From f904e54aa763fd3f4863b3f400901e42746ae2e3 Mon Sep 17 00:00:00 2001 From: Serhii Volovyk Date: Fri, 8 Nov 2024 12:48:52 +0200 Subject: [PATCH] remove datastore users and roles from tf --- chain-signatures/node/src/storage/mod.rs | 2 +- infra/mpc-recovery-dev/main.tf | 6 ------ infra/mpc-recovery-prod/main.tf | 7 ------- infra/mpc-recovery-testnet/main.tf | 7 ------- infra/multichain-dev/main.tf | 1 - infra/multichain-mainnet/main.tf | 2 +- infra/multichain-testnet/main.tf | 1 - infra/partner-mainnet/main.tf | 1 - infra/partner-testnet/main.tf | 1 - integration-tests/chain-signatures/src/containers.rs | 1 + 10 files changed, 3 insertions(+), 26 deletions(-) diff --git a/chain-signatures/node/src/storage/mod.rs b/chain-signatures/node/src/storage/mod.rs index d4bb21bab..69fee247c 100644 --- a/chain-signatures/node/src/storage/mod.rs +++ b/chain-signatures/node/src/storage/mod.rs @@ -6,7 +6,7 @@ pub mod triple_storage; #[derive(Debug, Clone, clap::Parser)] #[group(id = "storage_options")] pub struct Options { - /// env used to suffix datastore table names to differentiate among environments. + /// env used to differentiate among environments. #[clap(long, env("MPC_ENV"))] pub env: String, /// GCP project ID. diff --git a/infra/mpc-recovery-dev/main.tf b/infra/mpc-recovery-dev/main.tf index 21f2f3d3b..e87873f76 100644 --- a/infra/mpc-recovery-dev/main.tf +++ b/infra/mpc-recovery-dev/main.tf @@ -64,12 +64,6 @@ resource "google_service_account_iam_binding" "serivce-account-iam" { ] } -resource "google_project_iam_member" "service-account-datastore-user" { - project = var.project - role = "roles/datastore.user" - member = "serviceAccount:${google_service_account.service_account.email}" -} - /* * Ensure service account has access to Secret Manager variables */ diff --git a/infra/mpc-recovery-prod/main.tf b/infra/mpc-recovery-prod/main.tf index 0e76fd5df..a62ea69fd 100644 --- a/infra/mpc-recovery-prod/main.tf +++ b/infra/mpc-recovery-prod/main.tf @@ -39,13 +39,6 @@ resource "google_service_account" "service_account" { display_name = "MPC Recovery mainnet Account" } - -resource "google_project_iam_member" "service-account-datastore-user" { - project = var.project - role = "roles/datastore.user" - member = "serviceAccount:${google_service_account.service_account.email}" -} - /* * Ensure service account has access to Secret Manager variables */ diff --git a/infra/mpc-recovery-testnet/main.tf b/infra/mpc-recovery-testnet/main.tf index 3314d8ad6..0ba4b909f 100644 --- a/infra/mpc-recovery-testnet/main.tf +++ b/infra/mpc-recovery-testnet/main.tf @@ -39,13 +39,6 @@ resource "google_service_account" "service_account" { display_name = "MPC Recovery testnet Account" } - -resource "google_project_iam_member" "service-account-datastore-user" { - project = var.project - role = "roles/datastore.user" - member = "serviceAccount:${google_service_account.service_account.email}" -} - /* * Ensure service account has access to Secret Manager variables */ diff --git a/infra/multichain-dev/main.tf b/infra/multichain-dev/main.tf index e78ece0f5..c4d7843a5 100644 --- a/infra/multichain-dev/main.tf +++ b/infra/multichain-dev/main.tf @@ -98,7 +98,6 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", "roles/secretmanager.admin", "roles/storage.objectAdmin", "roles/iam.serviceAccountAdmin", diff --git a/infra/multichain-mainnet/main.tf b/infra/multichain-mainnet/main.tf index d0af8c538..ad8c4fbf0 100644 --- a/infra/multichain-mainnet/main.tf +++ b/infra/multichain-mainnet/main.tf @@ -74,7 +74,7 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", + "roles/.user", "roles/secretmanager.admin", "roles/storage.objectAdmin", "roles/iam.serviceAccountAdmin", diff --git a/infra/multichain-testnet/main.tf b/infra/multichain-testnet/main.tf index 27b6a032e..c7c3f00ff 100644 --- a/infra/multichain-testnet/main.tf +++ b/infra/multichain-testnet/main.tf @@ -78,7 +78,6 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", "roles/secretmanager.admin", "roles/storage.objectAdmin", "roles/iam.serviceAccountAdmin", diff --git a/infra/partner-mainnet/main.tf b/infra/partner-mainnet/main.tf index 8f15b1bb0..2c6127a06 100644 --- a/infra/partner-mainnet/main.tf +++ b/infra/partner-mainnet/main.tf @@ -75,7 +75,6 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", "roles/secretmanager.admin", "roles/storage.objectAdmin", "roles/iam.serviceAccountAdmin", diff --git a/infra/partner-testnet/main.tf b/infra/partner-testnet/main.tf index 28367b919..9facd23e8 100644 --- a/infra/partner-testnet/main.tf +++ b/infra/partner-testnet/main.tf @@ -75,7 +75,6 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", "roles/secretmanager.admin", "roles/storage.objectAdmin", "roles/iam.serviceAccountAdmin", diff --git a/integration-tests/chain-signatures/src/containers.rs b/integration-tests/chain-signatures/src/containers.rs index 3ee76f161..d1e96e883 100644 --- a/integration-tests/chain-signatures/src/containers.rs +++ b/integration-tests/chain-signatures/src/containers.rs @@ -562,6 +562,7 @@ impl Default for DockerClient { } } +// TODO: remove or rename this struct and other mentions of datastore pub struct Datastore<'a> { pub container: Container<'a, GenericImage>, pub address: String,