6uild / grafain Goto Github PK
View Code? Open in Web Editor NEWBlockchain based binary authorization and policy server for Kubernetes
Blockchain based binary authorization and policy server for Kubernetes
Is your feature request related to a problem? Please describe.
Start grafain with an embedded Tendermint.
Describe the solution you'd like
Single command with a good default config for local testing.
Additional context
Would be good to also allow current config with standalone Tendermint and socket connection to Grafain.
Acceptance criteria
Is your feature request related to a problem? Please describe.
The original POC supports whitelisted artifacts only. With k-rail policies a richer set of additional rules can be easily added that cover real world constraints when operating k8s environments.
Describe the solution you'd like
Add all policies for
Is your feature request related to a problem? Please describe.
Anybody new to the project should get a quick overview and understand what it does and how to use it.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
Acceptance criteria
TBD
Is your feature request related to a problem? Please describe.
I want to set a list of artifacts already on chain startup so that I do not have to set them manually via TX.
Describe the solution you'd like
Use weave.Initializers.
Describe alternatives you've considered
Additional context
Acceptance criteria
Is your feature request related to a problem? Please describe.
As a visitor interested in Grafain, I want a simple way to see the artifacts configurations stored so that I can use them in my test cluster
Describe the solution you'd like
Simple dashboard which lists the last 30 artifacts.
Describe alternatives you've considered
This functionality is available via ./grafaincli query -path=/artifacts
Additional context
Acceptance criteria
Is your feature request related to a problem? Please describe.
When I want to run a fullnode for integration tests on a codec package for example, I do not want to deal with any admission hook related k8s config.
Describe the solution you'd like
Add a new --no-admission-hook
flag to disable all the hook related setup and validation.
Describe alternatives you've considered
Splitting fullnode and webhook into 2 binaries. They could still be deployed into the same pod for data safety. But this conflicts with #12 .
Additional context
Codec tests run with a local grafain, tendermint instance for integration tests.
Acceptance criteria
Is your feature request related to a problem? Please describe.
In order to manage artifact ownership for a dynamic group of people, I want a simple way to add/remove individuals to a Group or Role. Membership in the associated group/ role should be enough at this stage to allow full access. Fine grained permissions are off scope at this stage and will be addressed in a new issue when required.
Describe the solution you'd like
Any solution should contain:
Describe alternatives you've considered
Equal weight MultiSig with threshold of 1. We can not store metadata like name/ email with this.
Additional context
Acceptance criteria
Is your feature request related to a problem? Please describe.
Replace current build steps with Gitian based environment.
Describe the solution you'd like
The build process should create and upload:
Describe alternatives you've considered
Additional context
See https://github.com/iov-one/weave/tree/master/contrib
Acceptance criteria
Gitian built artifacts are uploaded to github release page.
Is your feature request related to a problem? Please describe.
Webhook and backend app may access the DB at the same time and must not cause locks.
Describe the solution you'd like
Concurrent Reads by Webhook and backend.
Describe alternatives you've considered
Additional context
May fail with Iterators
Acceptance criteria
Is your feature request related to a problem? Please describe.
The cli store the key unencrypted on the disk.
grafaincli mnemonic | ./grafaincli keygen -key $(pwd)/my_grafain.key # create a new private key
Describe the solution you'd like
Instead of persisting the private key on disk the cli should receive it from a key manager on grafaincli sign
Describe alternatives you've considered
Additional context
Some existing solutions that may be useful:
https://github.com/99designs/keyring
https://github.com/zalando/go-keyring
Acceptance criteria
Is your feature request related to a problem? Please describe.
As a showcase for CD, instrument the travisCI build to also sign and push the metadata to ๐ถnet.
Describe the solution you'd like
On build branches: TravisCI uses the grafainCLI to push the sha256 digest for the artifact to a running testnet. (๐ถ)
Describe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
While Grafain implements the ABCI interface it requires Tendermint to do the consensus. The Kubernetes example manifests were not updated when Weave was integrated to this project.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
See [iov-devnets][https://github.com/iov-one/devnet-operations] where we did this already.
Acceptance criteria
I can follow the doc and start a validator on my local box within minikube.
Is your feature request related to a problem? Please describe.
A full end-to-end test scenario.
Describe the solution you'd like
A scenario test in Go acts as admission controller and client to the grafain webhook.
A grafain stack is handling it including Tendermint setup.
Describe alternatives you've considered
Docker compose
Additional context
May reuse any grafainCli code if exists already
Acceptance criteria
Hits the full stack.
Is your feature request related to a problem? Please describe.
A command line client binary that can be used to:
Describe the solution you'd like
Binary artifacts shipped via github release page
Describe alternatives you've considered
Additional context
Add any other context or screenshots about the feature request here.
Acceptance criteria
TBD
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.