Consensys · trung · Nov 23, 2018 · Nov 27, 2018 · Dec 5, 2018 · Dec 5, 2018
diff --git a/aws/templates/bastion.tf b/aws/templates/bastion.tf
@@ -1,7 +1,7 @@
 locals {
   default_bastion_resource_name = "${format("quorum-bastion-%s", var.network_name)}"
-  ethstats_docker_image = "puppeth/ethstats:latest"
-  ethstats_port = 3000
+  ethstats_docker_image         = "puppeth/ethstats:latest"
+  ethstats_port                 = 3000
 }
 
 data "aws_ami" "this" {
@@ -44,21 +44,21 @@ resource "random_id" "ethstat_secret" {
 
 resource "tls_private_key" "ssh" {
   algorithm = "RSA"
-  rsa_bits = "2048"
+  rsa_bits  = "2048"
 }
 
 resource "aws_key_pair" "ssh" {
   public_key = "${tls_private_key.ssh.public_key_openssh}"
-  key_name = "${local.default_bastion_resource_name}"
+  key_name   = "${local.default_bastion_resource_name}"
 }
 
 resource "local_file" "private_key" {
   filename = "${path.module}/quorum-${var.network_name}.pem"
-  content = "${tls_private_key.ssh.private_key_pem}"
+  content  = "${tls_private_key.ssh.private_key_pem}"
 }
 
 resource "aws_instance" "bastion" {
-  ami = "${data.aws_ami.this.id}"
+  ami           = "${data.aws_ami.this.id}"
   instance_type = "t2.large"
 
   vpc_security_group_ids = [
@@ -67,10 +67,10 @@ resource "aws_instance" "bastion" {
     "${aws_security_group.bastion-ethstats.id}",
   ]
 
-  subnet_id = "${var.bastion_public_subnet_id}"
+  subnet_id                   = "${var.bastion_public_subnet_id}"
   associate_public_ip_address = "true"
-  key_name = "${aws_key_pair.ssh.key_name}"
-  iam_instance_profile = "${aws_iam_instance_profile.bastion.name}"
+  key_name                    = "${aws_key_pair.ssh.key_name}"
+  iam_instance_profile        = "${aws_iam_instance_profile.bastion.name}"
 
   user_data = <<EOF
 #!/bin/bash
@@ -160,19 +160,19 @@ EOF
 
 resource "null_resource" "bastion_remote_exec" {
   triggers {
-    bastion = "${aws_instance.bastion.public_dns}"
+    bastion             = "${aws_instance.bastion.public_dns}"
     ecs_task_definition = "${aws_ecs_task_definition.quorum.revision}"
-    script = "${md5(local_file.bootstrap.content)}"
+    script              = "${md5(local_file.bootstrap.content)}"
   }
 
   provisioner "remote-exec" {
     script = "${local_file.bootstrap.filename}"
 
     connection {
-      host = "${aws_instance.bastion.public_ip}"
-      user = "ec2-user"
+      host        = "${aws_instance.bastion.public_ip}"
+      user        = "ec2-user"
       private_key = "${tls_private_key.ssh.private_key_pem}"
-      timeout = "10m"
+      timeout     = "10m"
     }
   }
 }
diff --git a/aws/templates/container_definition_bootstrap.tf b/aws/templates/container_definition_bootstrap.tf
@@ -1,9 +1,10 @@
 locals {
-  host_ip_file         = "${local.shared_volume_container_path}/host_ip"
-  task_revision_file   = "${local.shared_volume_container_path}/task_revision"
-  service_file         = "${local.shared_volume_container_path}/service"
+  host_ip_file = "${local.shared_volume_container_path}/host_ip"
+  task_revision_file = "${local.shared_volume_container_path}/task_revision"
+  service_file = "${local.shared_volume_container_path}/service"
   account_address_file = "${local.shared_volume_container_path}/first_account_address"
-  hosts_folder         = "${local.shared_volume_container_path}/hosts"
+  hosts_folder = "${local.shared_volume_container_path}/hosts"
+  genesis_code_file = "${local.shared_volume_container_path}/${local.permissioning_code_file}"
 
   metadata_bootstrap_container_status_file = "${local.shared_volume_container_path}/metadata_bootstrap_container_status"
 
@@ -27,23 +28,23 @@ locals {
   ]
 
   node_key_bootstrap_container_definition = {
-    name      = "${local.node_key_bootstrap_container_name}"
-    image     = "${local.quorum_docker_image}"
+    name = "${local.node_key_bootstrap_container_name}"
+    image = "${local.quorum_docker_image}"
     essential = "false"
 
     logConfiguration = {
       logDriver = "awslogs"
 
       options = {
-        awslogs-group         = "${aws_cloudwatch_log_group.quorum.name}"
-        awslogs-region        = "${var.region}"
+        awslogs-group = "${aws_cloudwatch_log_group.quorum.name}"
+        awslogs-region = "${var.region}"
         awslogs-stream-prefix = "logs"
       }
     }
 
     mountPoints = [
       {
-        sourceVolume  = "${local.shared_volume_name}"
+        sourceVolume = "${local.shared_volume_name}"
         containerPath = "${local.shared_volume_container_path}"
       },
     ]
@@ -55,9 +56,9 @@ locals {
     volumesFrom = []
 
     healthCheck = {
-      interval    = 30
-      retries     = 10
-      timeout     = 60
+      interval = 30
+      retries = 10
+      timeout = 60
       startPeriod = 300
 
       command = [
@@ -144,6 +145,7 @@ EOP
     "aws s3 cp ${local.node_id_file} s3://${local.s3_revision_folder}/nodeids/${local.normalized_host_ip} --sse aws:kms --sse-kms-key-id ${aws_kms_key.bucket.arn}",
     "aws s3 cp ${local.host_ip_file} s3://${local.s3_revision_folder}/hosts/${local.normalized_host_ip} --sse aws:kms --sse-kms-key-id ${aws_kms_key.bucket.arn}",
     "aws s3 cp ${local.account_address_file} s3://${local.s3_revision_folder}/accounts/${local.normalized_host_ip} --sse aws:kms --sse-kms-key-id ${aws_kms_key.bucket.arn}",
+    "aws s3 cp s3://${local.quorum_bucket}/${aws_s3_bucket_object.genesis_alloc_account_code.key} ${local.genesis_code_file}",
 
     // Gather all IPs
     "count=0; while [ $count -lt ${var.number_of_nodes} ]; do count=$(ls ${local.hosts_folder} | grep ^ip | wc -l); aws s3 cp --recursive s3://${local.s3_revision_folder}/hosts ${local.hosts_folder} > /dev/null 2>&1 | echo \"Wait for other containers to report their IPs ... $count/${var.number_of_nodes}\"; sleep 1; done",
@@ -161,9 +163,13 @@ EOP
     "echo \"All nodes have registered their IDs\"",
 
     // Prepare Genesis file
-    "alloc=\"\"; for f in `ls ${local.accounts_folder}`; do address=$(cat ${local.accounts_folder}/$f); alloc=\"$alloc,\\\"$address\\\": { \"balance\": \"\\\"1000000000000000000000000000\\\"\"}\"; done",
+    "storage_count=$(printf \"%04x\" ${var.number_of_nodes})",
+    "storage_key_postfix=${local.permissioning_alloc_storage_base}",
+    "storage=\"\\\"0x0000000000000000000000000000000000000000000000000000000000000000\\\": \\\"0x000000000000000000000000000000000000$${storage_count}\\\"\"",
+    "alloc=\"\"; for f in `ls ${local.accounts_folder}`; do address=$(cat ${local.accounts_folder}/$f); alloc=\"$alloc,\\\"$address\\\": { \\\"balance\\\": \"\\\"1000000000000000000000000000\\\"\"}\"; storage_postfix=$(printf \"%04x\" $${storage_key_postfix}); storage_key_postfix=$((storage_key_postfix+1)); storageKey=\"${local.permissioning_alloc_storage_prefix}$${storage_postfix}\" storage=\"$storage, \\\"$${storageKey}\\\": \\\"$${address}\\\"\"; done",
 
-    "alloc=\"{$${alloc:1}}\"",
+    "code=$(cat ${local.genesis_code_file})",
+    "${var.enable_permissioning == "true" ? "alloc=\"{\\\"${local.permissioning_alloc_address}\\\": {\\\"code\\\": \\\"$${code}\\\", \\\"balance\\\": \"\\\"1000000000000000000000000000\\\"\", \\\"storage\\\": {$${storage}}} $${alloc}}\"" : "alloc=\"{$${alloc:1}}\""}",
     "extraData=\"\\\"0x0000000000000000000000000000000000000000000000000000000000000000\\\"\"",
     "${var.consensus_mechanism == "istanbul" ? join("\n", local.istanbul_bootstrap_commands) : ""}",
     "mixHash=\"\\\"${element(local.consensus_config_map["genesis_mixHash"], 0)}\\\"\"",
@@ -180,23 +186,23 @@ EOP
   ]
 
   metadata_bootstrap_container_definition = {
-    name      = "${local.metadata_bootstrap_container_name}"
-    image     = "${local.aws_cli_docker_image}"
+    name = "${local.metadata_bootstrap_container_name}"
+    image = "${local.aws_cli_docker_image}"
     essential = "false"
 
     logConfiguration = {
       logDriver = "awslogs"
 
       options = {
-        awslogs-group         = "${aws_cloudwatch_log_group.quorum.name}"
-        awslogs-region        = "${var.region}"
+        awslogs-group = "${aws_cloudwatch_log_group.quorum.name}"
+        awslogs-region = "${var.region}"
         awslogs-stream-prefix = "logs"
       }
     }
 
     mountPoints = [
       {
-        sourceVolume  = "${local.shared_volume_name}"
+        sourceVolume = "${local.shared_volume_name}"
         containerPath = "${local.shared_volume_container_path}"
       },
     ]
@@ -212,9 +218,9 @@ EOP
     ]
 
     healthCheck = {
-      interval    = 30
-      retries     = 10
-      timeout     = 60
+      interval = 30
+      retries = 10
+      timeout = 60
       startPeriod = 300
 
       command = [

diff --git a/aws/templates/container_definitions_quorum.tf b/aws/templates/container_definitions_quorum.tf
diff --git a/aws/templates/variables.tf b/aws/templates/variables.tf
@@ -8,15 +8,15 @@ variable "network_name" {
 
 variable "number_of_nodes" {
   description = "Number of Quorum nodes. Default is 7"
-  default     = "7"
+  default = "7"
 }
 
 variable "bastion_public_subnet_id" {
   description = "Public Subnet for Bastion node"
 }
 
 variable "subnet_ids" {
-  type        = "list"
+  type = "list"
   description = "List of subnet ids used by ECS to create instances. These subnets must be routable to the internet, via Internet Gateway or NAT instance"
 }
 
@@ -26,52 +26,52 @@ variable "is_igw_subnets" {
 
 variable "quorum_docker_image" {
   description = "URL to Quorum docker image to be used"
-  default     = "quorumengineering/quorum"
+  default = "quorumengineering/quorum"
 }
 
 variable "quorum_docker_image_tag" {
   description = "Quorum Docker image tag to be used"
-  default     = "latest"
+  default = "latest"
 }
 
 variable "constellation_docker_image" {
   description = "URL to Constellation docker image to be used. Only needed if tx_privacy_engine is constellation"
-  default     = "quorumengineering/constellation"
+  default = "quorumengineering/constellation"
 }
 
 variable "constellation_docker_image_tag" {
   description = "Constellation Docker image tag to be used"
-  default     = "latest"
+  default = "latest"
 }
 
 variable "tessera_docker_image" {
   description = "URL to Constellation docker image to be used. Only needed if tx_privacy_engine is constellation"
-  default     = "quorumengineering/tessera"
+  default = "quorumengineering/tessera"
 }
 
 variable "tessera_docker_image_tag" {
   description = "Tessera Docker image tag to be used"
-  default     = "latest"
+  default = "latest"
 }
 
 variable "aws_cli_docker_image" {
   description = "To interact with AWS services"
-  default     = "senseyeio/alpine-aws-cli"
+  default = "senseyeio/alpine-aws-cli"
 }
 
 variable "aws_cli_docker_image_tag" {
   description = "AWS CLI Docker image tag to be used"
-  default     = "latest"
+  default = "latest"
 }
 
 variable "consensus_mechanism" {
   description = "Concensus mechanism used in the network. Supported values are raft/istanbul"
-  default     = "raft"
+  default = "raft"
 }
 
 variable "tx_privacy_engine" {
   description = "Engine that implements transaction privacy. Supported values are constellation/tessera"
-  default     = "tessera"
+  default = "tessera"
 }
 
 variable "quorum_bucket" {
@@ -83,7 +83,12 @@ variable "quorum_bucket_kms_key_arn" {
 }
 
 variable "access_bastion_cidr_blocks" {
-  type        = "list"
+  type = "list"
   description = "CIDR blocks that will be added to allow SSH to Bastion Node"
-  default     = []
+  default = []
 }
+
+variable "enable_permissioning" {
+  description = "Permissioning via smart contract"
+  default = "false"
+}