Permissioning configs accept allowlist as well as whitelist (#1081)

* change whitelist -> allowlist in permissioning configs * fix logic for using alternate whitelist key Signed-off-by: Sally MacFarlane <sally.macfarlane@consensys.net> Co-authored-by: mark-terry <36909937+mark-terry@users.noreply.github.com>
5 years ago · 0fdff649b5
parent 8c9eb4348e
commit 0fdff649b5
23 changed files with 130 additions and 81 deletions
--- a/besu/src/main/java/org/hyperledger/besu/util/PermissioningConfigurationValidator.java
+++ b/besu/src/main/java/org/hyperledger/besu/util/PermissioningConfigurationValidator.java
@ -43,7 +43,7 @@ public class PermissioningConfigurationValidator {

      if (!nodeURIsNotInAllowlist.isEmpty()) {
        throw new Exception(
-            "Specified node(s) not in nodes-whitelist " + enodesAsStrings(nodeURIsNotInAllowlist));
+            "Specified node(s) not in nodes-allowlist " + enodesAsStrings(nodeURIsNotInAllowlist));
      }
    }
  }
--- a/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
+++ b/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
@ -2014,7 +2014,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistAcceptsSingleArgument() {
+  public void rpcHttpHostAllowlistAcceptsSingleArgument() {
    parseCommand("--host-whitelist", "a");

    verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture());
@ -2030,7 +2030,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistAcceptsMultipleArguments() {
+  public void rpcHttpHostAllowlistAcceptsMultipleArguments() {
    parseCommand("--host-whitelist", "a,b");

    verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture());
@ -2046,7 +2046,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistAcceptsDoubleComma() {
+  public void rpcHttpHostAllowlistAcceptsDoubleComma() {
    parseCommand("--host-whitelist", "a,,b");

    verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture());
@ -2062,7 +2062,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistAcceptsMultipleFlags() {
+  public void rpcHttpHostAllowlistAcceptsMultipleFlags() {
    parseCommand("--host-whitelist=a", "--host-whitelist=b");

    verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture());
@ -2078,7 +2078,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistStarWithAnotherHostnameMustFail() {
+  public void rpcHttpHostAllowlistStarWithAnotherHostnameMustFail() {
    final String[] origins = {"friend", "*"};
    parseCommand("--host-whitelist", String.join(",", origins));

@ -2090,7 +2090,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistStarWithAnotherHostnameMustFailStarFirst() {
+  public void rpcHttpHostAllowlistStarWithAnotherHostnameMustFailStarFirst() {
    final String[] origins = {"*", "friend"};
    parseCommand("--host-whitelist", String.join(",", origins));

@ -2102,7 +2102,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistAllWithAnotherHostnameMustFail() {
+  public void rpcHttpHostAllowlistAllWithAnotherHostnameMustFail() {
    final String[] origins = {"friend", "all"};
    parseCommand("--host-whitelist", String.join(",", origins));

@ -2114,7 +2114,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistWithNoneMustBuildEmptyList() {
+  public void rpcHttpHostAllowlistWithNoneMustBuildEmptyList() {
    final String[] origins = {"none"};
    parseCommand("--host-whitelist", String.join(",", origins));

@ -2128,7 +2128,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistNoneWithAnotherDomainMustFail() {
+  public void rpcHttpHostAllowlistNoneWithAnotherDomainMustFail() {
    final String[] origins = {"http://domain1.com", "none"};
    parseCommand("--host-whitelist", String.join(",", origins));

@ -2140,7 +2140,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistNoneWithAnotherDomainMustFailNoneFirst() {
+  public void rpcHttpHostAllowlistNoneWithAnotherDomainMustFailNoneFirst() {
    final String[] origins = {"none", "http://domain1.com"};
    parseCommand("--host-whitelist", String.join(",", origins));

@ -2152,7 +2152,7 @@ public class BesuCommandTest extends CommandTestAbstract {
  }

  @Test
-  public void rpcHttpHostWhitelistEmptyValueFails() {
+  public void rpcHttpHostAllowlistEmptyValueFails() {
    parseCommand("--host-whitelist=");

    Mockito.verifyZeroInteractions(mockRunnerBuilder);
@ -3079,7 +3079,7 @@ public class BesuCommandTest extends CommandTestAbstract {
        staticNodesFile.toPath(), ("[\"" + staticNodeURI.toString() + "\"]").getBytes(UTF_8));
    Files.write(
        permissioningConfig.toPath(),
-        ("nodes-whitelist=[\"" + allowedNode.toString() + "\"]").getBytes(UTF_8));
+        ("nodes-allowlist=[\"" + allowedNode.toString() + "\"]").getBytes(UTF_8));

    parseCommand(
        "--data-path=" + testFolder.getRoot().getPath(),
@ -3087,7 +3087,7 @@ public class BesuCommandTest extends CommandTestAbstract {
        "--permissions-nodes-config-file-enabled=true",
        "--permissions-nodes-config-file=" + permissioningConfig.getPath());
    assertThat(commandErrorOutput.toString())
-        .contains(staticNodeURI.toString(), "not in nodes-whitelist");
+        .contains(staticNodeURI.toString(), "not in nodes-allowlist");
  }

  @Test
--- a/besu/src/test/java/org/hyperledger/besu/util/LocalPermissioningConfigurationValidatorTest.java
+++ b/besu/src/test/java/org/hyperledger/besu/util/LocalPermissioningConfigurationValidatorTest.java
@ -81,9 +81,9 @@ public class LocalPermissioningConfigurationValidatorTest {
              .collect(Collectors.toList());
      PermissioningConfigurationValidator.areAllNodesAreInAllowlist(
          enodeURIs, permissioningConfiguration);
-      fail("expected exception because ropsten bootnodes are not in node-whitelist");
+      fail("expected exception because ropsten bootnodes are not in node-allowlist");
    } catch (Exception e) {
-      assertThat(e.getMessage()).startsWith("Specified node(s) not in nodes-whitelist");
+      assertThat(e.getMessage()).startsWith("Specified node(s) not in nodes-allowlist");
      assertThat(e.getMessage())
          .contains(
              "enode://6332792c4a00e3e4ee0926ed89e0d27ef985424d97b6a45bf0f23e51f0dcb5e66b875777506458aea7af6f9e4ffb69f43f3778ee73c81ed9d34c51c4b16b0b0f@52.232.243.152:30303");
--- a/besu/src/test/resources/permissioning_config.toml
+++ b/besu/src/test/resources/permissioning_config.toml
@ -1,4 +1,4 @@
 # Permissioning TOML file

-accounts-whitelist=["0x0000000000000000000000000000000000000009"]
-nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"]
+accounts-allowlist=["0x0000000000000000000000000000000000000009"]
+nodes-allowlist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"]
--- a/besu/src/test/resources/permissioning_config_ropsten_bootnodes.toml
+++ b/besu/src/test/resources/permissioning_config_ropsten_bootnodes.toml
@ -1,7 +1,7 @@
 # Permissioning TOML file

-accounts-whitelist=["0x0000000000000000000000000000000000000009"]
-nodes-whitelist=["enode://6332792c4a00e3e4ee0926ed89e0d27ef985424d97b6a45bf0f23e51f0dcb5e66b875777506458aea7af6f9e4ffb69f43f3778ee73c81ed9d34c51c4b16b0b0f@52.232.243.152:30303",
+accounts-allowlist=["0x0000000000000000000000000000000000000009"]
+nodes-allowlist=["enode://6332792c4a00e3e4ee0926ed89e0d27ef985424d97b6a45bf0f23e51f0dcb5e66b875777506458aea7af6f9e4ffb69f43f3778ee73c81ed9d34c51c4b16b0b0f@52.232.243.152:30303",
  "enode://94c15d1b9e2fe7ce56e458b9a3b672ef11894ddedd0c6f247e0f1d3487f52b66208fb4aeb8179fce6e3a749ea93ed147c37976d67af557508d199d9594c35f09@192.81.208.223:30303",
  "enode://30b7ab30a01c124a6cceca36863ece12c4f5fa68e3ba9b0b51407ccc002eeed3b3102d20a88f1c1d3c3154e2449317b8ef95090e77b312d5cc39354f86d5d606@52.176.7.10:30303",
  "enode://865a63255b3bb68023b6bffd5095118fcc13e79dcf014fe4e47e065c350c7cc72af2e53eff895f11ba1bbb6a2b33271c1116ee870f266618eadfc2e78aa7349c@52.176.100.77:30303"]
--- a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistor.java
+++ b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistor.java
@ -37,8 +37,8 @@ public class AllowlistPersistor {
  private final File configurationFile;

  public enum ALLOWLIST_TYPE {
-    ACCOUNTS("accounts-whitelist"),
-    NODES("nodes-whitelist");
+    ACCOUNTS("accounts-allowlist"),
+    NODES("nodes-allowlist");

    private final String tomlKey;

--- a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/PermissioningConfigurationBuilder.java
+++ b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/PermissioningConfigurationBuilder.java
@ -26,8 +26,10 @@ import org.apache.tuweni.toml.TomlParseResult;

 public class PermissioningConfigurationBuilder {

-  public static final String ACCOUNTS_WHITELIST_KEY = "accounts-whitelist";
-  public static final String NODES_WHITELIST_KEY = "nodes-whitelist";
+  @Deprecated public static final String ACCOUNTS_WHITELIST_KEY = "accounts-whitelist";
+  @Deprecated public static final String NODES_WHITELIST_KEY = "nodes-whitelist";
+  public static final String ACCOUNTS_ALLOWLIST_KEY = "accounts-allowlist";
+  public static final String NODES_ALLOWLIST_KEY = "nodes-allowlist";

  public static SmartContractPermissioningConfiguration smartContractPermissioningConfiguration(
      final Address address, final boolean smartContractPermissionedNodeEnabled) {
@ -65,7 +67,8 @@ public class PermissioningConfigurationBuilder {

    if (localConfigNodePermissioningEnabled) {
      final TomlParseResult nodePermissioningToml = readToml(nodePermissioningConfigFilepath);
-      final TomlArray nodeWhitelistTomlArray = nodePermissioningToml.getArray(NODES_WHITELIST_KEY);
+      final TomlArray nodeWhitelistTomlArray =
+          getAllowlistArray(nodePermissioningToml, NODES_ALLOWLIST_KEY, NODES_WHITELIST_KEY);

      permissioningConfiguration.setNodePermissioningConfigFilePath(
          nodePermissioningConfigFilepath);
@ -81,7 +84,7 @@ public class PermissioningConfigurationBuilder {
        permissioningConfiguration.setNodeAllowlist(nodesWhitelistToml);
      } else {
        throw new Exception(
-            NODES_WHITELIST_KEY
+            NODES_ALLOWLIST_KEY
                + " config option missing in TOML config file "
                + nodePermissioningConfigFilepath);
      }
@ -98,7 +101,8 @@ public class PermissioningConfigurationBuilder {
    if (localConfigAccountPermissioningEnabled) {
      final TomlParseResult accountPermissioningToml = readToml(accountPermissioningConfigFilepath);
      final TomlArray accountWhitelistTomlArray =
-          accountPermissioningToml.getArray(ACCOUNTS_WHITELIST_KEY);
+          getAllowlistArray(
+              accountPermissioningToml, ACCOUNTS_ALLOWLIST_KEY, ACCOUNTS_WHITELIST_KEY);

      permissioningConfiguration.setAccountPermissioningConfigFilePath(
          accountPermissioningConfigFilepath);
@ -122,7 +126,7 @@ public class PermissioningConfigurationBuilder {
        permissioningConfiguration.setAccountAllowlist(accountsWhitelistToml);
      } else {
        throw new Exception(
-            ACCOUNTS_WHITELIST_KEY
+            ACCOUNTS_ALLOWLIST_KEY
                + " config option missing in TOML config file "
                + accountPermissioningConfigFilepath);
      }
@ -131,6 +135,25 @@ public class PermissioningConfigurationBuilder {
    return permissioningConfiguration;
  }

+  /**
+   * This method allows support for both keys for now. Whitelist TOML keys will be removed in future
+   * (breaking change)
+   *
+   * @param tomlParseResult
+   * @param primaryKey
+   * @param alternateKey
+   * @return
+   */
+  private static TomlArray getAllowlistArray(
+      final TomlParseResult tomlParseResult, final String primaryKey, final String alternateKey) {
+    final TomlArray array = tomlParseResult.getArray(primaryKey);
+    if (array == null) {
+      return tomlParseResult.getArray(alternateKey);
+    } else {
+      return array;
+    }
+  }
+
  private static TomlParseResult readToml(final String filepath) throws Exception {
    TomlParseResult toml;

--- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java
+++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java
@ -83,7 +83,7 @@ public class AccountLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void whenPermConfigHasAccountsShouldAddAllAccountsToWhitelist() {
+  public void whenPermConfigHasAccountsShouldAddAllAccountsToAllowlist() {
    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
    when(permissioningConfig.getAccountAllowlist())
        .thenReturn(singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"));
@ -245,7 +245,7 @@ public class AccountLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void stateShouldRevertIfWhitelistPersistFails()
+  public void stateShouldRevertIfAllowlistPersistFails()
      throws IOException, AllowlistFileSyncException {
    List<String> newAccount = singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73");
    List<String> newAccount2 = singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd72");
@ -267,7 +267,7 @@ public class AccountLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void reloadAccountWhitelistWithValidConfigFileShouldUpdateWhitelist() throws Exception {
+  public void reloadAccountAllowlistWithValidConfigFileShouldUpdateAllowlist() throws Exception {
    final String expectedAccount = "0x627306090abab3a6e1400e9345bc60c78a8bef57";
    final Path permissionsFile = createPermissionsFileWithAccount(expectedAccount);

@ -286,7 +286,7 @@ public class AccountLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void reloadAccountWhitelistWithErrorReadingConfigFileShouldKeepOldWhitelist() {
+  public void reloadAccountAllowlistWithErrorReadingConfigFileShouldKeepOldAllowlist() {
    when(permissioningConfig.getAccountPermissioningConfigFilePath()).thenReturn("foo");
    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
    when(permissioningConfig.getAccountAllowlist())
@ -331,7 +331,7 @@ public class AccountLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void isPermittedShouldCheckIfAccountExistInTheWhitelist() {
+  public void isPermittedShouldCheckIfAccountExistInTheAllowlist() {
    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
    when(permissioningConfig.getAccountAllowlist())
        .thenReturn(singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"));
@ -367,7 +367,7 @@ public class AccountLocalConfigPermissioningControllerTest {
  }

  private Path createPermissionsFileWithAccount(final String account) throws IOException {
-    final String nodePermissionsFileContent = "accounts-whitelist=[\"" + account + "\"]";
+    final String nodePermissionsFileContent = "accounts-allowlist=[\"" + account + "\"]";
    final Path permissionsFile = Files.createTempFile("account_permissions", "");
    permissionsFile.toFile().deleteOnExit();
    Files.write(permissionsFile, nodePermissionsFileContent.getBytes(StandardCharsets.UTF_8));
--- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistorTest.java
+++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistorTest.java
@ -102,7 +102,7 @@ public class AllowlistPersistorTest {
    ALLOWLIST_TYPE key = ALLOWLIST_TYPE.ACCOUNTS;
    List<String> newValue = Lists.newArrayList("account5", "account6", "account4");
    String expectedValue =
-        String.format("%s=[%s]", "accounts-whitelist", "\"account5\",\"account6\",\"account4\"");
+        String.format("%s=[%s]", "accounts-allowlist", "\"account5\",\"account6\",\"account4\"");

    allowlistPersistor.updateConfig(key, newValue);

--- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/LocalPermissioningConfigurationBuilderTest.java
+++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/LocalPermissioningConfigurationBuilderTest.java
@ -31,26 +31,46 @@ import org.junit.Test;
 public class LocalPermissioningConfigurationBuilderTest {

  private static final String PERMISSIONING_CONFIG_VALID = "/permissioning_config.toml";
-  private static final String PERMISSIONING_CONFIG_ACCOUNT_WHITELIST_ONLY =
-      "/permissioning_config_account_whitelist_only.toml";
-  private static final String PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY =
-      "/permissioning_config_node_whitelist_only.toml";
+  private static final String PERMISSIONING_CONFIG_VALID_WHITELISTS =
+      "/permissioning_config_whitelists.toml";
+  private static final String PERMISSIONING_CONFIG_ACCOUNT_ALLOWLIST_ONLY =
+      "/permissioning_config_account_allowlist_only.toml";
+  private static final String PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY =
+      "/permissioning_config_node_allowlist_only.toml";
  private static final String PERMISSIONING_CONFIG_INVALID_ENODE =
      "/permissioning_config_invalid_enode.toml";
  private static final String PERMISSIONING_CONFIG_INVALID_ACCOUNT =
      "/permissioning_config_invalid_account.toml";
-  private static final String PERMISSIONING_CONFIG_EMPTY_WHITELISTS =
-      "/permissioning_config_empty_whitelists.toml";
-  private static final String PERMISSIONING_CONFIG_ABSENT_WHITELISTS =
-      "/permissioning_config_absent_whitelists.toml";
+  private static final String PERMISSIONING_CONFIG_EMPTY_ALLOWLISTS =
+      "/permissioning_config_empty_allowlists.toml";
+  private static final String PERMISSIONING_CONFIG_ABSENT_ALLOWLISTS =
+      "/permissioning_config_absent_allowlists.toml";
  private static final String PERMISSIONING_CONFIG_UNRECOGNIZED_KEY =
      "/permissioning_config_unrecognized_key.toml";
-  private static final String PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY_MULTILINE =
-      "/permissioning_config_node_whitelist_only_multiline.toml";
+  private static final String PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY_MULTILINE =
+      "/permissioning_config_node_allowlist_only_multiline.toml";

  private final String VALID_NODE_ID =
      "6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0";

+  @Test
+  public void permissioningConfig_usingDeprecatedKeysIsStillValid() throws Exception {
+    final String uri = "enode://" + VALID_NODE_ID + "@192.168.0.9:4567";
+    final String uri2 = "enode://" + VALID_NODE_ID + "@192.169.0.9:4568";
+
+    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_VALID_WHITELISTS);
+    final Path toml = createTempFile("toml", Resources.toByteArray(configFile));
+
+    LocalPermissioningConfiguration permissioningConfiguration = permissioningConfig(toml);
+
+    assertThat(permissioningConfiguration.isAccountAllowlistEnabled()).isTrue();
+    assertThat(permissioningConfiguration.getAccountAllowlist())
+        .containsExactly("0x0000000000000000000000000000000000000009");
+    assertThat(permissioningConfiguration.isNodeAllowlistEnabled()).isTrue();
+    assertThat(permissioningConfiguration.getNodeAllowlist())
+        .containsExactly(URI.create(uri), URI.create(uri2));
+  }
+
  @Test
  public void permissioningConfig() throws Exception {
    final String uri = "enode://" + VALID_NODE_ID + "@192.168.0.9:4567";
@ -73,7 +93,7 @@ public class LocalPermissioningConfigurationBuilderTest {
  public void permissioningConfigWithOnlyNodeWhitelistSet() throws Exception {
    final String uri = "enode://" + VALID_NODE_ID + "@192.168.0.9:4567";

-    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY);
+    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY);
    final Path toml = createTempFile("toml", Resources.toByteArray(configFile));

    LocalPermissioningConfiguration permissioningConfiguration =
@ -87,7 +107,7 @@ public class LocalPermissioningConfigurationBuilderTest {

  @Test
  public void permissioningConfigWithOnlyAccountWhitelistSet() throws Exception {
-    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ACCOUNT_WHITELIST_ONLY);
+    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ACCOUNT_ALLOWLIST_ONLY);
    final Path toml = createTempFile("toml", Resources.toByteArray(configFile));

    LocalPermissioningConfiguration permissioningConfiguration =
@ -126,7 +146,7 @@ public class LocalPermissioningConfigurationBuilderTest {

  @Test
  public void permissioningConfigWithEmptyWhitelistMustNotError() throws Exception {
-    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_EMPTY_WHITELISTS);
+    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_EMPTY_ALLOWLISTS);
    final Path toml = createTempFile("toml", Resources.toByteArray(configFile));

    LocalPermissioningConfiguration permissioningConfiguration = permissioningConfig(toml);
@ -139,7 +159,7 @@ public class LocalPermissioningConfigurationBuilderTest {

  @Test
  public void permissioningConfigWithAbsentWhitelistMustThrowException() throws Exception {
-    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ABSENT_WHITELISTS);
+    final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ABSENT_ALLOWLISTS);
    final Path toml = createTempFile("toml", Resources.toByteArray(configFile));

    final Throwable thrown = catchThrowable(() -> permissioningConfig(toml));
@ -157,7 +177,7 @@ public class LocalPermissioningConfigurationBuilderTest {
    assertThat(thrown)
        .isInstanceOf(Exception.class)
        .hasMessageContaining("config option missing")
-        .hasMessageContaining(PermissioningConfigurationBuilder.ACCOUNTS_WHITELIST_KEY);
+        .hasMessageContaining(PermissioningConfigurationBuilder.ACCOUNTS_ALLOWLIST_KEY);
  }

  @Test
@ -198,7 +218,7 @@ public class LocalPermissioningConfigurationBuilderTest {
  @Test
  public void permissioningConfigFromMultilineFileMustParseCorrectly() throws Exception {
    final URL configFile =
-        this.getClass().getResource(PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY_MULTILINE);
+        this.getClass().getResource(PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY_MULTILINE);
    final LocalPermissioningConfiguration permissioningConfiguration =
        PermissioningConfigurationBuilder.permissioningConfiguration(
            true, configFile.getPath(), false, configFile.getPath());
--- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeLocalConfigPermissioningControllerTest.java
+++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeLocalConfigPermissioningControllerTest.java
@ -300,7 +300,7 @@ public class NodeLocalConfigPermissioningControllerTest {

  @Test
  public void
-      whenCheckingIfNodeIsPermittedDiscoveryPortShouldNotBeConsidered_whitelistAndNodeHaveDiscDisabled() {
+      whenCheckingIfNodeIsPermittedDiscoveryPortShouldNotBeConsidered_allowlistAndNodeHaveDiscDisabled() {
    String peerWithDiscoveryPortSet =
        "enode://aaaa80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@127.0.0.1:30303?discport=0";
    String peerWithoutDiscoveryPortSet =
@ -325,7 +325,7 @@ public class NodeLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void stateShouldRevertIfWhitelistPersistFails()
+  public void stateShouldRevertIfAllowlistPersistFails()
      throws IOException, AllowlistFileSyncException {
    List<String> newNode1 = singletonList(EnodeURL.fromString(enode1).toString());
    List<String> newNode2 = singletonList(EnodeURL.fromString(enode2).toString());
@ -347,7 +347,7 @@ public class NodeLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void reloadNodeWhitelistWithValidConfigFileShouldUpdateWhitelist() throws Exception {
+  public void reloadNodeAllowlistWithValidConfigFileShouldUpdateAllowlist() throws Exception {
    final String expectedEnodeURL =
        "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567";
    final Path permissionsFile = createPermissionsFileWithNode(expectedEnodeURL);
@ -369,7 +369,7 @@ public class NodeLocalConfigPermissioningControllerTest {
  }

  @Test
-  public void reloadNodeWhitelistWithErrorReadingConfigFileShouldKeepOldWhitelist() {
+  public void reloadNodeAllowlistWithErrorReadingConfigFileShouldKeepOldAllowlist() {
    final String expectedEnodeURI =
        "enode://aaaa80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567";
    final LocalPermissioningConfiguration permissioningConfig =
@ -408,8 +408,8 @@ public class NodeLocalConfigPermissioningControllerTest {

  @Test
  @SuppressWarnings("unchecked")
-  public void whenAddingNodeDoesNotAddShouldNotNotifyWhitelistModifiedSubscribers() {
-    // adding node before subscribing to whitelist modified events
+  public void whenAddingNodeDoesNotAddShouldNotNotifyAllowlistModifiedSubscribers() {
+    // adding node before subscribing to allowlist modified events
    controller.addNodes(Lists.newArrayList(enode1));
    final Consumer<NodeWhitelistUpdatedEvent> consumer = mock(Consumer.class);

@ -422,8 +422,8 @@ public class NodeLocalConfigPermissioningControllerTest {

  @Test
  @SuppressWarnings("unchecked")
-  public void whenRemovingNodeShouldNotifyWhitelistModifiedSubscribers() {
-    // adding node before subscribing to whitelist modified events
+  public void whenRemovingNodeShouldNotifyAllowlistModifiedSubscribers() {
+    // adding node before subscribing to allowlist modified events
    controller.addNodes(Lists.newArrayList(enode1));

    final Consumer<NodeWhitelistUpdatedEvent> consumer = mock(Consumer.class);
@ -439,7 +439,7 @@ public class NodeLocalConfigPermissioningControllerTest {

  @Test
  @SuppressWarnings("unchecked")
-  public void whenRemovingNodeDoesNotRemoveShouldNotifyWhitelistModifiedSubscribers() {
+  public void whenRemovingNodeDoesNotRemoveShouldNotifyAllowlistModifiedSubscribers() {
    final Consumer<NodeWhitelistUpdatedEvent> consumer = mock(Consumer.class);

    controller.subscribeToListUpdatedEvent(consumer);
@ -466,7 +466,7 @@ public class NodeLocalConfigPermissioningControllerTest {

  @Test
  @SuppressWarnings("unchecked")
-  public void whenReloadingWhitelistShouldNotifyWhitelistModifiedSubscribers() throws Exception {
+  public void whenReloadingAllowlistShouldNotifyAllowlistModifiedSubscribers() throws Exception {
    final Path permissionsFile = createPermissionsFileWithNode(enode2);
    final LocalPermissioningConfiguration permissioningConfig =
        mock(LocalPermissioningConfiguration.class);
@ -492,7 +492,7 @@ public class NodeLocalConfigPermissioningControllerTest {

  @Test
  @SuppressWarnings("unchecked")
-  public void whenReloadingWhitelistAndNothingChangesShouldNotNotifyWhitelistModifiedSubscribers()
+  public void whenReloadingAllowlistAndNothingChangesShouldNotNotifyAllowlistModifiedSubscribers()
      throws Exception {
    final Path permissionsFile = createPermissionsFileWithNode(enode1);
    final LocalPermissioningConfiguration permissioningConfig =
@ -514,7 +514,7 @@ public class NodeLocalConfigPermissioningControllerTest {
  }

  private Path createPermissionsFileWithNode(final String node) throws IOException {
-    final String nodePermissionsFileContent = "nodes-whitelist=[\"" + node + "\"]";
+    final String nodePermissionsFileContent = "nodes-allowlist=[\"" + node + "\"]";
    final Path permissionsFile = Files.createTempFile("node_permissions", "");
    permissionsFile.toFile().deleteOnExit();
    Files.write(permissionsFile, nodePermissionsFileContent.getBytes(StandardCharsets.UTF_8));
--- a/ethereum/permissioning/src/test/resources/permissioning_config.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config.toml
@ -1,4 +1,4 @@
 # Permissioning TOML file

-accounts-whitelist=["0x0000000000000000000000000000000000000009"]
-nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"]
+accounts-allowlist=["0x0000000000000000000000000000000000000009"]
+nodes-allowlist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_absent_allowlists.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_absent_allowlists.toml
@ -1,3 +1,3 @@
 # Permissioning TOML file with absent lists

-accounts-whitelist=
+accounts-allowlist=
--- a/ethereum/permissioning/src/test/resources/permissioning_config_account_allowlist_only.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_account_allowlist_only.toml
@ -0,0 +1,3 @@
+# Permissioning TOML file (account allowlist only)
+
+accounts-allowlist=["0x0000000000000000000000000000000000000009"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_account_whitelist_only.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_account_whitelist_only.toml
@ -1,3 +0,0 @@
-# Permissioning TOML file (account whitelist only)
-
-accounts-whitelist=["0x0000000000000000000000000000000000000009"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_empty_allowlists.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_empty_allowlists.toml
@ -1,4 +1,4 @@
 # Permissioning TOML file with empty lists

-accounts-whitelist=[]
-nodes-whitelist=[]
+accounts-allowlist=[]
+nodes-allowlist=[]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_invalid_account.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_invalid_account.toml
@ -1,3 +1,3 @@
-# Permissioning TOML file (account whitelist only)
+# Permissioning TOML file (account allowlist only)

-accounts-whitelist=["0xfoo"]
+accounts-allowlist=["0xfoo"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_invalid_enode.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_invalid_enode.toml
@ -1,4 +1,4 @@
 # Permissioning TOML file

-accounts-whitelist=["0x0000000000000000000000000000000000000009"]
-nodes-whitelist=["enode://bob@192.168.0.9:4567"]
+accounts-allowlist=["0x0000000000000000000000000000000000000009"]
+nodes-allowlist=["enode://bob@192.168.0.9:4567"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only.toml
@ -0,0 +1,3 @@
+# Permissioning TOML file (node allowlist only)
+
+nodes-allowlist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only_multiline.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only_multiline.toml
@ -1,6 +1,6 @@
-# Permissioning TOML file (node whitelist only)
+# Permissioning TOML file (node allowlist only)

-nodes-whitelist=[
+nodes-allowlist=[
 "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.1:4567",
 "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.2:4567",
 "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.3:4567",
--- a/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only.toml
@ -1,3 +0,0 @@
-# Permissioning TOML file (node whitelist only)
-
-nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567"]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_unrecognized_key.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_unrecognized_key.toml
@ -1,3 +1,3 @@
 # Permissioning TOML file with typo in key

-perm-node-whitelist=[]
+perm-node-allowlist=[]
--- a/ethereum/permissioning/src/test/resources/permissioning_config_whitelists.toml
+++ b/ethereum/permissioning/src/test/resources/permissioning_config_whitelists.toml
@ -0,0 +1,6 @@
+# Permissioning TOML file
+# NOTE whitelist is being deprecated in favor of allowlist
+# support for whitelist will be removed in future
+
+accounts-whitelist=["0x0000000000000000000000000000000000000009"]
+nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"]