scripts/deployment/update-rpc-security.sh

#!/usr/bin/env bash
# Update RPC Security Configuration
# Run this after DNS is configured to restrict CORS and host allowlist

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"


log_info "=== Updating RPC Security Configuration ==="

# Default domains (update these after DNS deployment)
RPC_DOMAINS=(
    "https://rpc.d-bis.org"
    "https://rpc2.d-bis.org"
    "https://explorer.d-bis.org"
)

RPC_HOSTS=(
    "rpc.d-bis.org"
    "rpc2.d-bis.org"
    "localhost"
    "127.0.0.1"
)

echo "Updating RPC security with domains: ${RPC_DOMAINS[*]}"

# Update config/rpc/besu-config.toml
if [ -f "config/rpc/besu-config.toml" ]; then
    # Create CORS array string
    CORS_STR=$(printf '"%s",' "${RPC_DOMAINS[@]}" | sed 's/,$//')
    CORS_STR="[$CORS_STR]"
    
    # Create host allowlist string
    HOSTS_STR=$(printf '"%s",' "${RPC_HOSTS[@]}" | sed 's/,$//')
    HOSTS_STR="[$HOSTS_STR]"
    
    # Update CORS
    sed -i "s|rpc-http-cors-origins=\[\".*\"\]|rpc-http-cors-origins=$CORS_STR|g" config/rpc/besu-config.toml
    sed -i "s|rpc-ws-origins=\[\".*\"\]|rpc-ws-origins=$CORS_STR|g" config/rpc/besu-config.toml
    
    # Update host allowlist
    sed -i "s|rpc-http-host-allowlist=\[.*\]|rpc-http-host-allowlist=$HOSTS_STR|g" config/rpc/besu-config.toml
    
    log_success "✅ Updated config/rpc/besu-config.toml"
fi

# Update k8s/base/rpc/statefulset.yaml
if [ -f "k8s/base/rpc/statefulset.yaml" ]; then
    CORS_STR=$(printf '"%s",' "${RPC_DOMAINS[@]}" | sed 's/,$//')
    CORS_STR="[$CORS_STR]"
    HOSTS_STR=$(printf '"%s",' "${RPC_HOSTS[@]}" | sed 's/,$//')
    HOSTS_STR="[$HOSTS_STR]"
    
    sed -i "s|rpc-http-cors-origins=\[\".*\"\]|rpc-http-cors-origins=$CORS_STR|g" k8s/base/rpc/statefulset.yaml
    sed -i "s|rpc-ws-origins=\[\".*\"\]|rpc-ws-origins=$CORS_STR|g" k8s/base/rpc/statefulset.yaml
    sed -i "s|rpc-http-host-allowlist=\[.*\]|rpc-http-host-allowlist=$HOSTS_STR|g" k8s/base/rpc/statefulset.yaml
    
    log_success "✅ Updated k8s/base/rpc/statefulset.yaml"
fi

# Update helm/besu-network/values-rpc.yaml
if [ -f "helm/besu-network/values-rpc.yaml" ]; then
    CORS_STR=$(printf '    - "%s"\n' "${RPC_DOMAINS[@]}" | sed 's|https://||g')
    HOSTS_STR=$(printf '    - "%s"\n' "${RPC_HOSTS[@]}")
    
    # Note: Helm values use YAML array format
    log_warn "⚠️  Helm values need manual update (YAML format)"
    echo "Update helm/besu-network/values-rpc.yaml:"
    echo "  corsOrigins:"
    for domain in "${RPC_DOMAINS[@]}"; do
        echo "    - \"$domain\"
    done
    echo "  hostAllowlist:"
    for host in "${RPC_HOSTS[@]}"; do
        echo "    - \"$host\"
    done
fi

log_success "✅ RPC security configuration updated"
log_warn "Note: Restart RPC pods after updating configuration"
Add Oracle Aggregator and CCIP Integration - Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts. 2025-12-12 14:57:48 -08:00			`#!/usr/bin/env bash`
			`# Update RPC Security Configuration`
			`# Run this after DNS is configured to restrict CORS and host allowlist`

			`set -e`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`source "$SCRIPT_DIR/../lib/init.sh"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"`
			`cd "$PROJECT_ROOT"`


			`log_info "=== Updating RPC Security Configuration ==="`

			`# Default domains (update these after DNS deployment)`
			`RPC_DOMAINS=(`
			`"https://rpc.d-bis.org"`
			`"https://rpc2.d-bis.org"`
			`"https://explorer.d-bis.org"`
			`)`

			`RPC_HOSTS=(`
			`"rpc.d-bis.org"`
			`"rpc2.d-bis.org"`
			`"localhost"`
			`"127.0.0.1"`
			`)`

			`echo "Updating RPC security with domains: ${RPC_DOMAINS[*]}"`

			`# Update config/rpc/besu-config.toml`
			`if [ -f "config/rpc/besu-config.toml" ]; then`
			`# Create CORS array string`
			`CORS_STR=$(printf '"%s",' "${RPC_DOMAINS[@]}" \| sed 's/,$//')`
			`CORS_STR="[$CORS_STR]"`

			`# Create host allowlist string`
			`HOSTS_STR=$(printf '"%s",' "${RPC_HOSTS[@]}" \| sed 's/,$//')`
			`HOSTS_STR="[$HOSTS_STR]"`

			`# Update CORS`
			`sed -i "s\|rpc-http-cors-origins=\[\".*\"\]\|rpc-http-cors-origins=$CORS_STR\|g" config/rpc/besu-config.toml`
			`sed -i "s\|rpc-ws-origins=\[\".*\"\]\|rpc-ws-origins=$CORS_STR\|g" config/rpc/besu-config.toml`

			`# Update host allowlist`
			`sed -i "s\|rpc-http-host-allowlist=\[.*\]\|rpc-http-host-allowlist=$HOSTS_STR\|g" config/rpc/besu-config.toml`

			`log_success "✅ Updated config/rpc/besu-config.toml"`
			`fi`

			`# Update k8s/base/rpc/statefulset.yaml`
			`if [ -f "k8s/base/rpc/statefulset.yaml" ]; then`
			`CORS_STR=$(printf '"%s",' "${RPC_DOMAINS[@]}" \| sed 's/,$//')`
			`CORS_STR="[$CORS_STR]"`
			`HOSTS_STR=$(printf '"%s",' "${RPC_HOSTS[@]}" \| sed 's/,$//')`
			`HOSTS_STR="[$HOSTS_STR]"`

			`sed -i "s\|rpc-http-cors-origins=\[\".*\"\]\|rpc-http-cors-origins=$CORS_STR\|g" k8s/base/rpc/statefulset.yaml`
			`sed -i "s\|rpc-ws-origins=\[\".*\"\]\|rpc-ws-origins=$CORS_STR\|g" k8s/base/rpc/statefulset.yaml`
			`sed -i "s\|rpc-http-host-allowlist=\[.*\]\|rpc-http-host-allowlist=$HOSTS_STR\|g" k8s/base/rpc/statefulset.yaml`

			`log_success "✅ Updated k8s/base/rpc/statefulset.yaml"`
			`fi`

			`# Update helm/besu-network/values-rpc.yaml`
			`if [ -f "helm/besu-network/values-rpc.yaml" ]; then`
			`CORS_STR=$(printf ' - "%s"\n' "${RPC_DOMAINS[@]}" \| sed 's\|https://\|\|g')`
			`HOSTS_STR=$(printf ' - "%s"\n' "${RPC_HOSTS[@]}")`

			`# Note: Helm values use YAML array format`
			`log_warn "⚠️ Helm values need manual update (YAML format)"`
			`echo "Update helm/besu-network/values-rpc.yaml:"`
			`echo " corsOrigins:"`
			`for domain in "${RPC_DOMAINS[@]}"; do`
			`echo " - \"$domain\"`
			`done`
			`echo " hostAllowlist:"`
			`for host in "${RPC_HOSTS[@]}"; do`
			`echo " - \"$host\"`
			`done`
			`fi`

			`log_success "✅ RPC security configuration updated"`
			`log_warn "Note: Restart RPC pods after updating configuration"`