1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
1023 B
1023 B
RBAC Review
Overview
RBAC (Role-Based Access Control) has been configured for the besu-network namespace.
Service Accounts Created
- besu-validator - For validator pods
- besu-sentry - For sentry pods
- besu-rpc - For RPC pods
- oracle-publisher - For oracle publisher service
- rpc-gateway - For RPC gateway
Roles Created
keyvault-reader
- Purpose: Read secrets from Azure Key Vault
- Permissions: get, list secrets
- Scope: besu-network namespace
RoleBindings Created
- validator-keyvault-reader - Binds validator service account to keyvault-reader role
- oracle-keyvault-reader - Binds oracle publisher service account to keyvault-reader role
Validation
Run the validation script:
./scripts/validation/validate-rbac.sh
Application
Apply RBAC configuration:
kubectl apply -f k8s/rbac/service-accounts.yaml
Testing
Verify service accounts have correct permissions and pods are using correct service accounts.