -> null
          - max_connections_per_endpoint = 0 -> null
          - max_connections_per_instance = 0 -> null
          - max_rate                     = 0 -> null
          - max_rate_per_endpoint        = 0 -> null
          - max_rate_per_instance        = 0 -> null
          - max_utilization              = 0 -> null
        }
    }

  # module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg will be destroyed
  - resource "google_compute_region_network_endpoint_group" "default_neg" {
      - id                    = "projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-2-neg" -> null
      - name                  = "mpc-dev-354-signer-2-neg" -> null
      - network_endpoint_type = "SERVERLESS" -> null
      - project               = "pagoda-discovery-platform-dev" -> null
      - region                = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1" -> null
      - self_link             = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-2-neg" -> null

      - cloud_run {
          - service = "mpc-recovery-signer-2-dev-354" -> null
        }
    }

  # module.mpc-signer-lb[2].google_compute_region_url_map.default will be destroyed
  - resource "google_compute_region_url_map" "default" {
      - creation_timestamp = "2023-11-15T13:25:09.026-08:00" -> null
      - default_service    = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-2-backend-service" -> null
      - fingerprint        = "OjySf4Xk4ZQ=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-2-url-map" -> null
      - map_id             = 9167492329349089000 -> null
      - name               = "mpc-dev-354-signer-2-url-map" -> null
      - project            = "pagoda-discovery-platform-dev" -> null
      - region             = "us-central1" -> null
      - self_link          = "https://www.googleapis.com/compute/v1/projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-2-url-map" -> null
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:59.180859Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:38.679624Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CMKd5KoGEPjE5k8/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMC1kZXYtMzU0\"" -> null
      - generation              = "6" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354/revisions/mpc-recovery-signer-0-dev-354-00006-rmp" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354/revisions/mpc-recovery-signer-0-dev-354-00006-rmp" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-0-dev-354" -> null
      - observed_generation     = "6" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:59.065135Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "f56f20b7-49cb-4376-bd3e-66128ae96bd2" -> null
      - uri                     = "https://mpc-recovery-signer-0-dev-354-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3be4198fb97afdc9170d93951f490ec36fe19529" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "0" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-354" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-0-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-0-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYKEVkhXcQ=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:58.185093Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:38.693085Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CMKd5KoGENjO_FE/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMS1kZXYtMzU0\"" -> null
      - generation              = "6" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354/revisions/mpc-recovery-signer-1-dev-354-00006-9cb" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354/revisions/mpc-recovery-signer-1-dev-354-00006-9cb" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-1-dev-354" -> null
      - observed_generation     = "6" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:58.073908Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "08206340-e350-4b45-a886-e38cdbb9f4b3" -> null
      - uri                     = "https://mpc-recovery-signer-1-dev-354-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3be4198fb97afdc9170d93951f490ec36fe19529" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "1" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-354" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-1-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-1-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYKEVnGM/o=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:22:01.126213Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:21:38.664198Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CMKd5KoGEIjgyl4/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMi1kZXYtMzU0\"" -> null
      - generation              = "6" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354/revisions/mpc-recovery-signer-2-dev-354-00006-pbn" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354/revisions/mpc-recovery-signer-2-dev-354-00006-pbn" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-2-dev-354" -> null
      - observed_generation     = "6" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-11-18T19:22:01.043437Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "d8f28775-fca3-45af-8681-bcfcd9dcff64" -> null
      - uri                     = "https://mpc-recovery-signer-2-dev-354-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:3be4198fb97afdc9170d93951f490ec36fe19529" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "2" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-354" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-2-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-2-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYKEVktoGQ=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

Plan: 0 to add, 0 to change, 31 to destroy.

Changes to Outputs:
  - leader_node = "https://mpc-recovery-leader-dev-354-7tk2cmmtcq-ue.a.run.app" -> null
google_service_account_iam_binding.serivce-account-iam: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
module.mpc-signer-lb[1].google_compute_region_url_map.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-1-url-map]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354/roles/run.invoker/allUsers]
google_project_iam_member.service-account-datastore-user: Destroying... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.mpc-signer-lb[0].google_compute_region_url_map.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-0-url-map]
module.mpc-signer-lb[2].google_compute_region_url_map.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-signer-2-url-map]
module.mpc-leader-lb.google_compute_region_url_map.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/urlMaps/mpc-dev-354-leader-url-map]
google_service_account_iam_binding.serivce-account-iam: Destruction complete after 4s
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.leader.google_cloud_run_v2_service.leader: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-354]
google_project_iam_member.service-account-datastore-user: Destruction complete after 8s
module.mpc-signer-lb[0].google_compute_region_url_map.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/urlMaps/mpc-dev-354-signer-0-url-map, 10s elapsed]
module.mpc-signer-lb[2].google_compute_region_url_map.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/urlMaps/mpc-dev-354-signer-2-url-map, 10s elapsed]
module.mpc-signer-lb[1].google_compute_region_url_map.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/urlMaps/mpc-dev-354-signer-1-url-map, 10s elapsed]
module.mpc-leader-lb.google_compute_region_url_map.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...al1/urlMaps/mpc-dev-354-leader-url-map, 10s elapsed]
module.mpc-signer-lb[0].google_compute_region_url_map.default: Destruction complete after 11s
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-0-backend-service]
module.mpc-leader-lb.google_compute_region_url_map.default: Destruction complete after 11s
module.mpc-leader-lb.google_compute_region_backend_service.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-leader-backend-service]
module.mpc-signer-lb[1].google_compute_region_url_map.default: Destruction complete after 11s
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-1-backend-service]
module.mpc-signer-lb[2].google_compute_region_url_map.default: Destruction complete after 11s
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/backendServices/mpc-dev-354-signer-2-backend-service]
module.leader.google_cloud_run_v2_service.leader: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-354, 10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Destruction complete after 11s
google_secret_manager_secret_iam_member.account_creator_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354/roles/run.invoker/allUsers]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354/roles/run.invoker/allUsers]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destruction complete after 4s
google_secret_manager_secret_iam_member.account_creator_secret_access: Destruction complete after 4s
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s
module.signer[0].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-354]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s
module.signer[2].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-354]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s
module.signer[1].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-354]
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...s/mpc-dev-354-signer-0-backend-service, 10s elapsed]
module.mpc-leader-lb.google_compute_region_backend_service.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...ces/mpc-dev-354-leader-backend-service, 10s elapsed]
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...s/mpc-dev-354-signer-1-backend-service, 10s elapsed]
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Still destroying... [id=projects/pagoda-discovery-platform-dev/...s/mpc-dev-354-signer-2-backend-service, 10s elapsed]
module.mpc-signer-lb[0].google_compute_region_backend_service.default: Destruction complete after 11s
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-0-neg]
module.mpc-signer-lb[1].google_compute_region_backend_service.default: Destruction complete after 11s
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-1-neg]
module.mpc-signer-lb[2].google_compute_region_backend_service.default: Destruction complete after 11s
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-signer-2-neg]
module.mpc-leader-lb.google_compute_region_backend_service.default: Destruction complete after 11s
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Destroying... [id=projects/pagoda-discovery-platform-dev/regions/us-central1/networkEndpointGroups/mpc-dev-354-leader-neg]
module.signer[0].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-354, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-354, 10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-354, 10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Destruction complete after 10s
module.signer[2].google_cloud_run_v2_service.signer: Destruction complete after 10s
module.signer[1].google_cloud_run_v2_service.signer: Destruction complete after 10s
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Still destroying... [id=projects/pagoda-discovery-platform-dev/...ndpointGroups/mpc-dev-354-signer-0-neg, 10s elapsed]
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Still destroying... [id=projects/pagoda-discovery-platform-dev/...ndpointGroups/mpc-dev-354-signer-1-neg, 10s elapsed]
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Still destroying... [id=projects/pagoda-discovery-platform-dev/...ndpointGroups/mpc-dev-354-signer-2-neg, 10s elapsed]
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Still destroying... [id=projects/pagoda-discovery-platform-dev/...kEndpointGroups/mpc-dev-354-leader-neg, 10s elapsed]
module.mpc-signer-lb[0].google_compute_region_network_endpoint_group.default_neg: Destruction complete after 10s
module.mpc-signer-lb[2].google_compute_region_network_endpoint_group.default_neg: Destruction complete after 10s
module.mpc-signer-lb[1].google_compute_region_network_endpoint_group.default_neg: Destruction complete after 10s
module.mpc-leader-lb.google_compute_region_network_endpoint_group.default_neg: Destruction complete after 10s
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destruction complete after 4s
google_service_account.service_account: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-354@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account.service_account: Destruction complete after 1s

Destroy complete! Resources: 31 destroyed.

Pusher: @itegulov, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env (Destroy)

@itegulov itegulov linked an issue Nov 24, 2023 that may be closed by this pull request
Secure p2p communication #329
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@itegulov itegulov itegulov left review comments

@volovyks volovyks volovyks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure p2p communication
3 participants
@ChaoticTempest @itegulov @volovyks