NEW FEATURES:
- Backup / Restore scripts created for Vault Raft Data
- Creation of the gen_overrides.sh script
REFACTOR:
- updated
VERSION
file to0.0.7
- Regionalized SSD Persistent Data Volumes for Vault Raft Data
- Vault Auditing is now enabled
- Fix Vault Raft Peering
- Replaced the Custom Vault Helm Chart with the officially supported Helm Chart from Hashicorp
- Nonce refactored to be passed in
- Only --build on test
NEW FEATURES:
- GCP KMS-based Auto Unseal
- Raft-based Vault Backend
- Enable GCR and KMS in the Vault GCP project with service accounts
- CircleCI config to push
omgnetwork/vault
images into GCR
REFACTOR:
- updated
VERSION
file to0.0.6
- removal of the unsealer Vault server
- clean Helm and Kubernetes from the infrastructure Terraform scripts
- Helm and GCP are now separate deployments
- cleaned firewall rules in the Vault infrastructure Terraform scripts
- use golang 1.14 as the builder
- stopped using
-dev
mode - use file backend to support snapshotting-
unseal.json
holds the keys - the Vault data is at
/vault/config/data
-
- Update to github.com/ethereum/go-ethereum v1.9.16
- Removed redundant types from array, slice or map composite literals.
-
&framework.Path
-
&framework.FieldSchema
-
- Remove
activateChildChain
- Wallet Smoke Test
- Remove test of
activateChildChain
.
- Remove test of
- Re-generate Plasma bindings using v1.9.16
abigen
- Update to hashicorp/vault v1.5.2
- Use official hashicorp/vault helm chart
- Removed the local copy of the helm chart
- Standardize GCP resource names to be of the form omgnetwork-
BUG FIXES:
N/A
NEW FEATURES:
N/A
IMPROVEMENTS:
- Wallet Smoke Test
- Execute test of
activateChildChain
.
- Execute test of
- Re-generate Plasma bindings
BUG FIXES:
N/A
NEW FEATURES:
- Remove Export JSON Keystore
- Add k8s Example in examples/k8s Showing Integration of k8s Clients and Vault
- Uses minikube
- Integrates with existing testbed (
make run
) - Shows steps needed to enable k8s auth in Vault
IMPROVEMENTS:
- Wallet Smoke Test
- Remove test for Export JSON Keystore from Account
- Document Networking Recommendations
- Refine Plamsa Contract integration
- Remove Set Authority
BUG FIXES:
- Removed imports of
gitlab.com/shearline-gateway
NEW FEATURES:
- Implement Plamsa Contract integration
- Submit Block
- Set Authority
- Submit Deposit Block
- Activate Child Chain
- Added Smoke Test for Plasma
- Truffle docker container
- Pull latest from OmiseGO plasma-contracts
- Builds and Deploys
- Integrates with Ganache and Vault in
make run
for full integration test
- Added Docs
- Uses Sphinx and sphinx rtd theme
- Captured high level design Q & A
- Described Vault cluster architecture
IMPROVEMENTS:
- Separated Smoke Tests
- Wallet Smoke Test
- Configure Mount
- Create Wallet (BIP44) Without Mnemonic
- Create Wallet (BIP44) With Mnemonic
- List Wallets
- Create New Account
- Check Account Balance
- Transfer ETH
- Sign Raw TX
- Sign Raw TX (Encoded)
- Export JSON Keystore from Account
- Smoke Test for Whitelisting
- Whitelist Address at an Account
- Whitelist Address at a Wallet
- Whitelist Address Globally
- Smoke Test for Blacklisting
- Blacklist Address at an Account
- Blacklist Address at a Wallet
- Blacklist Address Globally
- Smoke Test for ERC20
- Deploy Contract (FixedSupplyToken)
- Total Token Supply
- Token Balance
- Transfer Token
- Smoke Test for Plasma
- Submit Block
- Set Authority
- Submit Deposit Block
- Activate Child Chain
BUG FIXES:
- N/A
NEW FEATURES:
- Demonstrate Smart Contract integration model
- Compile to ABI
- Generate bindings
- Added support for ERC20
- Deployed ERC20 implementation - FixedSupplyToken
- Implemented all methods in ERC20Interface
IMPROVEMENTS:
- Verified CIS Docker Hardening 1.20 for images where applicable to Dockerfile
- 4.1 Ensure that a user for the container has been created
- 4.2 Ensure that containers use only trusted base images (HashiCorp Vault/Alpine)
- 4.3 Ensure that unnecessary packages are not installed in the container
- 4.4 Ensure images are scanned and rebuilt to include security patches (apk update && apk upgrade added to Dockerfile)
- 4.5 - N/A - Ensure Content trust for Docker is Enabled
- 4.6 Ensure that HEALTHCHECK instructions have been added to container images
- 4.7 Ensure update instructions are not use alone in the Dockerfile - used epoch date for this in dockerfile/makefile
- 4.8 Ensure setuid and setgid permissions are removed (vault user prevents this)
- 4.9 Ensure that COPY is used instead of ADD in Dockerfiles
- 4.10 Ensure secrets are not stored in Dockerfiles
- 4.11 Ensure only verified packages are are installed (using Alpine package manager)
- Smoke Test for transaction signing
- Smoke Test for ERC20
- Deploy Contract
- Read Token Supply
- Read Token Balance
- Transfer Token
- Approve Transfer
BUG FIXES:
- N/A
NEW FEATURES:
- BIP44 implementation: Wallets are constructed from supplied or generated mnemonic. Accounts are derived using index: "m/44'/60'/0'/0/%d"
- Whitelists/Blacklists can be scoped at 3 levels: Global (config), Wallet and/or Account.
- Export JSON keystore using supplied or generated passphrase.
- Gas estimation for contract deployment.
- Golang unit tests
- Smoketest does integration testing against Ganache:
- plugin config
- wallet create/update/read/list
- account create/update/read/list
- account debits
- whitelist/blacklist testing at all levels
- Smoketest will print curl examples for all tests to aid with documentation
- Dockerfile builds plugin and vault image with plugin pre-packaged.
- multistage build reduces image size and attack surface
- plugin built natively for Alpine using musl
- Runs as non-root
vault
user (CIS Docker Benchmark 1.20 - 4.1 Ensure that a user for the container has been created).
- makefile with
docker-build
,run
, andall
targets. - Use docker-compose to build ganache-based development environment for testing
IMPROVEMENTS:
- N/A
BUG FIXES:
- N/A