Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: stop infinite process of presignature message missing triples #560

Merged
merged 5 commits into from
May 8, 2024

Conversation

ppca
Copy link
Contributor

@ppca ppca commented Apr 3, 2024

Currently, we would push presignature message to leftover messages if not both triples are found. This means we will likely process these messages over and over and never get rid of them.

This change will time such message out if > 1 min (presignature timeout threshold), and this message won't be retained in the queue.

@ppca ppca requested review from volovyks and ChaoticTempest April 3, 2024 22:36
Copy link

github-actions bot commented Apr 3, 2024

Terraform Feature Environment (dev-560)

Terraform Initialization ⚙️success

Terraform Apply success

Show Apply Plan

data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
data.google_compute_network.prod_network: Reading...
data.google_compute_subnetwork.prod_subnetwork: Reading...
data.google_compute_subnetwork.dev_subnetwork: Reading...
data.google_compute_network.dev_network: Reading...
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.prod_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/prod]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.dev_network: Read complete after 0s [id=projects/pagoda-shared-infrastructure/global/networks/dev]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_subnetwork.prod_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-prod-us-east1]
data.google_compute_subnetwork.dev_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-dev-us-east1]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560/roles/run.invoker/allUsers]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.leader.google_cloud_run_v2_service.leader will be updated in-place
  ~ resource "google_cloud_run_v2_service" "leader" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560"
        name                    = "mpc-recovery-leader-dev-560"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:2b953b3343e2da9a15690b5cbcce5f52e931babf" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b"
                # (2 unchanged attributes hidden)

                # (16 unchanged blocks hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560"
        name                    = "mpc-recovery-signer-0-dev-560"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:2b953b3343e2da9a15690b5cbcce5f52e931babf" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560"
        name                    = "mpc-recovery-signer-1-dev-560"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:2b953b3343e2da9a15690b5cbcce5f52e931babf" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560"
        name                    = "mpc-recovery-signer-2-dev-560"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:2b953b3343e2da9a15690b5cbcce5f52e931babf" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.
module.signer[2].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560]
module.signer[0].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560]
module.signer[1].google_cloud_run_v2_service.signer: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560]
module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-560, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-560, 10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-560, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-560, 20s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-560, 20s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still modifying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-560, 20s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560]
module.signer[0].google_cloud_run_v2_service.signer: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560]
module.signer[2].google_cloud_run_v2_service.signer: Modifications complete after 22s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560]
module.leader.google_cloud_run_v2_service.leader: Modifying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560]
module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-560, 10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Still modifying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-560, 20s elapsed]
module.leader.google_cloud_run_v2_service.leader: Modifications complete after 21s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560]

Apply complete! Resources: 0 added, 4 changed, 0 destroyed.

Outputs:

leader_node = "https://mpc-recovery-leader-dev-560-7tk2cmmtcq-ue.a.run.app"

Pusher: @ppca, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env

URL: https://mpc-recovery-leader-dev-560-7tk2cmmtcq-ue.a.run.app

Copy link
Collaborator

@volovyks volovyks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've checked the logs and there are no messages (no new messages received) without signature requests. There is no infinite loop of messages, but maybe they stay in the loops for a long time.

We should choose one approach here and use it in triple, presignature, and signature generation protocols since the problematics is the same.

@@ -29,6 +29,9 @@ pub const FAILED_TRIPLES_TIMEOUT: Duration = Duration::from_secs(120 * 60);
/// Default invalidation time for taken triples and presignatures. 120 mins
pub const TAKEN_TIMEOUT: Duration = Duration::from_secs(120 * 60);

/// Default invalidation time for requested presignatures. 120 mins
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's not specify the same numbers in the comments. They can be changed in the future and make future devs confused.

@ppca
Copy link
Contributor Author

ppca commented Apr 4, 2024

I've checked the logs and there are no messages (no new messages received) without signature requests. There is no infinite loop of messages, but maybe they stay in the loops for a long time.

We should choose one approach here and use it in triple, presignature, and signature generation protocols since the problematics is the same.

The message is could not initiate non-introduced presignature: triple might not have completed for this node yet or TripleIsMissing. I think this happens when a presiganture generation involves triples that this node does not have.

Copy link
Member

@ChaoticTempest ChaoticTempest left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So for the most part, we're seeing these logs when we're waiting for triples to get generated, and mostly occurs when we don't have a stockpile of triples yet, when the presignature manager is waiting for specific triples. So we should be distinguishing between TripleIsMissing and TripleIsGenerating sort of errors

node/src/protocol/presignature.rs Outdated Show resolved Hide resolved
@ppca
Copy link
Contributor Author

ppca commented Apr 15, 2024

So for the most part, we're seeing these logs when we're waiting for triples to get generated, and mostly occurs when we don't have a stockpile of triples yet, when the presignature manager is waiting for specific triples. So we should be distinguishing between TripleIsMissing and TripleIsGenerating sort of errors

The case that's more problematic is when a node does not have a triple, and not going to generate it (for example, if somehow datastore did not persist triples successfully or the node goes offline at an unfortunate time), but it will always be processing the msg that asks the node to generate a presignature with that triple. Such msg will stay in the queue forever.

TripleIsGenerating makes sense. We could differentiate between the two errors, and add timestamp to the messages, and skip a message if it already timed out.

@ppca
Copy link
Contributor Author

ppca commented Apr 15, 2024

We should choose one approach here and use it in triple, presignature, and signature generation protocols since the problematics is the same.

Agree we should use the same approach.

@ppca ppca force-pushed the xiangyi/timeout_presignature_messages branch from a00b871 to 566e3eb Compare April 15, 2024 23:15
@ppca
Copy link
Contributor Author

ppca commented Apr 15, 2024

removed requested altogether.
different between TripleIsGenerating and TripleIsMissing, and skip presignature and signature messages that were sent more than 1 min ago.

@@ -83,3 +84,16 @@ pub fn get_triple_timeout() -> Duration {
.unwrap_or_default()
.unwrap_or(crate::types::PROTOCOL_TRIPLE_TIMEOUT)
}

pub fn is_elapsed_longer_than_timeout(timestamp_sec: u64, timeout: Duration) -> bool {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've used simpler pattern before:

if timestamp.elapsed() < DEFAULT_TIMEOUT {...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that elapsed works with Instant, which records the relative timestamp in the system, not the absolute timestamp. Since we are sending the timestamp as a field in the messages, it needs to be comprehensible in all nodes' system, thus using u64 timestamp to represent the time.

@@ -43,6 +44,8 @@ pub struct TripleMessage {
pub epoch: u64,
pub from: Participant,
pub data: MessageData,
// UNIX timestamp as seconds since the epoch
pub timestamp: u64,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add this field to all message types. Let's make it a standard. We want to delete all types of messages from the queue when they expire. Message trait may be a good idea here.

+ chrono::Duration::nanoseconds(timeout.subsec_nanos() as i64);
elapsed_duration > timeout
} else {
false
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we return false in case of failure, such message will never be deleted from the queue.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the case where it's not Single only happens in the following

Returns MappedLocalTime::None on out-of-range number of seconds and/or invalid nanosecond, otherwise always returns MappedLocalTime::Single.

So we should be fine for the most part since our timestamp should never be out of range since we created it with Utc::now().timestamp() in the first place, but maybe we should add some guardrails to the type itself later when we get the chance, just in case someone ends up setting timestamp to be something else not from the chrono crate

@ppca
Copy link
Contributor Author

ppca commented Apr 18, 2024

hmmm I realized adding the timestamp as required to messages may make it non-backward compatible. It should be an optional field instead. Will change.

@volovyks
Copy link
Collaborator

@ppca currently we are updating all the nodes at the same time. We better do it as required now than dealing with Optional later.

@ppca
Copy link
Contributor Author

ppca commented Apr 19, 2024

@ppca currently we are updating all the nodes at the same time. We better do it as required now than dealing with Optional later.

Problem is partner testnet is not....they update within an hour but not at the same time

@volovyks
Copy link
Collaborator

Ok, but let's delete Optional after the update.

@ppca ppca merged commit fded16b into develop May 8, 2024
5 checks passed
@ppca ppca deleted the xiangyi/timeout_presignature_messages branch May 8, 2024 11:16
Copy link

github-actions bot commented May 8, 2024

Terraform Feature Environment Destroy (dev-560)

Terraform Initialization ⚙️success

Terraform Destroy success

Show Destroy Plan

data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
data.google_compute_subnetwork.dev_subnetwork: Reading...
data.google_compute_network.prod_network: Reading...
data.google_compute_subnetwork.prod_subnetwork: Reading...
data.google_compute_network.dev_network: Reading...
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_subnetwork.prod_subnetwork: Read complete after 0s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-prod-us-east1]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.prod_network: Read complete after 1s [id=projects/pagoda-shared-infrastructure/global/networks/prod]
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_subnetwork.dev_subnetwork: Read complete after 1s [id=projects/pagoda-shared-infrastructure/regions/us-east1/subnetworks/cloudrun-main-dev-us-east1]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
data.google_compute_network.dev_network: Read complete after 1s [id=projects/pagoda-shared-infrastructure/global/networks/dev]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560/roles/run.invoker/allUsers]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # google_project_iam_member.service-account-datastore-user will be destroyed
  - resource "google_project_iam_member" "service-account-datastore-user" {
      - etag    = "BwYX7tbCZLE=" -> null
      - id      = "pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member  = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project = "pagoda-discovery-platform-dev" -> null
      - role    = "roles/datastore.user" -> null
    }

  # google_secret_manager_secret_iam_member.account_creator_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      - etag      = "BwYX7taGc8Q=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[0] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYX7taGcnc=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[1] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYX7taGbkA=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev" -> null
    }

  # google_secret_manager_secret_iam_member.cipher_key_secret_access[2] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYX7taGay4=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev" -> null
    }

  # google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      - etag      = "BwYX7taGc3U=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[0] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYX7taGa3s=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[1] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYX7taGeoE=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev" -> null
    }

  # google_secret_manager_secret_iam_member.secret_share_secret_access[2] will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYX7taGeYs=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev" -> null
    }

  # google_service_account.service_account will be destroyed
  - resource "google_service_account" "service_account" {
      - account_id   = "mpc-recovery-dev-560" -> null
      - disabled     = false -> null
      - display_name = "MPC Recovery dev-560 Account" -> null
      - email        = "mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - id           = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member       = "serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - name         = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project      = "pagoda-discovery-platform-dev" -> null
      - unique_id    = "110438389102143614640" -> null
    }

  # google_service_account_iam_binding.serivce-account-iam will be destroyed
  - resource "google_service_account_iam_binding" "serivce-account-iam" {
      - etag               = "BwYVOO+eifY=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser" -> null
      - members            = [
          - "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com",
        ] -> null
      - role               = "roles/iam.serviceAccountUser" -> null
      - service_account_id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
    }

  # module.leader.google_cloud_run_v2_service.leader will be destroyed
  - resource "google_cloud_run_v2_service" "leader" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:48.753462Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-03T22:42:52.691176Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CMWK97AGEIC-t8IC/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1sZWFkZXItZGV2LTU2MA\"" -> null
      - generation              = "3" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560/revisions/mpc-recovery-leader-dev-560-00003-65k" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560/revisions/mpc-recovery-leader-dev-560-00003-65k" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-leader-dev-560" -> null
      - observed_generation     = "3" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:48.790871Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "7a6ca382-46a5-45bb-b5e8-3f91afd5e4f2" -> null
      - uri                     = "https://mpc-recovery-leader-dev-560-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-leader",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_SIGN_NODES" -> null
                  - value = "https://mpc-recovery-signer-0-dev-560-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-1-dev-560-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-2-dev-560-7tk2cmmtcq-ue.a.run.app" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_RPC" -> null
                  - value = "https://rpc.testnet.near.org" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT" -> null
                  - value = "testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ACCOUNT_CREATOR_ID" -> null
                  - value = "mpc-recovery-dev-creator.testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-560" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_ACCOUNT_CREATOR_SK" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-recovery-account-creator-sk-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "FAST_AUTH_PARTNERS" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-fast-auth-partners-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_OTLP_ENDPOINT" -> null
                  - value = "https://otel.dev.api.pagoda.co:443/v1/traces" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_OPENTELEMETRY_LEVEL" -> null
                  - value = "debug" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYVOPKj77c=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:27.262316Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-03T22:42:27.431089Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CLCK97AGEPDHn2I/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMC1kZXYtNTYw\"" -> null
      - generation              = "3" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560/revisions/mpc-recovery-signer-0-dev-560-00003-b78" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560/revisions/mpc-recovery-signer-0-dev-560-00003-b78" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-0-dev-560" -> null
      - observed_generation     = "3" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:27.326015Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "7f5491b4-49e6-4be0-8042-6e54a229c3b9" -> null
      - uri                     = "https://mpc-recovery-signer-0-dev-560-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "0" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-560" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-0-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-0-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYVOPEn3PI=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:28.070143Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-03T22:42:27.422259Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CLCK97AGENjxrEw/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMS1kZXYtNTYw\"" -> null
      - generation              = "3" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560/revisions/mpc-recovery-signer-1-dev-560-00003-vhm" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560/revisions/mpc-recovery-signer-1-dev-560-00003-vhm" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-1-dev-560" -> null
      - observed_generation     = "3" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:28.112247Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "7448efda-1087-4730-9844-cff2a60a8dde" -> null
      - uri                     = "https://mpc-recovery-signer-1-dev-560-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "1" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-560" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-1-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-1-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYVOPEjObA=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:30.085050Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-03T22:42:27.462407Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CLCK97AGEMiB80Y/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMi1kZXYtNTYw\"" -> null
      - generation              = "3" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560/revisions/mpc-recovery-signer-2-dev-560-00003-x8v" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560/revisions/mpc-recovery-signer-2-dev-560-00003-x8v" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-2-dev-560" -> null
      - observed_generation     = "3" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2024-04-16T00:24:30.121451Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "e96a3e59-34ba-412a-94df-68282c0b8292" -> null
      - uri                     = "https://mpc-recovery-signer-2-dev-560-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:d66fbee2d8717d4d4dfc7f0c65e987b50ed0782b" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "2" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-560" -> null
                }
              - env {
                  - name = "MPC_RECOVERY_CIPHER_KEY" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-cipher-2-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name = "MPC_RECOVERY_SK_SHARE" -> null

                  - value_source {
                      - secret_key_ref {
                          - secret  = "mpc-sk-share-2-dev" -> null
                          - version = "latest" -> null
                        }
                    }
                }
              - env {
                  - name  = "MPC_RECOVERY_JWT_SIGNATURE_PK_URL" -> null
                  - value = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }

          - vpc_access {
              - connector = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/dev-connector1" -> null
              - egress    = "PRIVATE_RANGES_ONLY" -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYVOPEmNXQ=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

Plan: 0 to add, 0 to change, 19 to destroy.

Changes to Outputs:
  - leader_node = "https://mpc-recovery-leader-dev-560-7tk2cmmtcq-ue.a.run.app" -> null
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560/roles/run.invoker/allUsers]
google_service_account_iam_binding.serivce-account-iam: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_project_iam_member.service-account-datastore-user: Destroying... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Destruction complete after 4s
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.leader.google_cloud_run_v2_service.leader: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-560]
google_project_iam_member.service-account-datastore-user: Destruction complete after 8s
module.leader.google_cloud_run_v2_service.leader: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-560, 10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Destruction complete after 10s
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560/roles/run.invoker/allUsers]
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-fast-auth-partners-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560/roles/run.invoker/allUsers]
google_secret_manager_secret_iam_member.account_creator_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s
google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destruction complete after 4s
module.signer[1].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-560]
module.signer[0].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-560]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 4s
google_secret_manager_secret_iam_member.account_creator_secret_access: Destruction complete after 4s
module.signer[2].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-560]
module.signer[1].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-560, 10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-560, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-560, 10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Destruction complete after 11s
module.signer[0].google_cloud_run_v2_service.signer: Destruction complete after 11s
module.signer[2].google_cloud_run_v2_service.signer: Destruction complete after 11s
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-sk-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_secret_manager_secret_iam_member.secret_share_secret_access[0]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[1]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[0]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[1]: Destruction complete after 4s
google_secret_manager_secret_iam_member.cipher_key_secret_access[2]: Destruction complete after 4s
google_secret_manager_secret_iam_member.secret_share_secret_access[2]: Destruction complete after 4s
google_service_account.service_account: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-560@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account.service_account: Destruction complete after 0s

Destroy complete! Resources: 19 destroyed.

Pusher: @ppca, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env (Destroy)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants