Develop -> Main #298

volovyks · 2023-09-21T16:12:50Z

No description provided.

* fn renamings

* logs added to cli

* add tracing-subscriber to integration test runner

* Added rogue key attack mitigation

* README updated, claim doc added * claim id token endpoint, request, responce, etc * fmt * basic claiming endpoint logic and integration tests added * fmt * clippy * clippy * fmt * fr test ignored * clippy * sha256 -> sha512 * sign node requests updated, signing code added in sign ndoe * digest used in signing node, unit tests added * front running integration test uncommented, errors fixed * fmt * fr test fixed * digest signature check added * clippy * TODOs updated * db code added (partially turned off) * tracing logs added to commit * sha256 * db fix * Ðutils tests extended * mpc_pk added to claiming responce * additional mpc_pk signature added * OidcDigest seiralization tests added * test_oidc_to_name test added * OidcDigest moved to it's own file * fmt * encode digest as hex * key checks added * Update mpc-recovery/src/primitives.rs Co-authored-by: Daniyar Itegulov <[email protected]> * some PR comments addressed --------- Co-authored-by: Daniyar Itegulov <[email protected]>

* outdated README info fixed * add_key replaced with sign (not tested) * README fix * adapt integration tests * README update * extended pk API (#192) * extended commit API * mpc pk endpoint used in it * user recovery pk used in tests * removed code duplication * recovery PK used in add_key, some tests fixed * tests fixed * get rid of account_lookup_url from TF * use info log level --------- Co-authored-by: Daniyar Itegulov <[email protected]>

* make proper status request to sandbox * ensure the network is created * use local address for relayer and sandbox * clarify CI workflow * print leader node logs * improve http response assertion * add logging to claim_oidc * appease clippy * get rid of ad-hoc up funding * wait until sandbox is ready * use xl runner * set higher timeout for slower machines * do not print logs by default

* outdated README info fixed * add_key replaced with sign (not tested) * README fix * adapt integration tests * README update * extended pk API (#192) * extended commit API * mpc pk endpoint used in it * user recovery pk used in tests * removed code duplication * recovery PK used in add_key, some tests fixed * tests fixed * frp parameters added to new endpoints * frp parameter added to new_account endpoint * clippy * type error fixed * oidc problem fixed * unused funtions deleted * REDME API docs updated * digest avlidation added to the signing node * frp pk added to README and structures * frp test extended * tests apdated * refactor frp test to be a little simpler * preserve sign node status code response * appease clippy * protected acc credentials (unfinished) (#204) * protected acc credentials (unfinished) * fake signature used in new_acc request * FRP user_credentials check turned off * oidc error fixed * oidc protection turned on for sign plus tests * clippy * claiming bug fixed * negative claiming test added * oidc not claimed handled as unauthorized * clippy * test fix --------- Co-authored-by: Daniyar Itegulov <[email protected]>

* tie docker image tags to git commit hash * ensure terraform workflows wait for lock * use external scripts to get git sha

* disclaimer about leader node added * FRP turned on for user credentials

* add and delete key whitelisted * Preventing recovery key deletion (#214) * preventing recovery key deletion * user credentials digest passed to the sign endpoint

* tmp * tmp2 * Added CLI::rotate_sign_node_keys & moved rotate_cipher * Fixed import * Added test for rotating node keys * Added further to test * Cleanup & Clippy * Remove dead code * Cleanup deps * remove dead code * Cleanup tests * clippy * Fix incorrect address for macos * Clippy

* tmp * tmp2 * Added CLI::rotate_sign_node_keys & moved rotate_cipher * Fixed import * Added test for rotating node keys * Added further to test * Cleanup & Clippy * Remove dead code * Cleanup deps * remove dead code * Cleanup tests * clippy * Fix incorrect address for macos * Clippy * Moved test functions over to mod.rs * Cleanup test_basic_front_running_protection * Cleanup test_random_recovery_keys * Cleanup negative_front_running_protection * clippy

* tmp * tmp2 * Added CLI::rotate_sign_node_keys & moved rotate_cipher * Fixed import * Added test for rotating node keys * Added further to test * Cleanup & Clippy * Remove dead code * Cleanup deps * remove dead code * Cleanup tests * clippy * Fix incorrect address for macos * Clippy * Moved test functions over to mod.rs * Cleanup test_basic_front_running_protection * Cleanup test_random_recovery_keys * Cleanup negative_front_running_protection * clippy * Cleanup some unnecessary clones * Remove unnecessary clones for sign_request_digest * Remove unnecessary clones for user_credentials_request_digest * Remove clone on to_string()s * Cleanup clones for .user_credentials_with_helper * Remove clone on new_account_with_helper * Cleanup clones for add_key * Cleanup misc clones * One less clone * Moved test functions over to mod.rs * Cleanup test_basic_front_running_protection * Cleanup test_random_recovery_keys * Cleanup negative_front_running_protection * clippy * Another clone cleanup * Even less clones now * Simplify call site for clones * clippy

* do not throw error when claiming the same pair of key and id token * claiming of the same token with another key prevented * usage of wrong sk prevented * clippy * old TODO deleted * clippy * typo

* Update deps * Handle json serialization error w/ StatusCode and error message * Fmt

* Make OidcVerificationFail unauthorized * Fix incorrect status code

* Make new_account request take AccountId * Correct status codes * Added FRP check to leader node side * Add comment * chore: update pk in req (#274) * Make MpcPkResponse use PublicKey type * Make FRP pk use PublicKey type over String * Make NewAccountResponse use PublicKey type over String

* 500 error messages hiden * erro codes tuned

* No longer supplying audience when verifying OIDC tokens * Cleanup OIDC decoding * Fix test * Added Firewall for protecting against unauthorized audience and issuer * Fix integration tests * Try fix infra/terraform * Try fix terraform * Fmt * Renamed allowlist to allowed oidc providers * Fix terraform * EOF * More terraform fix * Fixing format * Try terraform * Try diff terraform type

* get_delete_key_delegate_action moved to utils * get_add_key_delegate_action moved to utils * redundant get_add_key_delegate_action deleted * redundant get_key_info_with_helper deleted * TODOs, function renamed * sign_helper used in add key and delete key

Added two new templates as per standard process.

Updated tasklist in Epic, not formatted correctly.

* relayer url and api_key moved to the partner struct, refactoring * relayer set in tfvars * terraform parameter renamed * signing nodes accepts only oidc_providers

Added Epic Icon

* Rebase off of latest relayer * NUM_KEYS set to 1 --------- Co-authored-by: Serhii Volovyk <[email protected]>

* atomic account creation tests * register_account_atomic (broken) * Rebase off of latest relayer * NUM_KEYS set to 1 * atomic url fixed * return type in atomic acc creation fixed * atomic acc creation status error fxed --------- Co-authored-by: Phuong Nguyen <[email protected]>

* feat: terraform configuration (#170) * feat: add terraform module for partners (#294) * redundant variables deleted * terraform fmt * redundant parameters deleted * lookup_url deleted from setup * fmt * redundant dep deleted * duplicated service-account-datastore-user deleted * unused terraform value firebase_audience_id deleted * terraform fmt --------- Co-authored-by: Daniyar Itegulov <[email protected]> Co-authored-by: DavidM-D <[email protected]> Co-authored-by: Phuong Nguyen <[email protected]>

itegulov · 2023-09-21T16:50:29Z

Godspeed resolving all the conflicts and make sure you don’t squash when you merge this!

git fix

github-actions · 2023-09-21T18:28:14Z

Terraform Dev Environment

Terraform Format and Style 🖌`success`

Format Check Output

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Validation Output


Success! The configuration is valid.

Terraform Plan 📖`success`

Show Plan


Acquiring state lock. This may take a few moments...
data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_artifact_registry_repository.mpc_recovery: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
docker_image.mpc_recovery: Refreshing state... [id=sha256:c4732880f8b10aff10a33e5ffe3bacfb82e9a54d721081d5b25df43508374874us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea]
docker_registry_image.mpc_recovery: Refreshing state... [id=sha256:a338a1ccbd211956edd6a9b4679704b4a65c10f00f7d2957cf16fc7a493def9c]
module.signer[1].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev]
module.signer[0].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev]
module.signer[0].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev]
module.signer[2].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev]
module.signer[2].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev]
module.signer[1].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev]
module.signer[0].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev]
module.signer[2].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev]
module.signer[1].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev]
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev/versions/1]
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev/versions/1]
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev/versions/1]
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev/versions/1]
module.signer[2].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-2-dev/versions/1]
module.signer[0].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-0-dev/versions/1]
module.signer[1].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-1-dev/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev/roles/run.invoker/allUsers]
module.leader.google_secret_manager_secret.account_creator_sk: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev]
module.leader.google_secret_manager_secret.fast_auth_partners: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev]
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev/versions/2]
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/versions/1]
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev/roles/run.invoker/allUsers]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # docker_image.mpc_recovery has been deleted
  - resource "docker_image" "mpc_recovery" {
        id       = "sha256:c4732880f8b10aff10a33e5ffe3bacfb82e9a54d721081d5b25df43508374874us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea"
      - name     = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea" -> null
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

  # module.signer[2].google_cloud_run_v2_service.signer has changed
  ~ resource "google_cloud_run_v2_service" "signer" {
      ~ conditions              = [
          ~ {
              ~ last_transition_time = "2023-09-21T16:26:26.952059Z" -> "2023-09-21T16:26:33.149067Z"
              ~ message              = "Assigning traffic to latest specified targets." -> ""
              ~ reason               = "INTERNAL" -> ""
              ~ state                = "CONDITION_RECONCILING" -> "CONDITION_SUCCEEDED"
                # (4 unchanged attributes hidden)
            },
            {
                execution_reason     = ""
                last_transition_time = "2023-09-21T16:26:19.995263Z"
                message              = ""
                reason               = ""
                revision_reason      = ""
                severity             = ""
                state                = "CONDITION_SUCCEEDED"
                type                 = "ConfigurationsReady"
            },
        ]
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev"
        name                    = "mpc-recovery-signer-2-dev"
      ~ reconciling             = true -> false
      ~ terminal_condition      = [
          ~ {
              ~ last_transition_time = "2023-09-21T16:26:26.952059Z" -> "2023-09-21T16:26:33.076729Z"
              ~ message              = "Assigning traffic to latest specified targets." -> ""
              ~ reason               = "INTERNAL" -> ""
              ~ state                = "CONDITION_RECONCILING" -> "CONDITION_SUCCEEDED"
                # (4 unchanged attributes hidden)
            },
        ]
        # (14 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # docker_image.mpc_recovery will be created
  + resource "docker_image" "mpc_recovery" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:f2588cc5086ca94366b098437b4be2cf6b13b78f"
      + repo_digest = (known after apply)

      + build {
          + cache_from   = []
          + context      = "/home/runner/work/mpc-recovery/mpc-recovery/infra/.."
          + dockerfile   = "Dockerfile"
          + extra_hosts  = []
          + remove       = true
          + security_opt = []
          + tag          = []
        }
    }

  # docker_registry_image.mpc_recovery must be replaced
-/+ resource "docker_registry_image" "mpc_recovery" {
      ~ id                   = "sha256:a338a1ccbd211956edd6a9b4679704b4a65c10f00f7d2957cf16fc7a493def9c" -> (known after apply)
      ~ name                 = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:f2588cc5086ca94366b098437b4be2cf6b13b78f" # forces replacement
      ~ sha256_digest        = "sha256:a338a1ccbd211956edd6a9b4679704b4a65c10f00f7d2957cf16fc7a493def9c" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

  # module.leader.google_cloud_run_v2_service.leader will be updated in-place
  ~ resource "google_cloud_run_v2_service" "leader" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev"
        name                    = "mpc-recovery-leader-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:f2588cc5086ca94366b098437b4be2cf6b13b78f"
                # (2 unchanged attributes hidden)

                # (11 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev"
        name                    = "mpc-recovery-signer-0-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:f2588cc5086ca94366b098437b4be2cf6b13b78f"
                # (2 unchanged attributes hidden)

                # (8 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev"
        name                    = "mpc-recovery-signer-1-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:f2588cc5086ca94366b098437b4be2cf6b13b78f"
                # (2 unchanged attributes hidden)

                # (8 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be updated in-place
  ~ resource "google_cloud_run_v2_service" "signer" {
        id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev"
        name                    = "mpc-recovery-signer-2-dev"
        # (17 unchanged attributes hidden)

      ~ template {
            # (6 unchanged attributes hidden)

          ~ containers {
              ~ image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:a4a08255c65beb82559fb7b76b8e36217389ecea" -> "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev/mpc-recovery-dev:f2588cc5086ca94366b098437b4be2cf6b13b78f"
                # (2 unchanged attributes hidden)

                # (8 unchanged blocks hidden)
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 2 to add, 4 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @volovyks, Action: pull_request, Working Directory: ``, Workflow: Terraform Dev

github-actions · 2023-09-21T18:42:30Z

Terraform Feature Environment (dev-298)

Terraform Initialization ⚙️`success`

Terraform Apply `success`

Show Apply Plan


data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # docker_image.mpc_recovery will be created
  + resource "docker_image" "mpc_recovery" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = (known after apply)
      + repo_digest = (known after apply)

      + build {
          + cache_from   = []
          + context      = "/home/runner/work/mpc-recovery/mpc-recovery/infra/.."
          + dockerfile   = "Dockerfile"
          + extra_hosts  = []
          + remove       = true
          + security_opt = []
          + tag          = []
        }
    }

  # docker_registry_image.mpc_recovery will be created
  + resource "docker_registry_image" "mpc_recovery" {
      + id                   = (known after apply)
      + insecure_skip_verify = false
      + keep_remotely        = true
      + name                 = (known after apply)
      + sha256_digest        = (known after apply)
    }

  # google_artifact_registry_repository.mpc_recovery will be created
  + resource "google_artifact_registry_repository" "mpc_recovery" {
      + create_time   = (known after apply)
      + format        = "DOCKER"
      + id            = (known after apply)
      + location      = (known after apply)
      + mode          = "STANDARD_REPOSITORY"
      + name          = (known after apply)
      + project       = (known after apply)
      + repository_id = "mpc-recovery-dev-298"
      + update_time   = (known after apply)
    }

  # google_project_iam_member.service-account-datastore-user will be created
  + resource "google_project_iam_member" "service-account-datastore-user" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = (known after apply)
      + project = "pagoda-discovery-platform-dev"
      + role    = "roles/datastore.user"
    }

  # google_service_account.service_account will be created
  + resource "google_service_account" "service_account" {
      + account_id   = "mpc-recovery-dev-298"
      + disabled     = false
      + display_name = "MPC Recovery dev-298 Account"
      + email        = (known after apply)
      + id           = (known after apply)
      + member       = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # google_service_account_iam_binding.serivce-account-iam will be created
  + resource "google_service_account_iam_binding" "serivce-account-iam" {
      + etag               = (known after apply)
      + id                 = (known after apply)
      + members            = [
          + "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com",
        ]
      + role               = "roles/iam.serviceAccountUser"
      + service_account_id = (known after apply)
    }

  # module.leader.google_cloud_run_v2_service.leader will be created
  + resource "google_cloud_run_v2_service" "leader" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-leader-dev-298"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-leader",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_SIGN_NODES"
                  + value = (known after apply)
                }
              + env {
                  + name  = "MPC_RECOVERY_NEAR_RPC"
                  + value = "https://rpc.testnet.near.org"
                }
              + env {
                  + name  = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT"
                  + value = "testnet"
                }
              + env {
                  + name  = "MPC_RECOVERY_ACCOUNT_CREATOR_ID"
                  + value = "tmp_acount_creator.serhii.testnet"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-298"
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-leader-dev-298"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.leader.google_secret_manager_secret.account_creator_sk will be created
  + resource "google_secret_manager_secret" "account_creator_sk" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-account-creator-sk-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.leader.google_secret_manager_secret.fast_auth_partners will be created
  + resource "google_secret_manager_secret" "fast_auth_partners" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-allowed-oidc-providers-leader-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.leader.google_secret_manager_secret_version.account_creator_sk_data will be created
  + resource "google_secret_manager_secret_version" "account_creator_sk_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.leader.google_secret_manager_secret_version.fast_auth_partners_data will be created
  + resource "google_secret_manager_secret_version" "fast_auth_partners_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be created
  + resource "google_cloud_run_v2_service" "signer" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-signer-0-dev-298"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-sign",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_NODE_ID"
                  + value = "0"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-298"
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-signer-0-dev-298"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.signer[0].google_secret_manager_secret.cipher_key will be created
  + resource "google_secret_manager_secret" "cipher_key" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-encryption-cipher-0-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[0].google_secret_manager_secret.oidc_providers will be created
  + resource "google_secret_manager_secret" "oidc_providers" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-allowed-oidc-providers-0-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[0].google_secret_manager_secret.secret_share will be created
  + resource "google_secret_manager_secret" "secret_share" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-secret-share-0-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[0].google_secret_manager_secret_version.cipher_key_data will be created
  + resource "google_secret_manager_secret_version" "cipher_key_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[0].google_secret_manager_secret_version.oidc_providers_data will be created
  + resource "google_secret_manager_secret_version" "oidc_providers_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[0].google_secret_manager_secret_version.secret_share_data will be created
  + resource "google_secret_manager_secret_version" "secret_share_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be created
  + resource "google_cloud_run_v2_service" "signer" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-signer-1-dev-298"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-sign",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_NODE_ID"
                  + value = "1"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-298"
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-signer-1-dev-298"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.signer[1].google_secret_manager_secret.cipher_key will be created
  + resource "google_secret_manager_secret" "cipher_key" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-encryption-cipher-1-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[1].google_secret_manager_secret.oidc_providers will be created
  + resource "google_secret_manager_secret" "oidc_providers" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-allowed-oidc-providers-1-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[1].google_secret_manager_secret.secret_share will be created
  + resource "google_secret_manager_secret" "secret_share" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-secret-share-1-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[1].google_secret_manager_secret_version.cipher_key_data will be created
  + resource "google_secret_manager_secret_version" "cipher_key_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[1].google_secret_manager_secret_version.oidc_providers_data will be created
  + resource "google_secret_manager_secret_version" "oidc_providers_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[1].google_secret_manager_secret_version.secret_share_data will be created
  + resource "google_secret_manager_secret_version" "secret_share_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be created
  + resource "google_cloud_run_v2_service" "signer" {
      + conditions              = (known after apply)
      + etag                    = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "us-east1"
      + name                    = "mpc-recovery-signer-2-dev-298"
      + observed_generation     = (known after apply)
      + project                 = (known after apply)
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + uri                     = (known after apply)

      + template {
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = (known after apply)
          + timeout                          = (known after apply)

          + containers {
              + args  = [
                  + "start-sign",
                ]
              + image = (known after apply)

              + env {
                  + name  = "MPC_RECOVERY_WEB_PORT"
                  + value = "3000"
                }
              + env {
                  + name  = "MPC_RECOVERY_NODE_ID"
                  + value = "2"
                }
              + env {
                  + name  = "MPC_RECOVERY_GCP_PROJECT_ID"
                  + value = "pagoda-discovery-platform-dev"
                }
              + env {
                  + name  = "MPC_RECOVERY_ENV"
                  + value = "dev-298"
                }
              + env {
                  + name  = "RUST_LOG"
                  + value = "mpc_recovery=debug"
                }

              + ports {
                  + container_port = 3000
                  + name           = (known after apply)
                }

              + resources {
                  + cpu_idle = false
                  + limits   = {
                      + "cpu"    = "2"
                      + "memory" = "2Gi"
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 1
            }
        }
    }

  # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be created
  + resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "us-east1"
      + member   = "allUsers"
      + name     = "mpc-recovery-signer-2-dev-298"
      + project  = (known after apply)
      + role     = "roles/run.invoker"
    }

  # module.signer[2].google_secret_manager_secret.cipher_key will be created
  + resource "google_secret_manager_secret" "cipher_key" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-encryption-cipher-2-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[2].google_secret_manager_secret.oidc_providers will be created
  + resource "google_secret_manager_secret" "oidc_providers" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-allowed-oidc-providers-2-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[2].google_secret_manager_secret.secret_share will be created
  + resource "google_secret_manager_secret" "secret_share" {
      + create_time = (known after apply)
      + expire_time = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = (known after apply)
      + secret_id   = "mpc-recovery-secret-share-2-dev-298"

      + replication {
          + automatic = true
        }
    }

  # module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access will be created
  + resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = (known after apply)
      + project   = (known after apply)
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = (known after apply)
    }

  # module.signer[2].google_secret_manager_secret_version.cipher_key_data will be created
  + resource "google_secret_manager_secret_version" "cipher_key_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[2].google_secret_manager_secret_version.oidc_providers_data will be created
  + resource "google_secret_manager_secret_version" "oidc_providers_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

  # module.signer[2].google_secret_manager_secret_version.secret_share_data will be created
  + resource "google_secret_manager_secret_version" "secret_share_data" {
      + create_time  = (known after apply)
      + destroy_time = (known after apply)
      + enabled      = true
      + id           = (known after apply)
      + name         = (known after apply)
      + secret       = (known after apply)
      + secret_data  = (sensitive value)
      + version      = (known after apply)
    }

Plan: 47 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + leader_node = (known after apply)
google_service_account.service_account: Creating...
google_artifact_registry_repository.mpc_recovery: Creating...
google_service_account.service_account: Creation complete after 1s [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Creating...
google_project_iam_member.service-account-datastore-user: Creating...
google_service_account_iam_binding.serivce-account-iam: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_project_iam_member.service-account-datastore-user: Creation complete after 8s [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_artifact_registry_repository.mpc_recovery: Still creating... [10s elapsed]
google_artifact_registry_repository.mpc_recovery: Creation complete after 10s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-298]
docker_image.mpc_recovery: Creating...
docker_image.mpc_recovery: Still creating... [10s elapsed]
docker_image.mpc_recovery: Still creating... [20s elapsed]
docker_image.mpc_recovery: Still creating... [30s elapsed]
docker_image.mpc_recovery: Still creating... [40s elapsed]
docker_image.mpc_recovery: Still creating... [50s elapsed]
docker_image.mpc_recovery: Still creating... [1m0s elapsed]
docker_image.mpc_recovery: Still creating... [1m10s elapsed]
docker_image.mpc_recovery: Still creating... [1m20s elapsed]
docker_image.mpc_recovery: Still creating... [1m30s elapsed]
docker_image.mpc_recovery: Still creating... [1m40s elapsed]
docker_image.mpc_recovery: Still creating... [1m50s elapsed]
docker_image.mpc_recovery: Still creating... [2m0s elapsed]
docker_image.mpc_recovery: Still creating... [2m10s elapsed]
docker_image.mpc_recovery: Still creating... [2m20s elapsed]
docker_image.mpc_recovery: Still creating... [2m30s elapsed]
docker_image.mpc_recovery: Still creating... [2m40s elapsed]
docker_image.mpc_recovery: Still creating... [2m50s elapsed]
docker_image.mpc_recovery: Still creating... [3m0s elapsed]
docker_image.mpc_recovery: Still creating... [3m10s elapsed]
docker_image.mpc_recovery: Still creating... [3m20s elapsed]
docker_image.mpc_recovery: Still creating... [3m30s elapsed]
docker_image.mpc_recovery: Still creating... [3m40s elapsed]
docker_image.mpc_recovery: Still creating... [3m50s elapsed]
docker_image.mpc_recovery: Still creating... [4m0s elapsed]
docker_image.mpc_recovery: Still creating... [4m10s elapsed]
docker_image.mpc_recovery: Still creating... [4m20s elapsed]
docker_image.mpc_recovery: Still creating... [4m30s elapsed]
docker_image.mpc_recovery: Still creating... [4m40s elapsed]
docker_image.mpc_recovery: Still creating... [4m50s elapsed]
docker_image.mpc_recovery: Still creating... [5m0s elapsed]
docker_image.mpc_recovery: Still creating... [5m10s elapsed]
docker_image.mpc_recovery: Still creating... [5m20s elapsed]
docker_image.mpc_recovery: Still creating... [5m30s elapsed]
docker_image.mpc_recovery: Still creating... [5m40s elapsed]
docker_image.mpc_recovery: Still creating... [5m50s elapsed]
docker_image.mpc_recovery: Still creating... [6m0s elapsed]
docker_image.mpc_recovery: Still creating... [6m10s elapsed]
docker_image.mpc_recovery: Still creating... [6m20s elapsed]
docker_image.mpc_recovery: Still creating... [6m30s elapsed]
docker_image.mpc_recovery: Still creating... [6m40s elapsed]
docker_image.mpc_recovery: Still creating... [6m50s elapsed]
docker_image.mpc_recovery: Still creating... [7m0s elapsed]
docker_image.mpc_recovery: Still creating... [7m10s elapsed]
docker_image.mpc_recovery: Still creating... [7m20s elapsed]
docker_image.mpc_recovery: Still creating... [7m30s elapsed]
docker_image.mpc_recovery: Still creating... [7m40s elapsed]
docker_image.mpc_recovery: Still creating... [7m50s elapsed]
docker_image.mpc_recovery: Still creating... [8m0s elapsed]
docker_image.mpc_recovery: Still creating... [8m10s elapsed]
docker_image.mpc_recovery: Still creating... [8m20s elapsed]
docker_image.mpc_recovery: Still creating... [8m30s elapsed]
docker_image.mpc_recovery: Still creating... [8m40s elapsed]
docker_image.mpc_recovery: Still creating... [8m50s elapsed]
docker_image.mpc_recovery: Still creating... [9m0s elapsed]
docker_image.mpc_recovery: Still creating... [9m10s elapsed]
docker_image.mpc_recovery: Still creating... [9m20s elapsed]
docker_image.mpc_recovery: Still creating... [9m30s elapsed]
docker_image.mpc_recovery: Still creating... [9m40s elapsed]
docker_image.mpc_recovery: Still creating... [9m50s elapsed]
docker_image.mpc_recovery: Still creating... [10m0s elapsed]
docker_image.mpc_recovery: Still creating... [10m10s elapsed]
docker_image.mpc_recovery: Still creating... [10m20s elapsed]
docker_image.mpc_recovery: Still creating... [10m31s elapsed]
docker_image.mpc_recovery: Still creating... [10m41s elapsed]
docker_image.mpc_recovery: Still creating... [10m51s elapsed]
docker_image.mpc_recovery: Still creating... [11m1s elapsed]
docker_image.mpc_recovery: Still creating... [11m11s elapsed]
docker_image.mpc_recovery: Still creating... [11m21s elapsed]
docker_image.mpc_recovery: Still creating... [11m31s elapsed]
docker_image.mpc_recovery: Still creating... [11m41s elapsed]
docker_image.mpc_recovery: Still creating... [11m51s elapsed]
docker_image.mpc_recovery: Still creating... [12m1s elapsed]
docker_image.mpc_recovery: Still creating... [12m11s elapsed]
docker_image.mpc_recovery: Still creating... [12m21s elapsed]
docker_image.mpc_recovery: Still creating... [12m31s elapsed]
docker_image.mpc_recovery: Still creating... [12m41s elapsed]
docker_image.mpc_recovery: Still creating... [12m51s elapsed]
docker_image.mpc_recovery: Still creating... [13m1s elapsed]
docker_image.mpc_recovery: Creation complete after 13m7s [id=sha256:7a3511677cebbeac60fb33ba12ecb2b7ec5a91991bacff491f1597f03ee77576us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f]
docker_registry_image.mpc_recovery: Creating...
docker_registry_image.mpc_recovery: Creation complete after 8s [id=sha256:2adc06360799bee871cf484711d97cac613ae83169f84bc078b0c99a5f8f21f9]
module.signer[0].google_secret_manager_secret.oidc_providers: Creating...
module.signer[0].google_secret_manager_secret.cipher_key: Creating...
module.signer[1].google_secret_manager_secret.secret_share: Creating...
module.signer[0].google_secret_manager_secret.secret_share: Creating...
module.signer[1].google_secret_manager_secret.oidc_providers: Creating...
module.signer[1].google_secret_manager_secret.cipher_key: Creating...
module.signer[2].google_secret_manager_secret.cipher_key: Creating...
module.signer[2].google_secret_manager_secret.secret_share: Creating...
module.signer[2].google_secret_manager_secret.oidc_providers: Creating...
module.signer[1].google_secret_manager_secret.oidc_providers: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298]
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Creating...
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creating...
module.signer[2].google_secret_manager_secret.secret_share: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298]
module.signer[2].google_secret_manager_secret_version.secret_share_data: Creating...
module.signer[2].google_secret_manager_secret.cipher_key: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298]
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Creating...
module.signer[0].google_secret_manager_secret.secret_share: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298]
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Creating...
module.signer[0].google_secret_manager_secret.cipher_key: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298]
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Creating...
module.signer[1].google_secret_manager_secret.cipher_key: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298]
module.signer[0].google_secret_manager_secret.oidc_providers: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298]
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Creating...
module.signer[0].google_secret_manager_secret_version.secret_share_data: Creating...
module.signer[2].google_secret_manager_secret.oidc_providers: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298]
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Creating...
module.signer[1].google_secret_manager_secret.secret_share: Creation complete after 0s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298]
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Creating...
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Creating...
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Creating...
module.signer[0].google_secret_manager_secret_version.secret_share_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Creating...
module.signer[2].google_secret_manager_secret_version.secret_share_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creating...
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Creating...
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creating...
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Creating...
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_version.secret_share_data: Creating...
module.signer[1].google_secret_manager_secret_version.secret_share_data: Creation complete after 1s [id=projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Creation complete after 5s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creation complete after 5s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_cloud_run_v2_service.signer: Creating...
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_cloud_run_v2_service.signer: Creating...
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Still creating... [10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Still creating... [10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.signer[2].google_cloud_run_v2_service.signer: Still creating... [10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Creation complete after 17s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_cloud_run_v2_service.signer: Creating...
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service.signer: Still creating... [10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Creation complete after 11s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298/roles/run.invoker/allUsers]
module.leader.google_secret_manager_secret.account_creator_sk: Creating...
module.leader.google_secret_manager_secret.fast_auth_partners: Creating...
module.leader.google_secret_manager_secret.fast_auth_partners: Creation complete after 1s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298]
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Creating...
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Creating...
module.leader.google_secret_manager_secret.account_creator_sk: Creation complete after 1s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298]
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Creating...
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Creating...
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Creation complete after 0s [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/versions/1]
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Creation complete after 0s [id=projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298/versions/1]
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Creation complete after 4s [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_cloud_run_v2_service.leader: Creating...
module.leader.google_cloud_run_v2_service.leader: Still creating... [10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Creation complete after 10s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Creating...
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Creation complete after 5s [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298/roles/run.invoker/allUsers]

Apply complete! Resources: 47 added, 0 changed, 0 destroyed.

Outputs:

leader_node = "https://mpc-recovery-leader-dev-298-7tk2cmmtcq-ue.a.run.app"

Pusher: @volovyks, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env

URL: https://mpc-recovery-leader-dev-298-7tk2cmmtcq-ue.a.run.app

github-actions · 2023-09-21T18:59:23Z

Terraform Feature Environment Destroy (dev-298)

Terraform Initialization ⚙️`success`

Terraform Destroy `success`

Show Destroy Plan


data.external.git_checkout: Reading...
data.external.git_checkout: Read complete after 0s [id=-]
google_service_account.service_account: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_artifact_registry_repository.mpc_recovery: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-298]
google_project_iam_member.service-account-datastore-user: Refreshing state... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
google_service_account_iam_binding.serivce-account-iam: Refreshing state... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
docker_image.mpc_recovery: Refreshing state... [id=sha256:7a3511677cebbeac60fb33ba12ecb2b7ec5a91991bacff491f1597f03ee77576us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f]
docker_registry_image.mpc_recovery: Refreshing state... [id=sha256:2adc06360799bee871cf484711d97cac613ae83169f84bc078b0c99a5f8f21f9]
module.signer[2].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298]
module.signer[1].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298]
module.signer[2].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298]
module.signer[0].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298]
module.signer[0].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298]
module.signer[1].google_secret_manager_secret.cipher_key: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298]
module.signer[1].google_secret_manager_secret.secret_share: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298]
module.signer[0].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298]
module.signer[2].google_secret_manager_secret.oidc_providers: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298]
module.signer[1].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_version.secret_share_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298]
module.signer[2].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298]
module.signer[0].google_cloud_run_v2_service.signer: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298/roles/run.invoker/allUsers]
module.leader.google_secret_manager_secret.fast_auth_partners: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298]
module.leader.google_secret_manager_secret.account_creator_sk: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298]
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/versions/1]
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Refreshing state... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Refreshing state... [id=projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298/versions/1]
module.leader.google_cloud_run_v2_service.leader: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Refreshing state... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298/roles/run.invoker/allUsers]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # docker_registry_image.mpc_recovery will be destroyed
  - resource "docker_registry_image" "mpc_recovery" {
      - id                   = "sha256:2adc06360799bee871cf484711d97cac613ae83169f84bc078b0c99a5f8f21f9" -> null
      - insecure_skip_verify = false -> null
      - keep_remotely        = true -> null
      - name                 = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f" -> null
      - sha256_digest        = "sha256:2adc06360799bee871cf484711d97cac613ae83169f84bc078b0c99a5f8f21f9" -> null
    }

  # google_artifact_registry_repository.mpc_recovery will be destroyed
  - resource "google_artifact_registry_repository" "mpc_recovery" {
      - create_time   = "2023-09-21T18:28:10.694336Z" -> null
      - format        = "DOCKER" -> null
      - id            = "projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-298" -> null
      - labels        = {} -> null
      - location      = "us-east1" -> null
      - mode          = "STANDARD_REPOSITORY" -> null
      - name          = "mpc-recovery-dev-298" -> null
      - project       = "pagoda-discovery-platform-dev" -> null
      - repository_id = "mpc-recovery-dev-298" -> null
      - update_time   = "2023-09-21T18:28:10.694336Z" -> null
    }

  # google_project_iam_member.service-account-datastore-user will be destroyed
  - resource "google_project_iam_member" "service-account-datastore-user" {
      - etag    = "BwYF4qe8YMk=" -> null
      - id      = "pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member  = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project = "pagoda-discovery-platform-dev" -> null
      - role    = "roles/datastore.user" -> null
    }

  # google_service_account.service_account will be destroyed
  - resource "google_service_account" "service_account" {
      - account_id   = "mpc-recovery-dev-298" -> null
      - disabled     = false -> null
      - display_name = "MPC Recovery dev-298 Account" -> null
      - email        = "mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - id           = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member       = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - name         = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project      = "pagoda-discovery-platform-dev" -> null
      - unique_id    = "104435682881542603087" -> null
    }

  # google_service_account_iam_binding.serivce-account-iam will be destroyed
  - resource "google_service_account_iam_binding" "serivce-account-iam" {
      - etag               = "BwYF4qeD2DY=" -> null
      - id                 = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser" -> null
      - members            = [
          - "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com",
        ] -> null
      - role               = "roles/iam.serviceAccountUser" -> null
      - service_account_id = "projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
    }

  # module.leader.google_cloud_run_v2_service.leader will be destroyed
  - resource "google_cloud_run_v2_service" "leader" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:42:22.856017Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:42:14.313806Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CIadsqgGEOiu-yY/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1sZWFkZXItZGV2LTI5OA\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298/revisions/mpc-recovery-leader-dev-298-00001-6fj" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298/revisions/mpc-recovery-leader-dev-298-00001-6fj" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-leader-dev-298" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:42:22.856017Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "b9d3113e-0d17-48cc-bf6c-3bb8b8c8a4d2" -> null
      - uri                     = "https://mpc-recovery-leader-dev-298-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-leader",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_SIGN_NODES" -> null
                  - value = "https://mpc-recovery-signer-0-dev-298-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-1-dev-298-7tk2cmmtcq-ue.a.run.app,https://mpc-recovery-signer-2-dev-298-7tk2cmmtcq-ue.a.run.app" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_RPC" -> null
                  - value = "https://rpc.testnet.near.org" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NEAR_ROOT_ACCOUNT" -> null
                  - value = "testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ACCOUNT_CREATOR_ID" -> null
                  - value = "tmp_acount_creator.serhii.testnet" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-298" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.leader.google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYF4tphz1U=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.leader.google_secret_manager_secret.account_creator_sk will be destroyed
  - resource "google_secret_manager_secret" "account_creator_sk" {
      - create_time = "2023-09-21T18:42:09.659025Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-account-creator-sk-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.leader.google_secret_manager_secret.fast_auth_partners will be destroyed
  - resource "google_secret_manager_secret" "fast_auth_partners" {
      - create_time = "2023-09-21T18:42:09.577992Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-leader-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "account_creator_secret_access" {
      - etag      = "BwYF4tmCsng=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298" -> null
    }

  # module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_access" {
      - etag      = "BwYF4tmBRLM=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298" -> null
    }

  # module.leader.google_secret_manager_secret_version.account_creator_sk_data will be destroyed
  - resource "google_secret_manager_secret_version" "account_creator_sk_data" {
      - create_time = "2023-09-21T18:42:10.097640Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.leader.google_secret_manager_secret_version.fast_auth_partners_data will be destroyed
  - resource "google_secret_manager_secret_version" "fast_auth_partners_data" {
      - create_time = "2023-09-21T18:42:09.991040Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[0].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:46.369972Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:40.700024Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"COScsqgGEPDF8OAB/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMC1kZXYtMjk4\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298/revisions/mpc-recovery-signer-0-dev-298-00001-5gs" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298/revisions/mpc-recovery-signer-0-dev-298-00001-5gs" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-0-dev-298" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:46.369972Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "d5228b66-e6d1-4a0f-9caa-eb558325a6a3" -> null
      - uri                     = "https://mpc-recovery-signer-0-dev-298-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "0" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-298" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[0].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYF4thifis=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[0].google_secret_manager_secret.cipher_key will be destroyed
  - resource "google_secret_manager_secret" "cipher_key" {
      - create_time = "2023-09-21T18:41:35.148133Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-encryption-cipher-0-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[0].google_secret_manager_secret.oidc_providers will be destroyed
  - resource "google_secret_manager_secret" "oidc_providers" {
      - create_time = "2023-09-21T18:41:35.160289Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-0-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[0].google_secret_manager_secret.secret_share will be destroyed
  - resource "google_secret_manager_secret" "secret_share" {
      - create_time = "2023-09-21T18:41:35.162491Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-secret-share-0-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYF4td0FG4=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298" -> null
    }

  # module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYF4teB1nk=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298" -> null
    }

  # module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYF4tdz99k=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298" -> null
    }

  # module.signer[0].google_secret_manager_secret_version.cipher_key_data will be destroyed
  - resource "google_secret_manager_secret_version" "cipher_key_data" {
      - create_time = "2023-09-21T18:41:35.833193Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[0].google_secret_manager_secret_version.oidc_providers_data will be destroyed
  - resource "google_secret_manager_secret_version" "oidc_providers_data" {
      - create_time = "2023-09-21T18:41:36.400603Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[0].google_secret_manager_secret_version.secret_share_data will be destroyed
  - resource "google_secret_manager_secret_version" "secret_share_data" {
      - create_time = "2023-09-21T18:41:35.770776Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[1].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:42:01.768694Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:54.861953Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"CPKcsqgGELjFl4kC/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMS1kZXYtMjk4\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298/revisions/mpc-recovery-signer-1-dev-298-00001-7ft" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298/revisions/mpc-recovery-signer-1-dev-298-00001-7ft" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-1-dev-298" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:42:01.768694Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "9399abde-484f-446f-a3f5-cccfe2c73106" -> null
      - uri                     = "https://mpc-recovery-signer-1-dev-298-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "1" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-298" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[1].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYF4tk7rmo=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[1].google_secret_manager_secret.cipher_key will be destroyed
  - resource "google_secret_manager_secret" "cipher_key" {
      - create_time = "2023-09-21T18:41:35.169822Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-encryption-cipher-1-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[1].google_secret_manager_secret.oidc_providers will be destroyed
  - resource "google_secret_manager_secret" "oidc_providers" {
      - create_time = "2023-09-21T18:41:35.094810Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-1-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[1].google_secret_manager_secret.secret_share will be destroyed
  - resource "google_secret_manager_secret" "secret_share" {
      - create_time = "2023-09-21T18:41:35.233317Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-secret-share-1-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYF4td+yPc=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298" -> null
    }

  # module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYF4td0A0Y=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298" -> null
    }

  # module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYF4thXZ3A=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298" -> null
    }

  # module.signer[1].google_secret_manager_secret_version.cipher_key_data will be destroyed
  - resource "google_secret_manager_secret_version" "cipher_key_data" {
      - create_time = "2023-09-21T18:41:36.451960Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[1].google_secret_manager_secret_version.oidc_providers_data will be destroyed
  - resource "google_secret_manager_secret_version" "oidc_providers_data" {
      - create_time = "2023-09-21T18:41:35.709013Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[1].google_secret_manager_secret_version.secret_share_data will be destroyed
  - resource "google_secret_manager_secret_version" "secret_share_data" {
      - create_time = "2023-09-21T18:41:37.339537Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[2].google_cloud_run_v2_service.signer will be destroyed
  - resource "google_cloud_run_v2_service" "signer" {
      - annotations             = {} -> null
      - conditions              = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:49.266389Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "RoutesReady"
            },
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:42.362087Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "ConfigurationsReady"
            },
        ] -> null
      - etag                    = "\"COWcsqgGELCGjmg/cHJvamVjdHMvcGFnb2RhLWRpc2NvdmVyeS1wbGF0Zm9ybS1kZXYvbG9jYXRpb25zL3VzLWVhc3QxL3NlcnZpY2VzL21wYy1yZWNvdmVyeS1zaWduZXItMi1kZXYtMjk4\"" -> null
      - generation              = "1" -> null
      - id                      = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298" -> null
      - ingress                 = "INGRESS_TRAFFIC_ALL" -> null
      - labels                  = {} -> null
      - latest_created_revision = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298/revisions/mpc-recovery-signer-2-dev-298-00001-gjx" -> null
      - latest_ready_revision   = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298/revisions/mpc-recovery-signer-2-dev-298-00001-gjx" -> null
      - launch_stage            = "GA" -> null
      - location                = "us-east1" -> null
      - name                    = "mpc-recovery-signer-2-dev-298" -> null
      - observed_generation     = "1" -> null
      - project                 = "pagoda-discovery-platform-dev" -> null
      - reconciling             = false -> null
      - terminal_condition      = [
          - {
              - execution_reason     = ""
              - last_transition_time = "2023-09-21T18:41:49.266389Z"
              - message              = ""
              - reason               = ""
              - revision_reason      = ""
              - severity             = ""
              - state                = "CONDITION_SUCCEEDED"
              - type                 = "Ready"
            },
        ] -> null
      - traffic_statuses        = [
          - {
              - percent  = 100
              - revision = ""
              - tag      = ""
              - type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
              - uri      = ""
            },
        ] -> null
      - uid                     = "bbd91525-a5a6-4dd2-ae89-37a988c532dd" -> null
      - uri                     = "https://mpc-recovery-signer-2-dev-298-7tk2cmmtcq-ue.a.run.app" -> null

      - template {
          - annotations                      = {} -> null
          - labels                           = {} -> null
          - max_instance_request_concurrency = 80 -> null
          - service_account                  = "mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
          - session_affinity                 = false -> null
          - timeout                          = "300s" -> null

          - containers {
              - args    = [
                  - "start-sign",
                ] -> null
              - command = [] -> null
              - image   = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-dev-298/mpc-recovery-dev-298:f2588cc5086ca94366b098437b4be2cf6b13b78f" -> null

              - env {
                  - name  = "MPC_RECOVERY_WEB_PORT" -> null
                  - value = "3000" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_NODE_ID" -> null
                  - value = "2" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_GCP_PROJECT_ID" -> null
                  - value = "pagoda-discovery-platform-dev" -> null
                }
              - env {
                  - name  = "MPC_RECOVERY_ENV" -> null
                  - value = "dev-298" -> null
                }
              - env {
                  - name  = "RUST_LOG" -> null
                  - value = "mpc_recovery=debug" -> null
                }

              - ports {
                  - container_port = 3000 -> null
                  - name           = "http1" -> null
                }

              - resources {
                  - cpu_idle          = false -> null
                  - limits            = {
                      - "cpu"    = "2"
                      - "memory" = "2Gi"
                    } -> null
                  - startup_cpu_boost = false -> null
                }

              - startup_probe {
                  - failure_threshold     = 1 -> null
                  - initial_delay_seconds = 0 -> null
                  - period_seconds        = 240 -> null
                  - timeout_seconds       = 240 -> null

                  - tcp_socket {
                      - port = 3000 -> null
                    }
                }
            }

          - scaling {
              - max_instance_count = 1 -> null
              - min_instance_count = 1 -> null
            }
        }

      - traffic {
          - percent = 100 -> null
          - type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" -> null
        }
    }

  # module.signer[2].google_cloud_run_v2_service_iam_member.allow_all will be destroyed
  - resource "google_cloud_run_v2_service_iam_member" "allow_all" {
      - etag     = "BwYF4thsnWM=" -> null
      - id       = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298/roles/run.invoker/allUsers" -> null
      - location = "us-east1" -> null
      - member   = "allUsers" -> null
      - name     = "projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298" -> null
      - project  = "pagoda-discovery-platform-dev" -> null
      - role     = "roles/run.invoker" -> null
    }

  # module.signer[2].google_secret_manager_secret.cipher_key will be destroyed
  - resource "google_secret_manager_secret" "cipher_key" {
      - create_time = "2023-09-21T18:41:35.162693Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-encryption-cipher-2-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[2].google_secret_manager_secret.oidc_providers will be destroyed
  - resource "google_secret_manager_secret" "oidc_providers" {
      - create_time = "2023-09-21T18:41:35.150907Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-allowed-oidc-providers-2-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[2].google_secret_manager_secret.secret_share will be destroyed
  - resource "google_secret_manager_secret" "secret_share" {
      - create_time = "2023-09-21T18:41:35.150208Z" -> null
      - id          = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298" -> null
      - labels      = {} -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298" -> null
      - project     = "pagoda-discovery-platform-dev" -> null
      - secret_id   = "mpc-recovery-secret-share-2-dev-298" -> null

      - replication {
          - automatic = true -> null
        }
    }

  # module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "cipher_key_secret_access" {
      - etag      = "BwYF4tdz9Sg=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298" -> null
    }

  # module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "oidc_providers_secret_access" {
      - etag      = "BwYF4teK/ew=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298" -> null
    }

  # module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access will be destroyed
  - resource "google_secret_manager_secret_iam_member" "secret_share_secret_access" {
      - etag      = "BwYF4tdz99Y=" -> null
      - id        = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - member    = "serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com" -> null
      - project   = "pagoda-discovery-platform-dev" -> null
      - role      = "roles/secretmanager.secretAccessor" -> null
      - secret_id = "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298" -> null
    }

  # module.signer[2].google_secret_manager_secret_version.cipher_key_data will be destroyed
  - resource "google_secret_manager_secret_version" "cipher_key_data" {
      - create_time = "2023-09-21T18:41:35.685080Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[2].google_secret_manager_secret_version.oidc_providers_data will be destroyed
  - resource "google_secret_manager_secret_version" "oidc_providers_data" {
      - create_time = "2023-09-21T18:41:36.566044Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

  # module.signer[2].google_secret_manager_secret_version.secret_share_data will be destroyed
  - resource "google_secret_manager_secret_version" "secret_share_data" {
      - create_time = "2023-09-21T18:41:35.793610Z" -> null
      - enabled     = true -> null
      - id          = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298/versions/1" -> null
      - name        = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298/versions/1" -> null
      - secret      = "projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298" -> null
      - secret_data = (sensitive value) -> null
      - version     = "1" -> null
    }

Plan: 0 to add, 0 to change, 46 to destroy.

Changes to Outputs:
  - leader_node = "https://mpc-recovery-leader-dev-298-7tk2cmmtcq-ue.a.run.app" -> null
google_project_iam_member.service-account-datastore-user: Destroying... [id=pagoda-discovery-platform-dev/roles/datastore.user/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298/roles/run.invoker/allUsers]
google_service_account_iam_binding.serivce-account-iam: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com/roles/iam.serviceAccountUser]
google_service_account_iam_binding.serivce-account-iam: Destruction complete after 4s
module.leader.google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.leader.google_cloud_run_v2_service.leader: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-leader-dev-298]
google_project_iam_member.service-account-datastore-user: Destruction complete after 7s
module.leader.google_cloud_run_v2_service.leader: Still destroying... [id=projects/pagoda-discovery-platform-dev/...1/services/mpc-recovery-leader-dev-298, 10s elapsed]
module.leader.google_cloud_run_v2_service.leader: Destruction complete after 10s
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298/versions/1]
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-account-creator-sk-dev-298/versions/1]
module.leader.google_secret_manager_secret_version.account_creator_sk_data: Destruction complete after 0s
module.leader.google_secret_manager_secret_version.fast_auth_partners_data: Destruction complete after 0s
module.leader.google_secret_manager_secret_iam_member.fast_auth_partners_secret_access: Destruction complete after 4s
module.leader.google_secret_manager_secret_iam_member.account_creator_secret_access: Destruction complete after 4s
module.leader.google_secret_manager_secret.fast_auth_partners: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-leader-dev-298]
module.leader.google_secret_manager_secret.account_creator_sk: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-dev-298]
module.leader.google_secret_manager_secret.account_creator_sk: Destruction complete after 0s
module.leader.google_secret_manager_secret.fast_auth_partners: Destruction complete after 0s
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298/roles/run.invoker/allUsers]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298/roles/run.invoker/allUsers]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298/roles/run.invoker/allUsers]
module.signer[0].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.signer[0].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-0-dev-298]
module.signer[2].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.signer[2].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-2-dev-298]
module.signer[1].google_cloud_run_v2_service_iam_member.allow_all: Destruction complete after 5s
module.signer[1].google_cloud_run_v2_service.signer: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/services/mpc-recovery-signer-1-dev-298]
module.signer[0].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-0-dev-298, 10s elapsed]
module.signer[2].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-2-dev-298, 10s elapsed]
module.signer[1].google_cloud_run_v2_service.signer: Still destroying... [id=projects/pagoda-discovery-platform-dev/...services/mpc-recovery-signer-1-dev-298, 10s elapsed]
module.signer[0].google_cloud_run_v2_service.signer: Destruction complete after 10s
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.secret_share_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-secret-share-0-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-0-dev-298/versions/1]
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298/versions/1]
module.signer[2].google_cloud_run_v2_service.signer: Destruction complete after 10s
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_version.secret_share_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-secret-share-2-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.oidc_providers_data: Destruction complete after 0s
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[0].google_secret_manager_secret_version.cipher_key_data: Destruction complete after 0s
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[2].google_secret_manager_secret_version.secret_share_data: Destruction complete after 0s
module.signer[0].google_secret_manager_secret_version.secret_share_data: Destruction complete after 0s
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-2-dev-298/versions/1]
module.signer[2].google_secret_manager_secret_version.oidc_providers_data: Destruction complete after 0s
module.signer[2].google_secret_manager_secret_version.cipher_key_data: Destruction complete after 1s
module.signer[1].google_cloud_run_v2_service.signer: Destruction complete after 11s
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-encryption-cipher-1-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_version.oidc_providers_data: Destruction complete after 0s
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298/roles/secretmanager.secretAccessor/serviceAccount:mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret_version.cipher_key_data: Destruction complete after 0s
module.signer[1].google_secret_manager_secret_version.secret_share_data: Destroying... [id=projects/388645787527/secrets/mpc-recovery-secret-share-1-dev-298/versions/1]
module.signer[1].google_secret_manager_secret_version.secret_share_data: Destruction complete after 0s
module.signer[0].google_secret_manager_secret_iam_member.secret_share_secret_access: Destruction complete after 4s
module.signer[0].google_secret_manager_secret.secret_share: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-0-dev-298]
module.signer[2].google_secret_manager_secret_iam_member.secret_share_secret_access: Destruction complete after 4s
module.signer[2].google_secret_manager_secret_iam_member.cipher_key_secret_access: Destruction complete after 4s
module.signer[2].google_secret_manager_secret.secret_share: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-2-dev-298]
module.signer[2].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destruction complete after 4s
module.signer[2].google_secret_manager_secret.oidc_providers: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-2-dev-298]
module.signer[2].google_secret_manager_secret.cipher_key: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-2-dev-298]
module.signer[0].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destruction complete after 4s
module.signer[0].google_secret_manager_secret_iam_member.cipher_key_secret_access: Destruction complete after 4s
module.signer[0].google_secret_manager_secret.oidc_providers: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-0-dev-298]
module.signer[0].google_secret_manager_secret.cipher_key: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-0-dev-298]
module.signer[1].google_secret_manager_secret_iam_member.oidc_providers_secret_access: Destruction complete after 3s
module.signer[1].google_secret_manager_secret.oidc_providers: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-allowed-oidc-providers-1-dev-298]
module.signer[1].google_secret_manager_secret_iam_member.cipher_key_secret_access: Destruction complete after 3s
module.signer[1].google_secret_manager_secret.cipher_key: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-encryption-cipher-1-dev-298]
module.signer[1].google_secret_manager_secret_iam_member.secret_share_secret_access: Destruction complete after 3s
google_service_account.service_account: Destroying... [id=projects/pagoda-discovery-platform-dev/serviceAccounts/mpc-recovery-dev-298@pagoda-discovery-platform-dev.iam.gserviceaccount.com]
module.signer[1].google_secret_manager_secret.secret_share: Destroying... [id=projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-1-dev-298]
module.signer[0].google_secret_manager_secret.secret_share: Destruction complete after 0s
module.signer[2].google_secret_manager_secret.cipher_key: Destruction complete after 1s
module.signer[2].google_secret_manager_secret.secret_share: Destruction complete after 1s
module.signer[2].google_secret_manager_secret.oidc_providers: Destruction complete after 1s
module.signer[0].google_secret_manager_secret.oidc_providers: Destruction complete after 1s
module.signer[0].google_secret_manager_secret.cipher_key: Destruction complete after 1s
google_service_account.service_account: Destruction complete after 1s
module.signer[1].google_secret_manager_secret.oidc_providers: Destruction complete after 1s
module.signer[1].google_secret_manager_secret.cipher_key: Destruction complete after 1s
module.signer[1].google_secret_manager_secret.secret_share: Destruction complete after 1s
docker_registry_image.mpc_recovery: Destroying... [id=sha256:2adc06360799bee871cf484711d97cac613ae83169f84bc078b0c99a5f8f21f9]
docker_registry_image.mpc_recovery: Destruction complete after 0s
google_artifact_registry_repository.mpc_recovery: Destroying... [id=projects/pagoda-discovery-platform-dev/locations/us-east1/repositories/mpc-recovery-dev-298]
google_artifact_registry_repository.mpc_recovery: Destruction complete after 1s

Destroy complete! Resources: 46 destroyed.

Pusher: @volovyks, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env (Destroy)

itegulov and others added 30 commits May 18, 2023 20:59

feat: migrate to testcontainers (#161)

8fc28c8

fn renamings (#162)

4ed133d

* fn renamings

feat: terraform configuration (#170)

5bb0927

integration tests instractions updated (#173)

a617f71

CLI Logs (#174)

4034177

* logs added to cli

fix: add tracing-subscriber to integration test runner (#179)

0e4b964

* add tracing-subscriber to integration test runner

add test-log to integration tests (#180)

ed8b3ef

feat: Added rogue key attack mitigation (#169)

c12b4e9

* Added rogue key attack mitigation

fix: return 200 on the same pk set (#181)

1aa02f0

fix remaining macos issues (#182)

8e340fe

feat: enable macos CI (#197)

96c9b71

infra: feature environments (#195)

8013254

feat: add prometheus metrics (#201)

a0cdbd4

infra: tie docker image tags to git commit hash (#208)

15e62e6

* tie docker image tags to git commit hash * ensure terraform workflows wait for lock * use external scripts to get git sha

enable anyhow backtrace by default (#207)

0e06950

fix: trigger cache invalidation for delegate actions (#212)

8a1949c

User Credentials FRP turned on (#209)

ac3bbea

* disclaimer about leader node added * FRP turned on for user credentials

Add and Delete key actions whitelisted (#213)

7ec2540

* add and delete key whitelisted * Preventing recovery key deletion (#214) * preventing recovery key deletion * user credentials digest passed to the sign endpoint

Claiming fixes (#221)

790e6a6

* do not throw error when claiming the same pair of key and id token * claiming of the same token with another key prevented * usage of wrong sk prevented * clippy * old TODO deleted * clippy * typo

Cleanup public key in messages (#226)

d0cd241

chore: handle json serialization error (#227)

293df9c

* Update deps * Handle json serialization error w/ StatusCode and error message * Fmt

Claiming flow docs (#225)

1bdc657

fix: make API more uniform (#228)

92ff72c

ChaoticTempest and others added 19 commits August 18, 2023 16:17

fix: Make OidcVerificationFail unauthorized (#266)

8a80b62

* Make OidcVerificationFail unauthorized * Fix incorrect status code

faq mac update (#273)

68911c9

signing flow explained in README (#265)

3cd4538

Error messages in 5xx responces are hidden (#272)

70b861b

* 500 error messages hiden * erro codes tuned

cors TODO edleted (#270)

2bcf586

fix: use borsh-serialized type for sign requests (#275)

2802800

readme fix (#278)

e2a71cd

Update issue templates (#280)

7d4af3d

Added two new templates as per standard process.

Update issue templates (#284)

d00c859

Updated tasklist in Epic, not formatted correctly.

Removed malformed public key and account type (#290)

9041dd7

Relayer url and api_key moved to the partner struct, refactoring (#286)

f3c5c4f

* relayer url and api_key moved to the partner struct, refactoring * relayer set in tfvars * terraform parameter renamed * signing nodes accepts only oidc_providers

Update issue templates (#293)

f522421

Added Epic Icon

chore: Rebase off of latest relayer (#292)

f2fe300

* Rebase off of latest relayer * NUM_KEYS set to 1 --------- Co-authored-by: Serhii Volovyk <[email protected]>

fix: Log missing Err(_) for GCP and metrics (#295)

e5d0781

volovyks added 2 commits September 21, 2023 20:48

conflicts solved

b0ad0f4

Merge pull request #299 from near/serhii/git-fix

77f0cab

git fix

volovyks requested review from itegulov and ChaoticTempest September 21, 2023 18:28

volovyks marked this pull request as ready for review September 21, 2023 18:28

ChaoticTempest approved these changes Sep 21, 2023

View reviewed changes

volovyks merged commit 01c5279 into main Sep 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Develop -> Main #298

Develop -> Main #298

volovyks commented Sep 21, 2023

itegulov commented Sep 21, 2023

github-actions bot commented Sep 21, 2023

github-actions bot commented Sep 21, 2023

github-actions bot commented Sep 21, 2023

Develop -> Main #298

Develop -> Main #298

Conversation

volovyks commented Sep 21, 2023

itegulov commented Sep 21, 2023

github-actions bot commented Sep 21, 2023

Terraform Dev Environment

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

github-actions bot commented Sep 21, 2023

Terraform Feature Environment (dev-298)

Terraform Initialization ⚙️success

Terraform Apply success

github-actions bot commented Sep 21, 2023

Terraform Feature Environment Destroy (dev-298)

Terraform Initialization ⚙️success

Terraform Destroy success

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Terraform Initialization ⚙️`success`

Terraform Apply `success`

Terraform Initialization ⚙️`success`

Terraform Destroy `success`