fixes

transparency-dev · Jul 4, 2024 · 611b55a · 611b55a
1 parent 3f417b5
commit 611b55a
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 19 deletions.
diff --git a/deployment/live/example-gcp/terragrunt.hcl b/deployment/live/example-gcp/terragrunt.hcl
@@ -3,9 +3,9 @@ terraform {
 }
 
 locals {
-  project_id  = "trillian-tessera"
-  location      = "us-central1"
-  base_name = "example-gcs"
+  project_id = "trillian-tessera"
+  location   = "us-central1"
+  base_name   = "example-gcp"
 }
 
 inputs = merge(

diff --git a/deployment/modules/gcs/main.tf b/deployment/modules/gcs/main.tf
@@ -4,16 +4,20 @@ terraform {
 
 # Services
 resource "google_project_service" "serviceusage_googleapis_com" {
-  service = "serviceusage.googleapis.com"
+  service            = "serviceusage.googleapis.com"
+  disable_on_destroy = false
 }
 resource "google_project_service" "storage_api_googleapis_com" {
-  service = "storage-api.googleapis.com"
+  service            = "storage-api.googleapis.com"
+  disable_on_destroy = false
 }
 resource "google_project_service" "storage_component_googleapis_com" {
-  service = "storage-component.googleapis.com"
+  service            = "storage-component.googleapis.com"
+  disable_on_destroy = false
 }
 resource "google_project_service" "storage_googleapis_com" {
-  service = "storage.googleapis.com"
+  service            = "storage.googleapis.com"
+  disable_on_destroy = false
 }
 
 ## Resources
@@ -22,7 +26,7 @@ resource "google_project_service" "storage_googleapis_com" {
 
 resource "google_service_account" "log_writer" {
   account_id   = "${var.base_name}-writer"
-  display_name = "Log writer service account"
+  display_name = "Transparency log writer service account"
 }
 
 

diff --git a/deployment/modules/gcs/outputs.tf b/deployment/modules/gcs/outputs.tf
@@ -2,3 +2,8 @@ output "log_bucket" {
   description = "Log GCS bucket"
   value       = google_storage_bucket.log_bucket
 }
+
+output "log_spanner" {
+  description = "Log Spanner database"
+  value       = google_spanner_database.log_db
+}
diff --git a/storage/gcp/gcp.go b/storage/gcp/gcp.go
@@ -14,15 +14,17 @@
 
 // Package gcp contains a GCP-based storage implementation for Tessera.
 //
+// TODO: decide whether to rename this package.
+//
 // This storage implementation uses GCS for long-term storage and serving of
-// entry bundles and log tiles, and CloudSQL for coordinating updates to GCS
+// entry bundles and log tiles, and Spanner for coordinating updates to GCS
 // when multiple instances of a personality binary are running.
 //
 // A single GCS bucket is used to hold entry bundles and log internal tiles.
 // The object keys for the bucket are selected so as to conform to the
 // expected layout of a tile-based log.
 //
-// A CloudSQL database provides a transactional mechanism to allow multiple
+// A Spanner database provides a transactional mechanism to allow multiple
 // frontends to safely update the contents of the log.
 package gcp
 
@@ -49,13 +51,12 @@ type Storage struct {
 
 // Config holds GCP project and resource configuration for a storage instance.
 type Config struct {
-	// ProjectID is the GCP project which hosts the storage bucket and CloudSQL database for the log.
+	// ProjectID is the GCP project which hosts the storage bucket and Spanner database for the log.
 	ProjectID string
 	// Bucket is the name of the GCS bucket to use for storing log state.
 	Bucket string
 	// Spanner is the GCP resource URI of the spanner database instance to use.
 	Spanner string
-	// DBUser is the username for accessing the CloudSQL database.
 }
 
 // New creates a new instance of the GCP based Storage.
@@ -70,17 +71,17 @@ func New(ctx context.Context, cfg Config) (*Storage, error) {
 		klog.Exitf("Failed to connect to Spanner: %v", err)
 	}
 
-	if err := initDB(ctx, dbPool); err != nil {
-		return nil, fmt.Errorf("failed to init DB: %v", err)
-	}
-
 	r := &Storage{
 		gcsClient: c,
 		projectID: cfg.ProjectID,
 		bucket:    cfg.Bucket,
 		dbPool:    dbPool,
 	}
 
+	if err := r.initDB(ctx); err != nil {
+		return nil, fmt.Errorf("failed to init DB: %v", err)
+	}
+
 	if exists, err := r.bucketExists(ctx); err != nil {
 		return nil, fmt.Errorf("failed to check whether bucket %q exists: %v", r.bucket, err)
 	} else if !exists {
@@ -105,7 +106,7 @@ func New(ctx context.Context, cfg Config) (*Storage, error) {
 //     Seq into the committed tree state.
 //
 // The database and schema should be created externally, e.g. by terraform.
-func initDB(ctx context.Context, dbPool *spanner.Client) error {
+func (s *Storage) initDB(ctx context.Context) error {
 
 	/* Schema for reference:
 	CREATE TABLE SeqCoord (
@@ -129,10 +130,10 @@ func initDB(ctx context.Context, dbPool *spanner.Client) error {
 	// sequencing and integration to occur.
 	// Note that this will only succeed if no row exists, so there's no danger
 	// of "resetting" an existing log.
-	if _, err := dbPool.Apply(ctx, []*spanner.Mutation{spanner.Insert("SeqCoord", []string{"id", "next"}, []interface{}{0, 0})}); spanner.ErrCode(err) != codes.AlreadyExists {
+	if _, err := s.dbPool.Apply(ctx, []*spanner.Mutation{spanner.Insert("SeqCoord", []string{"id", "next"}, []interface{}{0, 0})}); spanner.ErrCode(err) != codes.AlreadyExists {
 		return err
 	}
-	if _, err := dbPool.Apply(ctx, []*spanner.Mutation{spanner.Insert("IntCoord", []string{"id", "seq"}, []interface{}{0, 0})}); spanner.ErrCode(err) != codes.AlreadyExists {
+	if _, err := s.dbPool.Apply(ctx, []*spanner.Mutation{spanner.Insert("IntCoord", []string{"id", "seq"}, []interface{}{0, 0})}); spanner.ErrCode(err) != codes.AlreadyExists {
 		return err
 	}
 	return nil