Break ground on the GCP implementation (#29)

cmd/example-gcp/main.go

@@ -17,21 +17,36 @@
 package main
 
 import (
+	"context"
 	"crypto/sha256"
 	"flag"
 	"io"
 	"net/http"
+	"os"
 
 	tessera "github.com/transparency-dev/trillian-tessera"
 	"github.com/transparency-dev/trillian-tessera/storage/gcp"
 	"k8s.io/klog/v2"
 )
 
+var (
+	bucket  = flag.String("bucket", "", "Bucket to use for storing log")
+	listen  = flag.String("listen", ":2024", "Address:port to listen on")
+	project = flag.String("project", os.Getenv("GOOGLE_CLOUD_PROJECT"), "GCP Project, take from env if unset")
+	spanner = flag.String("spanner", "", "Spanner resource URI ('projects/.../...')")
+)
+
 func main() {
 	klog.InitFlags(nil)
 	flag.Parse()
+	ctx := context.Background()
 
-	_, err := gcp.New()
+	gcpCfg := gcp.Config{
+		ProjectID: *project,
+		Bucket:    *bucket,
+		Spanner:   *spanner,
+	}
+	_, err := gcp.New(ctx, gcpCfg)
 	if err != nil {
 		klog.Exitf("Failed to create new GCP storage: %v", err)
 	}
@@ -49,4 +64,8 @@ func main() {
 
 		// TODO: Add entry to log and return assigned index.
 	})
+
+	if err := http.ListenAndServe(*listen, http.DefaultServeMux); err != nil {
+		klog.Exitf("ListenAndServe: %v", err)
+	}
 }

deployment/live/example-gcp/terragrunt.hcl

@@ -0,0 +1,28 @@
+terraform {
+  source = "${get_repo_root()}/deployment/modules/gcs"
+}
+
+locals {
+  project_id = "trillian-tessera"
+  location   = "us-central1"
+  base_name   = "example-gcp"
+}
+
+inputs = merge(
+  local,
+  {}
+)
+
+remote_state {
+  backend = "gcs"
+
+  config = {
+    project  = local.project_id
+    location = local.location
+    bucket   = "${local.project_id}-${local.base_name}-terraform-state"
+
+    gcs_bucket_labels = {
+      name  = "terraform_state_storage"
+    }
+  }
+}

deployment/modules/gcs/main.tf

@@ -0,0 +1,77 @@
+terraform {
+  backend "gcs" {}
+}
+
+# Services
+resource "google_project_service" "serviceusage_googleapis_com" {
+  service            = "serviceusage.googleapis.com"
+  disable_on_destroy = false
+}
+resource "google_project_service" "storage_api_googleapis_com" {
+  service            = "storage-api.googleapis.com"
+  disable_on_destroy = false
+}
+resource "google_project_service" "storage_component_googleapis_com" {
+  service            = "storage-component.googleapis.com"
+  disable_on_destroy = false
+}
+resource "google_project_service" "storage_googleapis_com" {
+  service            = "storage.googleapis.com"
+  disable_on_destroy = false
+}
+
+## Resources
+
+# Service accounts
+
+resource "google_service_account" "log_writer" {
+  account_id   = "${var.base_name}-writer"
+  display_name = "Transparency log writer service account"
+}
+
+
+# Buckets
+
+resource "google_storage_bucket" "log_bucket" {
+  name                        = "${var.project_id}-${var.base_name}-bucket"
+  location                    = var.location
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_iam_binding" "log_bucket_writer" {
+  bucket = google_storage_bucket.log_bucket.name
+  role   = "roles/storage.legacyBucketWriter"
+  members = [
+    google_service_account.log_writer.member
+  ]
+}
+
+# Spanner
+
+resource "google_spanner_instance" "log_spanner" {
+  name             = var.base_name
+  config           = "regional-${var.location}"
+  display_name     = "${var.base_name} Spanner Instance"
+  processing_units = 100
+}
+
+resource "google_spanner_database" "log_db" {
+  instance = google_spanner_instance.log_spanner.name
+  name     = "${var.base_name}-db"
+  ddl = [
+    "CREATE TABLE SeqCoord (id INT64 NOT NULL, next INT64 NOT NULL,) PRIMARY KEY (id)",
+    "CREATE TABLE Seq (id INT64 NOT NULL, seq INT64 NOT NULL, v BYTES(MAX),) PRIMARY KEY (id, seq)",
+    "CREATE TABLE IntCoord (id INT64 NOT NULL, seq INT64 NOT NULL,) PRIMARY KEY (id)",
+  ]
+}
+
+resource "google_spanner_database_iam_binding" "database" {
+  instance = google_spanner_instance.log_spanner.name
+  database = google_spanner_database.log_db.name
+  role     = "roles/spanner.databaseUser"
+
+  members = [
+    google_service_account.log_writer.member
+  ]
+}

deployment/modules/gcs/outputs.tf

@@ -0,0 +1,9 @@
+output "log_bucket" {
+  description = "Log GCS bucket"
+  value       = google_storage_bucket.log_bucket
+}
+
+output "log_spanner" {
+  description = "Log Spanner database"
+  value       = google_spanner_database.log_db
+}

deployment/modules/gcs/variables.tf

@@ -0,0 +1,14 @@
+variable "project_id" {
+  description = "GCP project ID where the log is hosted"
+  type        = string
+}
+
+variable "base_name" {
+  description = "Base name to use when naming resources"
+  type        = string
+}
+
+variable "location" {
+  description = "Location in which to create resources"
+  type        = string
+}

go.mod

@@ -3,8 +3,51 @@ module github.com/transparency-dev/trillian-tessera
 go 1.22.5
 
 require (
+	cloud.google.com/go/spanner v1.63.0
+	cloud.google.com/go/storage v1.42.0
 	github.com/transparency-dev/merkle v0.0.2
+	google.golang.org/api v0.183.0
+	google.golang.org/grpc v1.64.0
 	k8s.io/klog/v2 v2.130.1
 )
 
-require github.com/go-logr/logr v1.4.1 // indirect
+require (
+	cloud.google.com/go v0.114.0 // indirect
+	cloud.google.com/go/auth v0.5.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/iam v1.1.8 // indirect
+	github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 // indirect
+	github.com/envoyproxy/go-control-plane v0.12.0 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.4 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+	google.golang.org/genproto v0.0.0-20240528184218-531527333157 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+)