From 8ce765af732bdfe4547117d798e2837a6740e475 Mon Sep 17 00:00:00 2001 From: auto-mausx Date: Tue, 29 Oct 2024 15:19:29 -0600 Subject: [PATCH 1/4] migrated to new entity --- .../workflows/multichain-deploy-dev-nodes.yml | 34 ++++++------- .../multichain-update-prod-nodes.yml | 15 ++++-- chain-signatures/contract/src/lib.rs | 2 +- infra/multichain-dev/main.tf | 51 +++++++++++++++---- infra/multichain-dev/resources.tf | 4 +- .../multichain-dev/terraform-dev.auto.tfvars | 24 ++++----- infra/multichain-dev/variables.tf | 12 ++--- infra/multichain-mainnet/main.tf | 37 +++++++------- infra/multichain-mainnet/resources.tf | 2 +- infra/multichain-mainnet/variables.tf | 4 +- infra/multichain-testnet/main.tf | 42 ++++++++------- infra/multichain-testnet/resources.tf | 4 +- infra/multichain-testnet/variables.tf | 10 ++-- 13 files changed, 146 insertions(+), 95 deletions(-) diff --git a/.github/workflows/multichain-deploy-dev-nodes.yml b/.github/workflows/multichain-deploy-dev-nodes.yml index 6101ba1ee..9d854ede4 100644 --- a/.github/workflows/multichain-deploy-dev-nodes.yml +++ b/.github/workflows/multichain-deploy-dev-nodes.yml @@ -9,7 +9,7 @@ on: - chain-signatures/** env: - IMAGE: "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/multichain-public/multichain-dev" + IMAGE: "europe-west1-docker.pkg.dev/near-cs-dev/multichain-public/multichain-dev" TAG: ${{ github.sha }} jobs: @@ -21,9 +21,9 @@ jobs: name: "Checkout mpc-recovery" - name: Login to GCP Artifact Registry - run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://us-east1-docker.pkg.dev + run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://europe-west1-docker.pkg.dev env: - GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} + GOOGLE_CREDENTIALS: ${{ secrets.SIG_CREDENTIALS_DEV }} - name: Build Docker image and push to Google Artifact Registry id: docker-push-tagged @@ -41,26 +41,26 @@ jobs: - id: 'auth' uses: 'google-github-actions/auth@v2' with: - credentials_json: '${{ secrets.GCP_CREDENTIALS_DEV }}' + credentials_json: '${{ secrets.SIG_CREDENTIALS_DEV }}' - name: 'Set up Cloud SDK' uses: 'google-github-actions/setup-gcloud@v2' - name: 'Set project' - run: 'gcloud config set project pagoda-discovery-platform-dev' + run: 'gcloud config set project near-cs-dev' # This is not pretty, but this step needs to be updated every time a new node is added. - name: 'Update Nodes' run: | - gcloud compute instances update-container multichain-dev-0 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-1 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-2 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-3 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-4 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-5 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-6 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-7 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-8 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-9 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-10 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-11 --zone us-central1-a --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-0 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-1 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-2 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-3 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-4 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-5 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-6 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-7 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-8 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-9 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-10 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ + gcloud compute instances update-container multichain-dev-11 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ diff --git a/.github/workflows/multichain-update-prod-nodes.yml b/.github/workflows/multichain-update-prod-nodes.yml index 5788133c2..5b9d5b7d9 100644 --- a/.github/workflows/multichain-update-prod-nodes.yml +++ b/.github/workflows/multichain-update-prod-nodes.yml @@ -20,10 +20,17 @@ jobs: - uses: actions/checkout@v3 name: "Checkout mpc-recovery" - - name: Login to GCP Artifact Registry - run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://us-east1-docker.pkg.dev + - name: Login to GCP Artifact Registry Mainnet + if: github.event.inputs.network == 'mainnet' + run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://europe-west1-docker.pkg.dev env: - GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_PROD }} + GOOGLE_CREDENTIALS: ${{ secrets.SIG_CREDENTIALS_MAINNET }} + + - name: Login to GCP Artifact Registry Testnet + if: github.event.inputs.network == 'testnet' + run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://europe-west1-docker.pkg.dev + env: + GOOGLE_CREDENTIALS: ${{ secrets.SIG_CREDENTIALS_TESTNET }} # Since the Mainnet and Testnet nodes are polling this image repository, only the image needs to be updated in order to trigger a deployment - name: Build Docker image and deploy partner nodes @@ -32,4 +39,4 @@ jobs: with: push: true file: ./Dockerfile.multichain - tags: "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-${{ github.event.inputs.network }}:latest" \ No newline at end of file + tags: "europe-west1-docker.pkg.dev/near-cs-${{ github.event.inputs.network }}/multichain-public/multichain-${{ github.event.inputs.network }}:latest" \ No newline at end of file diff --git a/chain-signatures/contract/src/lib.rs b/chain-signatures/contract/src/lib.rs index c75fccb90..ed8d754e8 100644 --- a/chain-signatures/contract/src/lib.rs +++ b/chain-signatures/contract/src/lib.rs @@ -604,7 +604,7 @@ impl VersionedMpcContract { // This function can be used to transfer the MPC network to a new contract. #[private] - #[init] + #[init(ignore_state)] #[handle_result] pub fn init_running( epoch: u64, diff --git a/infra/multichain-dev/main.tf b/infra/multichain-dev/main.tf index b864fa427..bacfe3e39 100644 --- a/infra/multichain-dev/main.tf +++ b/infra/multichain-dev/main.tf @@ -1,16 +1,23 @@ provider "google" { project = var.project_id } + provider "google-beta" { project = var.project_id } + +resource "google_compute_project_metadata_item" "project_logging" { + key = "google-logging-enabled" + value = "true" +} + module "gce-container" { count = length(var.node_configs) source = "terraform-google-modules/container-vm/google" version = "~> 3.0" container = { - image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/multichain-public/multichain-dev:latest" + image = "europe-west1-docker.pkg.dev/near-cs-dev/multichain-public/multichain-dev:latest" args = ["start"] port = "3000" @@ -63,29 +70,49 @@ module "gce-container" { } } +resource "google_service_account" "service_account" { + account_id = "multichain-${var.env}" + display_name = "Multichain ${var.env} Account" +} + +resource "google_project_iam_member" "sa-roles" { + for_each = toset([ + "roles/datastore.user", + "roles/secretmanager.admin", + "roles/storage.objectAdmin", + "roles/iam.serviceAccountAdmin", + "roles/artifactregistry.reader", + "roles/logging.logWriter", + ]) + + role = each.key + member = "serviceAccount:${google_service_account.service_account.email}" + project = var.project_id +} + resource "google_compute_address" "internal_ips" { count = length(var.node_configs) name = "multichain-dev-${count.index}" address_type = "INTERNAL" address = var.node_configs["${count.index}"].ip_address region = var.region - subnetwork = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/dev-us-central1" + subnetwork = "projects/sig-shared-network/regions/europe-west1/subnetworks/dev-europe-west1" } module "mig_template" { count = length(var.node_configs) source = "../modules/mig_template" - network = "projects/pagoda-shared-infrastructure/global/networks/dev" - subnetwork = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/dev-us-central1" + network = "projects/sig-shared-network/global/networks/dev" + subnetwork = "projects/sig-shared-network/regions/europe-west1/subnetworks/dev-europe-west1" region = var.region service_account = { - email = "mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com", + email = google_service_account.service_account.email, scopes = ["cloud-platform"] } name_prefix = "multichain-${count.index}" source_image_family = "cos-113-lts" source_image_project = "cos-cloud" - machine_type = "n2-standard-2" + machine_type = "e2-medium" startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30" @@ -95,7 +122,11 @@ module "mig_template" { "multichain" ] labels = { - "container-vm" = module.gce-container[count.index].vm_container_label + "container-vm" = module.gce-container[count.index].vm_container_label, + environment = "dev", + chain = "near", + owner = "sig", + network = "testnet" } depends_on = [google_compute_address.internal_ips] @@ -108,8 +139,8 @@ module "instances" { region = var.region project_id = var.project_id hostname = "multichain-dev-${count.index}" - network = "projects/pagoda-shared-infrastructure/global/networks/dev" - subnetwork = "projects/pagoda-shared-infrastructure/regions/us-central1/subnetworks/dev-us-central1" + network = "projects/sig-shared-network/global/networks/dev" + subnetwork = "projects/sig-shared-network/regions/europe-west1/subnetworks/dev-europe-west1" instance_template = module.mig_template[count.index].self_link_unique static_ips = [google_compute_address.internal_ips[count.index].address] @@ -141,7 +172,7 @@ resource "google_compute_instance_group" "multichain_group" { name = "multichain-instance-group" instances = module.instances[*].self_links[0] - zone = "us-central1-a" + zone = "europe-west1-b" named_port { name = "http" port = 3000 diff --git a/infra/multichain-dev/resources.tf b/infra/multichain-dev/resources.tf index ac97c9d44..ae25b25b2 100644 --- a/infra/multichain-dev/resources.tf +++ b/infra/multichain-dev/resources.tf @@ -1,7 +1,7 @@ terraform { backend "gcs" { - bucket = "multichain-terraform-dev" - prefix = "state/multichain-vm-test" + bucket = "near-multichain-state-dev" + prefix = "state/multichain-vm-dev" } required_providers { diff --git a/infra/multichain-dev/terraform-dev.auto.tfvars b/infra/multichain-dev/terraform-dev.auto.tfvars index f2113d8ce..f486adfaa 100644 --- a/infra/multichain-dev/terraform-dev.auto.tfvars +++ b/infra/multichain-dev/terraform-dev.auto.tfvars @@ -7,7 +7,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-0" sign_sk_secret_id = "multichain-sign-sk-dev-0" sk_share_secret_id = "multichain-sk-share-dev-0" - ip_address = "10.100.0.56" + ip_address = "10.101.0.56" }, { account = "multichain-node-dev-1.testnet" @@ -16,7 +16,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-1" sign_sk_secret_id = "multichain-sign-sk-dev-1" sk_share_secret_id = "multichain-sk-share-dev-1" - ip_address = "10.100.0.81" + ip_address = "10.101.0.81" }, { account = "multichain-node-dev-2.testnet" @@ -25,7 +25,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-2" sign_sk_secret_id = "multichain-sign-sk-dev-2" sk_share_secret_id = "multichain-sk-share-dev-2" - ip_address = "10.100.0.57" + ip_address = "10.101.0.57" }, { account = "multichain-node-dev-3.testnet" @@ -34,7 +34,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-3" sign_sk_secret_id = "multichain-sign-sk-dev-3" sk_share_secret_id = "multichain-sk-share-dev-3" - ip_address = "10.100.0.129" + ip_address = "10.101.0.129" }, { account = "multichain-node-dev-4.testnet" @@ -43,7 +43,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-4" sign_sk_secret_id = "multichain-sign-sk-dev-4" sk_share_secret_id = "multichain-sk-share-dev-4" - ip_address = "10.100.0.124" + ip_address = "10.101.0.124" }, { account = "multichain-node-dev-5.testnet" @@ -52,7 +52,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-5" sign_sk_secret_id = "multichain-sign-sk-dev-5" sk_share_secret_id = "multichain-sk-share-dev-5" - ip_address = "10.100.0.101" + ip_address = "10.101.0.101" }, { account = "multichain-node-dev-6.testnet" @@ -61,7 +61,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-6" sign_sk_secret_id = "multichain-sign-sk-dev-6" sk_share_secret_id = "multichain-sk-share-dev-6" - ip_address = "10.100.0.122" + ip_address = "10.101.0.122" }, { account = "multichain-node-dev-7.testnet" @@ -70,7 +70,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-7" sign_sk_secret_id = "multichain-sign-sk-dev-7" sk_share_secret_id = "multichain-sk-share-dev-7" - ip_address = "10.100.0.123" + ip_address = "10.101.0.123" }, { account = "multichain-node-dev-8.testnet" @@ -79,7 +79,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-8" sign_sk_secret_id = "multichain-sign-sk-dev-8" sk_share_secret_id = "multichain-sk-share-dev-8" - ip_address = "10.100.0.125" + ip_address = "10.101.0.125" }, { account = "multichain-node-dev-9.testnet" @@ -88,7 +88,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-9" sign_sk_secret_id = "multichain-sign-sk-dev-9" sk_share_secret_id = "multichain-sk-share-dev-9" - ip_address = "10.100.0.126" + ip_address = "10.101.0.126" }, { account = "multichain-node-dev-10.testnet" @@ -97,7 +97,7 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-10" sign_sk_secret_id = "multichain-sign-sk-dev-10" sk_share_secret_id = "multichain-sk-share-dev-10" - ip_address = "10.100.0.127" + ip_address = "10.101.0.127" }, { account = "multichain-node-dev-11.testnet" @@ -106,6 +106,6 @@ node_configs = [ cipher_sk_secret_id = "multichain-cipher-sk-dev-11" sign_sk_secret_id = "multichain-sign-sk-dev-11" sk_share_secret_id = "multichain-sk-share-dev-11" - ip_address = "10.100.0.128" + ip_address = "10.101.0.128" }, ] diff --git a/infra/multichain-dev/variables.tf b/infra/multichain-dev/variables.tf index 37426e8dc..b98d919f7 100644 --- a/infra/multichain-dev/variables.tf +++ b/infra/multichain-dev/variables.tf @@ -1,13 +1,13 @@ variable "project_id" { description = "The project ID to deploy resource into" type = string - default = "pagoda-discovery-platform-dev" + default = "near-cs-dev" } variable "subnetwork" { description = "The name of the subnetwork to deploy instances into" type = string - default = "dev-us-central1" + default = "dev-europe-west1" } variable "mig_name" { @@ -19,7 +19,7 @@ variable "mig_name" { variable "image" { description = "The Docker image to deploy to GCE instances" type = string - default = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/multichain/multichain-dev:latest" + default = "europe-west1-docker.pkg.dev/near-cs-dev/multichain/multichain-dev:latest" } variable "image_port" { @@ -31,7 +31,7 @@ variable "image_port" { variable "region" { description = "The GCP region to deploy instances into" type = string - default = "us-central1" + default = "europe-west1" } variable "network" { @@ -99,7 +99,7 @@ variable "static_env" { }, { name = "MPC_INDEXER_START_BLOCK_HEIGHT" - value = 175970237 + value = 177673773 }, { name = "AWS_DEFAULT_REGION" @@ -107,7 +107,7 @@ variable "static_env" { }, { name = "MPC_GCP_PROJECT_ID" - value = "pagoda-discovery-platform-dev" + value = "near-cs-dev" }, { name = "MPC_WEB_PORT" diff --git a/infra/multichain-mainnet/main.tf b/infra/multichain-mainnet/main.tf index 0a4c73ac8..b32d60a4d 100644 --- a/infra/multichain-mainnet/main.tf +++ b/infra/multichain-mainnet/main.tf @@ -64,7 +64,7 @@ module "gce-container" { } resource "google_service_account" "service_account" { - account_id = "multichain-partner-${var.env}" + account_id = "multichain-${var.env}" display_name = "Multichain ${var.env} Account" } @@ -84,7 +84,7 @@ resource "google_project_iam_member" "sa-roles" { resource "google_compute_global_address" "external_ips" { count = length(var.node_configs) - name = "multichain-partner-mainnet-${count.index}" + name = "multichain-mainnet-${count.index}" address_type = "EXTERNAL" lifecycle { @@ -94,7 +94,7 @@ resource "google_compute_global_address" "external_ips" { resource "google_compute_managed_ssl_certificate" "mainnet_ssl" { count = length(var.node_configs) - name = "multichain-partner-mainnet-ssl-${count.index}" + name = "multichain-mainnet-ssl-${count.index}" managed { domains = [var.node_configs[count.index].domain] @@ -111,7 +111,7 @@ module "ig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-partner-mainnet-${count.index}" + name_prefix = "multichain-mainnet-${count.index}" source_image_family = "cos-113-lts" source_image_project = "cos-cloud" machine_type = "n2d-standard-2" @@ -121,11 +121,14 @@ module "ig_template" { source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ - "multichain", - "allow-ssh" + "multichain" ] labels = { - "container-vm" = module.gce-container[count.index].vm_container_label + "container-vm" = module.gce-container[count.index].vm_container_label, + environment = "prod", + chain = "near", + owner = "sig", + network = "mainnet" } depends_on = [google_compute_global_address.external_ips] @@ -137,7 +140,7 @@ module "instances" { source = "../modules/instance-from-tpl" region = var.region project_id = var.project_id - hostname = "multichain-mainnet-partner-${count.index}" + hostname = "multichain-mainnet-${count.index}" network = var.network subnetwork = var.subnetwork @@ -146,7 +149,7 @@ module "instances" { } resource "google_compute_health_check" "multichain_healthcheck" { - name = "multichain-mainnet-partner-healthcheck" + name = "multichain-mainnet-healthcheck" http_health_check { port = 3000 @@ -157,7 +160,7 @@ resource "google_compute_health_check" "multichain_healthcheck" { resource "google_compute_global_forwarding_rule" "http_fw" { count = length(var.node_configs) - name = "multichain-partner-mainnet-http-rule-${count.index}" + name = "multichain-mainnet-http-rule-${count.index}" target = google_compute_target_http_proxy.default[count.index].id port_range = "80" ip_protocol = "TCP" @@ -167,7 +170,7 @@ resource "google_compute_global_forwarding_rule" "http_fw" { resource "google_compute_global_forwarding_rule" "https_fw" { count = length(var.node_configs) - name = "multichain-partner-mainnet-https-rule-${count.index}" + name = "multichain-mainnet-https-rule-${count.index}" target = google_compute_target_https_proxy.default_https[count.index].id port_range = "443" ip_protocol = "TCP" @@ -177,14 +180,14 @@ resource "google_compute_global_forwarding_rule" "https_fw" { resource "google_compute_target_http_proxy" "default" { count = length(var.node_configs) - name = "multichain-partner-mainnet-http-target-proxy-${count.index}" + name = "multichain-mainnet-http-target-proxy-${count.index}" description = "a description" url_map = google_compute_url_map.redirect_default[count.index].id } resource "google_compute_target_https_proxy" "default_https" { count = length(var.node_configs) - name = "multichain-partner-mainnet-https-target-proxy-${count.index}" + name = "multichain-mainnet-https-target-proxy-${count.index}" description = "a description" ssl_certificates = [ google_compute_managed_ssl_certificate.mainnet_ssl[count.index].self_link ] url_map = google_compute_url_map.default[count.index].id @@ -192,13 +195,13 @@ resource "google_compute_target_https_proxy" "default_https" { resource "google_compute_url_map" "default" { count = length(var.node_configs) - name = "multichain-partner-mainnet-url-map-${count.index}" + name = "multichain-mainnet-url-map-${count.index}" default_service = google_compute_backend_service.multichain_backend[count.index].id } resource "google_compute_url_map" "redirect_default" { count = length(var.node_configs) - name = "multichain-partner-mainnet-redirect-url-map-${count.index}" + name = "multichain-mainnet-redirect-url-map-${count.index}" default_url_redirect { strip_query = false https_redirect = true @@ -207,7 +210,7 @@ resource "google_compute_url_map" "redirect_default" { resource "google_compute_backend_service" "multichain_backend" { count = length(var.node_configs) - name = "multichain-partner-mainnet-backend-service-${count.index}" + name = "multichain-mainnet-backend-service-${count.index}" load_balancing_scheme = "EXTERNAL" log_config { @@ -223,7 +226,7 @@ resource "google_compute_backend_service" "multichain_backend" { resource "google_compute_instance_group" "multichain_group" { count = length(var.node_configs) - name = "multichain-partner-mainnet-instance-group-${count.index}" + name = "multichain-mainnet-instance-group-${count.index}" instances = [module.instances[count.index].self_links[0]] zone = var.zone diff --git a/infra/multichain-mainnet/resources.tf b/infra/multichain-mainnet/resources.tf index 6a2197d88..fd4d9f285 100644 --- a/infra/multichain-mainnet/resources.tf +++ b/infra/multichain-mainnet/resources.tf @@ -1,6 +1,6 @@ terraform { backend "gcs" { - bucket = "terraform-prod-multichain" + bucket = "near-multichain-state-mainnet" prefix = "state/multichain-partner-vm-mainnet" } diff --git a/infra/multichain-mainnet/variables.tf b/infra/multichain-mainnet/variables.tf index 7316242e9..7669119a8 100644 --- a/infra/multichain-mainnet/variables.tf +++ b/infra/multichain-mainnet/variables.tf @@ -17,7 +17,7 @@ variable "mig_name" { variable "image" { description = "The Docker image to deploy to GCE instances. Note: This is a public image repository used for updating your nodes, please do not change this" type = string - default = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-mainnet:latest" + default = "us-east1-docker.pkg.dev/near-cs-mainnet/multichain-public/multichain-mainnet:latest" } variable "image_port" { @@ -109,7 +109,7 @@ variable "static_env" { }, { name = "MPC_GCP_PROJECT_ID" - value = "pagoda-discovery-platform-prod" + value = "near-cs-mainnet" }, { name = "MPC_WEB_PORT" diff --git a/infra/multichain-testnet/main.tf b/infra/multichain-testnet/main.tf index 176e9df8a..27b6a032e 100644 --- a/infra/multichain-testnet/main.tf +++ b/infra/multichain-testnet/main.tf @@ -4,6 +4,10 @@ provider "google" { provider "google-beta" { project = var.project_id } +resource "google_compute_project_metadata_item" "project_logging" { + key = "google-logging-enabled" + value = "true" +} module "gce-container" { count = length(var.node_configs) source = "terraform-google-modules/container-vm/google" @@ -74,10 +78,11 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", - "roles/secretmanager.admin", - "roles/storage.objectAdmin", - "roles/iam.serviceAccountAdmin", + "roles/datastore.user", + "roles/secretmanager.admin", + "roles/storage.objectAdmin", + "roles/iam.serviceAccountAdmin", + "roles/logging.logWriter" ]) role = each.key @@ -87,7 +92,7 @@ resource "google_project_iam_member" "sa-roles" { resource "google_compute_global_address" "external_ips" { count = length(var.node_configs) - name = "multichain-testnet-partner-${count.index}" + name = "multichain-testnet-${count.index}" address_type = "EXTERNAL" } @@ -101,8 +106,8 @@ module "ig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-partner-${count.index}" - source_image_family = "cos-stable" + name_prefix = "multichain-testnet-${count.index}" + source_image_family = "cos-113-lts" source_image_project = "cos-cloud" machine_type = "n2d-standard-2" @@ -111,11 +116,14 @@ module "ig_template" { source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ - "multichain", - "allow-ssh" + "multichain" ] labels = { - "container-vm" = module.gce-container[count.index].vm_container_label + "container-vm" = module.gce-container[count.index].vm_container_label, + environment = "prod", + chain = "near", + owner = "sig", + network = "testnet" } depends_on = [google_compute_global_address.external_ips] @@ -127,7 +135,7 @@ module "instances" { source = "../modules/instance-from-tpl" region = var.region project_id = var.project_id - hostname = "multichain-testnet-partner-${count.index}" + hostname = "multichain-testnet-${count.index}" network = var.network subnetwork = var.subnetwork @@ -136,7 +144,7 @@ module "instances" { } resource "google_compute_health_check" "multichain_healthcheck" { - name = "multichain-testnet-partner-healthcheck" + name = "multichain-testnet-healthcheck" http_health_check { port = 3000 @@ -147,7 +155,7 @@ resource "google_compute_health_check" "multichain_healthcheck" { resource "google_compute_global_forwarding_rule" "default" { count = length(var.node_configs) - name = "multichain-partner-rule-${count.index}" + name = "multichain-testnet-rule-${count.index}" target = google_compute_target_http_proxy.default[count.index].id port_range = "80" load_balancing_scheme = "EXTERNAL" @@ -156,19 +164,19 @@ resource "google_compute_global_forwarding_rule" "default" { resource "google_compute_target_http_proxy" "default" { count = length(var.node_configs) - name = "multichain-partner-target-proxy-${count.index}" + name = "multichain-testnet-target-proxy-${count.index}" description = "a description" url_map = google_compute_url_map.default[count.index].id } resource "google_compute_url_map" "default" { count = length(var.node_configs) - name = "multichain-partner-url-map-${count.index}" + name = "multichain-testnet-url-map-${count.index}" default_service = google_compute_backend_service.multichain_backend.id } resource "google_compute_backend_service" "multichain_backend" { - name = "multichain-partner-backend-service" + name = "multichain-testnet-backend-service" load_balancing_scheme = "EXTERNAL" backend { @@ -179,7 +187,7 @@ resource "google_compute_backend_service" "multichain_backend" { } resource "google_compute_instance_group" "multichain_group" { - name = "multichain-partner-instance-group" + name = "multichain-testnet-instance-group" instances = module.instances[*].self_links[0] zone = var.zone diff --git a/infra/multichain-testnet/resources.tf b/infra/multichain-testnet/resources.tf index 5bdad1581..1495db724 100644 --- a/infra/multichain-testnet/resources.tf +++ b/infra/multichain-testnet/resources.tf @@ -1,7 +1,7 @@ terraform { backend "gcs" { - bucket = "terraform-prod-multichain" - prefix = "state/multichain-partner-vm-testnet" + bucket = "near-multichain-state-testnet" + prefix = "state/multichain-testnet" } required_providers { diff --git a/infra/multichain-testnet/variables.tf b/infra/multichain-testnet/variables.tf index 136b9e482..974171904 100644 --- a/infra/multichain-testnet/variables.tf +++ b/infra/multichain-testnet/variables.tf @@ -17,7 +17,7 @@ variable "mig_name" { variable "image" { description = "The Docker image to deploy to GCE instances. Note: This is a public image repository used for updating your nodes, please do not change this" type = string - default = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-testnet:latest" + default = "europe-west1-docker.pkg.dev/near-cs-testnet/multichain-public/multichain-testnet:latest" } variable "image_port" { @@ -43,7 +43,9 @@ variable "network" { variable "additional_metadata" { type = map(any) description = "Additional metadata to attach to the instance" - default = {} + default = { + cos-update-strategy: "update_enabled" + } } variable "service_account" { @@ -75,7 +77,7 @@ variable "node_configs" { variable "env" { type = string - default = "dev" + default = "testnet" } variable "static_env" { @@ -98,7 +100,7 @@ variable "static_env" { }, { name = "MPC_INDEXER_START_BLOCK_HEIGHT" - value = 158767549 + value = 177673773 }, { name = "AWS_DEFAULT_REGION" From 85f6f722beed18e54474f6e40f6ebd1c4671392d Mon Sep 17 00:00:00 2001 From: auto-mausx Date: Fri, 1 Nov 2024 17:12:59 -0600 Subject: [PATCH 2/4] add mpc recovery nodes --- .../workflows/multichain-deploy-dev-nodes.yml | 23 +--------------- infra/modules/leader/main.tf | 2 +- infra/modules/signer/main.tf | 2 +- .../terraform-dev.auto.tfvars | 24 +++++++++++++++++ infra/mpc-recovery-prod/main.tf | 24 +++++++---------- infra/mpc-recovery-prod/variables.tf | 22 ++++++++-------- infra/mpc-recovery-testnet/main.tf | 26 ++++++++----------- infra/mpc-recovery-testnet/variables.tf | 15 ++++++----- infra/multichain-dev/main.tf | 22 +++++++++++++++- infra/multichain-dev/variables.tf | 5 ++++ infra/multichain-mainnet/main.tf | 4 +++ infra/multichain-mainnet/variables.tf | 2 +- 12 files changed, 98 insertions(+), 73 deletions(-) create mode 100644 infra/mpc-recovery-dev/terraform-dev.auto.tfvars diff --git a/.github/workflows/multichain-deploy-dev-nodes.yml b/.github/workflows/multichain-deploy-dev-nodes.yml index 9d854ede4..18ec714e0 100644 --- a/.github/workflows/multichain-deploy-dev-nodes.yml +++ b/.github/workflows/multichain-deploy-dev-nodes.yml @@ -26,6 +26,7 @@ jobs: GOOGLE_CREDENTIALS: ${{ secrets.SIG_CREDENTIALS_DEV }} - name: Build Docker image and push to Google Artifact Registry + if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' id: docker-push-tagged uses: docker/build-push-action@v4 with: @@ -42,25 +43,3 @@ jobs: uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.SIG_CREDENTIALS_DEV }}' - - - name: 'Set up Cloud SDK' - uses: 'google-github-actions/setup-gcloud@v2' - - - name: 'Set project' - run: 'gcloud config set project near-cs-dev' - - # This is not pretty, but this step needs to be updated every time a new node is added. - - name: 'Update Nodes' - run: | - gcloud compute instances update-container multichain-dev-0 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-1 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-2 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-3 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-4 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-5 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-6 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-7 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-8 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-9 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-10 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ - gcloud compute instances update-container multichain-dev-11 --zone europe-west1-b --container-image=${{ env.IMAGE }}:${{ env.TAG }} & \ diff --git a/infra/modules/leader/main.tf b/infra/modules/leader/main.tf index 38402f1f6..13a248644 100644 --- a/infra/modules/leader/main.tf +++ b/infra/modules/leader/main.tf @@ -11,7 +11,7 @@ resource "google_cloud_run_v2_service" "leader" { vpc_access { connector = var.connector_id - egress = "PRIVATE_RANGES_ONLY" + egress = "ALL_TRAFFIC" } scaling { diff --git a/infra/modules/signer/main.tf b/infra/modules/signer/main.tf index 038574a2c..23325bdff 100644 --- a/infra/modules/signer/main.tf +++ b/infra/modules/signer/main.tf @@ -13,7 +13,7 @@ resource "google_cloud_run_v2_service" "signer" { for_each = var.connector_id == null ? [] : [1] content { connector = var.connector_id == null ? null : var.connector_id - egress = "PRIVATE_RANGES_ONLY" + egress = "ALL_TRAFFIC" } } diff --git a/infra/mpc-recovery-dev/terraform-dev.auto.tfvars b/infra/mpc-recovery-dev/terraform-dev.auto.tfvars new file mode 100644 index 000000000..5d49b34c4 --- /dev/null +++ b/infra/mpc-recovery-dev/terraform-dev.auto.tfvars @@ -0,0 +1,24 @@ +env = "dev" +project = "near-cs-dev" +docker_image = "europe-west1-docker.pkg.dev/near-cs-dev/mpc-recovery/mpc-recovery-dev:bcef52a5f9ecb19930642887006af50b1b2bff9f" + +account_creator_id = "mpc-recovery-dev-creator.testnet" +account_creator_sk_secret_id = "mpc-recovery-account-creator-sk-dev" +fast_auth_partners_secret_id = "mpc-fast-auth-partners-dev" +signer_configs = [ + { + cipher_key_secret_id = "mpc-cipher-0-dev" + sk_share_secret_id = "mpc-sk-share-0-dev" + }, + { + cipher_key_secret_id = "mpc-cipher-1-dev" + sk_share_secret_id = "mpc-sk-share-1-dev" + }, + { + cipher_key_secret_id = "mpc-cipher-2-dev" + sk_share_secret_id = "mpc-sk-share-2-dev" + } +] +jwt_signature_pk_url = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com" +otlp_endpoint = "https://otel.dev.api.pagoda.co:443/v1/traces" +opentelemetry_level = "debug" \ No newline at end of file diff --git a/infra/mpc-recovery-prod/main.tf b/infra/mpc-recovery-prod/main.tf index 637b7f769..3983c81b3 100644 --- a/infra/mpc-recovery-prod/main.tf +++ b/infra/mpc-recovery-prod/main.tf @@ -1,6 +1,6 @@ terraform { backend "gcs" { - bucket = "mpc-recovery-terraform-prod" + bucket = "near-multichain-state-mainnet" prefix = "state/mpc-recovery" } @@ -13,9 +13,6 @@ terraform { } locals { - credentials = var.credentials != null ? var.credentials : file(var.credentials_file) - client_email = jsondecode(local.credentials).client_email - client_id = jsondecode(local.credentials).client_id workspace = { near_rpc = "https://rpc.mainnet.near.org" @@ -28,7 +25,6 @@ data "external" "git_checkout" { } provider "google" { - credentials = local.credentials project = var.project region = var.region @@ -43,14 +39,14 @@ resource "google_service_account" "service_account" { display_name = "MPC Recovery mainnet Account" } -resource "google_service_account_iam_binding" "serivce-account-iam" { - service_account_id = google_service_account.service_account.name - role = "roles/iam.serviceAccountUser" +# resource "google_service_account_iam_binding" "serivce-account-iam" { +# service_account_id = google_service_account.service_account.name +# role = "roles/iam.serviceAccountUser" - members = [ - "serviceAccount:${local.client_email}" - ] -} +# members = [ +# "serviceAccount:${local.client_email}" +# ] +# } resource "google_project_iam_member" "service-account-datastore-user" { project = var.project @@ -91,11 +87,11 @@ resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_ac module "mpc-leader-lb-mainnet" { source = "../modules/internal_cloudrun_lb" - name = "mpc-prod-leader-mainnet" + name = "mpc-leader-mainnet" network_id = data.google_compute_network.prod_network.id subnetwork_id = data.google_compute_subnetwork.prod_subnetwork.id project_id = var.project - region = "us-east1" + region = var.region service_name = "mpc-recovery-leader-mainnet" } diff --git a/infra/mpc-recovery-prod/variables.tf b/infra/mpc-recovery-prod/variables.tf index 80a9b7106..27a64875e 100644 --- a/infra/mpc-recovery-prod/variables.tf +++ b/infra/mpc-recovery-prod/variables.tf @@ -1,20 +1,16 @@ variable "project" { } -variable "credentials_file" { - default = null -} - variable "credentials" { default = null } variable "region" { - default = "us-east1" + default = "europe-west1" } variable "zone" { - default = "us-east1-c" + default = "europe-west1-b" } variable "docker_image" { @@ -48,18 +44,18 @@ variable "signer_configs" { } variable "prod-connector" { - default = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/prod-us-east1-connector" + default = "projects/sig-shared-network/locations/europe-west1/connectors/prod-eu-west1-connector" } data "google_compute_subnetwork" "prod_subnetwork" { - name = "cloudrun-main-prod-us-east1" - project = "pagoda-shared-infrastructure" - region = "us-east1" + name = "cloudrun-main-prod-europe-west1" + project = "sig-shared-network" + region = "europe-west1" } data "google_compute_network" "prod_network" { name = "prod" - project = "pagoda-shared-infrastructure" + project = "sig-shared-network" } variable "jwt_signature_pk_url" { @@ -73,3 +69,7 @@ variable "otlp_endpoint" { variable "opentelemetry_level" { type = string } + +variable "env" { + type = string +} \ No newline at end of file diff --git a/infra/mpc-recovery-testnet/main.tf b/infra/mpc-recovery-testnet/main.tf index 3e8f58f28..a42b7a196 100644 --- a/infra/mpc-recovery-testnet/main.tf +++ b/infra/mpc-recovery-testnet/main.tf @@ -1,7 +1,7 @@ terraform { backend "gcs" { - bucket = "mpc-recovery-terraform-prod" - prefix = "state/mpc-recovery" + bucket = "near-multichain-state-testnet" + prefix = "state/mpc-recovery-testnet" } required_providers { @@ -13,9 +13,6 @@ terraform { } locals { - credentials = var.credentials != null ? var.credentials : file(var.credentials_file) - client_email = jsondecode(local.credentials).client_email - client_id = jsondecode(local.credentials).client_id workspace = { near_rpc = "https://rpc.testnet.near.org" @@ -28,7 +25,6 @@ data "external" "git_checkout" { } provider "google" { - credentials = local.credentials project = var.project region = var.region @@ -43,14 +39,14 @@ resource "google_service_account" "service_account" { display_name = "MPC Recovery testnet Account" } -resource "google_service_account_iam_binding" "serivce-account-iam" { - service_account_id = google_service_account.service_account.name - role = "roles/iam.serviceAccountUser" +# resource "google_service_account_iam_member" "serivce-account-iam" { +# service_account_id = google_service_account.service_account.name +# role = "roles/iam.serviceAccountUser" - members = [ - "serviceAccount:${local.client_email}", - ] -} +# member = [ +# "serviceAccount:${google_service_account.service_account.email}", +# ] +# } resource "google_project_iam_member" "service-account-datastore-user" { project = var.project @@ -91,11 +87,11 @@ resource "google_secret_manager_secret_iam_member" "fast_auth_partners_secret_ac module "mpc-leader-lb-testnet" { source = "../modules/internal_cloudrun_lb" - name = "mpc-prod-leader-testnet" + name = "mpc-leader-testnet" network_id = data.google_compute_network.prod_network.id subnetwork_id = data.google_compute_subnetwork.prod_subnetwork.id project_id = var.project - region = "us-east1" + region = "europe-west1" service_name = "mpc-recovery-leader-testnet" } diff --git a/infra/mpc-recovery-testnet/variables.tf b/infra/mpc-recovery-testnet/variables.tf index 80a9b7106..33b135e6f 100644 --- a/infra/mpc-recovery-testnet/variables.tf +++ b/infra/mpc-recovery-testnet/variables.tf @@ -1,4 +1,5 @@ variable "project" { + default = "near-cs-testnet" } variable "credentials_file" { @@ -10,11 +11,11 @@ variable "credentials" { } variable "region" { - default = "us-east1" + default = "europe-west1" } variable "zone" { - default = "us-east1-c" + default = "europe-west1-b" } variable "docker_image" { @@ -48,18 +49,18 @@ variable "signer_configs" { } variable "prod-connector" { - default = "projects/pagoda-shared-infrastructure/locations/us-east1/connectors/prod-us-east1-connector" + default = "projects/sig-shared-network/locations/europe-west1/connectors/prod-eu-west1-connector" } data "google_compute_subnetwork" "prod_subnetwork" { - name = "cloudrun-main-prod-us-east1" - project = "pagoda-shared-infrastructure" - region = "us-east1" + name = "cloudrun-main-prod-europe-west1" + project = "sig-shared-network" + region = "europe-west1" } data "google_compute_network" "prod_network" { name = "prod" - project = "pagoda-shared-infrastructure" + project = "sig-shared-network" } variable "jwt_signature_pk_url" { diff --git a/infra/multichain-dev/main.tf b/infra/multichain-dev/main.tf index bacfe3e39..d88ff6660 100644 --- a/infra/multichain-dev/main.tf +++ b/infra/multichain-dev/main.tf @@ -18,9 +18,16 @@ module "gce-container" { container = { image = "europe-west1-docker.pkg.dev/near-cs-dev/multichain-public/multichain-dev:latest" - args = ["start"] port = "3000" + volumeMounts = [ + { + mountPath = "/data" + name = "host-path" + readOnly = false + } + ] + env = concat(var.static_env, [ { name = "MPC_NODE_ID" @@ -65,9 +72,22 @@ module "gce-container" { { name = "MPC_ENV", value = var.env + }, + { + name = "MPC_REDIS_URL", + value = var.redis_url } ]) } + + volumes = [ + { + name = "host-path" + hostPath = { + path = "/var/redis" + } + } + ] } resource "google_service_account" "service_account" { diff --git a/infra/multichain-dev/variables.tf b/infra/multichain-dev/variables.tf index b98d919f7..e70237d69 100644 --- a/infra/multichain-dev/variables.tf +++ b/infra/multichain-dev/variables.tf @@ -123,3 +123,8 @@ variable "static_env" { } ] } + +variable "redis_url" { + type = string + default = "redis://127.0.0.1:6379" +} diff --git a/infra/multichain-mainnet/main.tf b/infra/multichain-mainnet/main.tf index b32d60a4d..d0af8c538 100644 --- a/infra/multichain-mainnet/main.tf +++ b/infra/multichain-mainnet/main.tf @@ -4,6 +4,10 @@ provider "google" { provider "google-beta" { project = var.project_id } +resource "google_compute_project_metadata_item" "project_logging" { + key = "google-logging-enabled" + value = "true" +} module "gce-container" { count = length(var.node_configs) source = "terraform-google-modules/container-vm/google" diff --git a/infra/multichain-mainnet/variables.tf b/infra/multichain-mainnet/variables.tf index 7669119a8..0cbf4c800 100644 --- a/infra/multichain-mainnet/variables.tf +++ b/infra/multichain-mainnet/variables.tf @@ -101,7 +101,7 @@ variable "static_env" { }, { name = "MPC_INDEXER_START_BLOCK_HEIGHT" - value = 124092099 + value = 131590539 }, { name = "AWS_DEFAULT_REGION" From b7dc0e8a4e50179fc0433e5d950f188be927918f Mon Sep 17 00:00:00 2001 From: auto-mausx Date: Tue, 5 Nov 2024 11:06:38 -0700 Subject: [PATCH 3/4] update block height --- infra/multichain-dev/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/multichain-dev/variables.tf b/infra/multichain-dev/variables.tf index e70237d69..86351c15a 100644 --- a/infra/multichain-dev/variables.tf +++ b/infra/multichain-dev/variables.tf @@ -99,7 +99,7 @@ variable "static_env" { }, { name = "MPC_INDEXER_START_BLOCK_HEIGHT" - value = 177673773 + value = 178736306 }, { name = "AWS_DEFAULT_REGION" From ed24d205327a710d915113378e07fbe572dc64bb Mon Sep 17 00:00:00 2001 From: auto-mausx Date: Tue, 5 Nov 2024 11:18:40 -0700 Subject: [PATCH 4/4] fixed comments --- chain-signatures/contract/src/lib.rs | 2 +- infra/mpc-recovery-prod/main.tf | 8 -------- infra/mpc-recovery-testnet/main.tf | 8 -------- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/chain-signatures/contract/src/lib.rs b/chain-signatures/contract/src/lib.rs index 7990e8c6f..39740ec73 100644 --- a/chain-signatures/contract/src/lib.rs +++ b/chain-signatures/contract/src/lib.rs @@ -611,7 +611,7 @@ impl VersionedMpcContract { // This function can be used to transfer the MPC network to a new contract. #[private] - #[init(ignore_state)] + #[init] #[handle_result] pub fn init_running( epoch: u64, diff --git a/infra/mpc-recovery-prod/main.tf b/infra/mpc-recovery-prod/main.tf index 3983c81b3..0e76fd5df 100644 --- a/infra/mpc-recovery-prod/main.tf +++ b/infra/mpc-recovery-prod/main.tf @@ -39,14 +39,6 @@ resource "google_service_account" "service_account" { display_name = "MPC Recovery mainnet Account" } -# resource "google_service_account_iam_binding" "serivce-account-iam" { -# service_account_id = google_service_account.service_account.name -# role = "roles/iam.serviceAccountUser" - -# members = [ -# "serviceAccount:${local.client_email}" -# ] -# } resource "google_project_iam_member" "service-account-datastore-user" { project = var.project diff --git a/infra/mpc-recovery-testnet/main.tf b/infra/mpc-recovery-testnet/main.tf index a42b7a196..3314d8ad6 100644 --- a/infra/mpc-recovery-testnet/main.tf +++ b/infra/mpc-recovery-testnet/main.tf @@ -39,14 +39,6 @@ resource "google_service_account" "service_account" { display_name = "MPC Recovery testnet Account" } -# resource "google_service_account_iam_member" "serivce-account-iam" { -# service_account_id = google_service_account.service_account.name -# role = "roles/iam.serviceAccountUser" - -# member = [ -# "serviceAccount:${google_service_account.service_account.email}", -# ] -# } resource "google_project_iam_member" "service-account-datastore-user" { project = var.project