d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
07d9ce4876acf7f9851b4fe3dda32d50f0e95e3e
smom-dbis-138/docs/operations/status-reports/REVIEW_RBAC.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

45 lines
1023 B
Markdown
Raw Blame History

# RBAC Review
## Overview
RBAC (Role-Based Access Control) has been configured for the besu-network namespace.
## Service Accounts Created
1. **besu-validator** - For validator pods
2. **besu-sentry** - For sentry pods
3. **besu-rpc** - For RPC pods
4. **oracle-publisher** - For oracle publisher service
5. **rpc-gateway** - For RPC gateway
## Roles Created
### keyvault-reader
- **Purpose**: Read secrets from Azure Key Vault
- **Permissions**: get, list secrets
- **Scope**: besu-network namespace
## RoleBindings Created
1. **validator-keyvault-reader** - Binds validator service account to keyvault-reader role
2. **oracle-keyvault-reader** - Binds oracle publisher service account to keyvault-reader role
## Validation
Run the validation script:
```bash
./scripts/validation/validate-rbac.sh
```
## Application
Apply RBAC configuration:
```bash
kubectl apply -f k8s/rbac/service-accounts.yaml
```
## Testing
Verify service accounts have correct permissions and pods are using correct service accounts.
Reference in New Issue View Git Blame Copy Permalink