Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: [EXC-1675] migrate replica to no-op LogVisibilityV2 #768

Merged
merged 30 commits into from
Aug 9, 2024
Merged
Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
08b278a
log_visibility_v2
maksymar Aug 6, 2024
3b018e6
add flag
maksymar Aug 6, 2024
c62ddb3
.
maksymar Aug 6, 2024
d0803ca
default
maksymar Aug 6, 2024
76106e4
.
maksymar Aug 6, 2024
ee5a8e7
fix state_layout build
maksymar Aug 6, 2024
e40aad7
.
maksymar Aug 6, 2024
8f365bb
.
maksymar Aug 6, 2024
83e7d43
cleanup
maksymar Aug 6, 2024
7ab33ac
.
maksymar Aug 6, 2024
f665bd8
nns proto
maksymar Aug 6, 2024
c2aa68b
v2 sns
maksymar Aug 7, 2024
9afb296
Revert "nns proto"
maksymar Aug 7, 2024
7c0e03d
.
maksymar Aug 7, 2024
183607b
update cmc.did
maksymar Aug 7, 2024
7790cba
update test failure message
maksymar Aug 7, 2024
2bbd675
move feature flag to query_handler
maksymar Aug 7, 2024
6b7943d
Merge branch 'master' into maksym/exc-1670-v2
maksymar Aug 7, 2024
e7e49d9
cleanup
maksymar Aug 8, 2024
7aeda5e
remove allowed_viewers from cmc.did
maksymar Aug 8, 2024
5cca516
clippy
maksymar Aug 8, 2024
a9c88ee
Merge branch 'master' into maksym/exc-1670-v2
maksymar Aug 8, 2024
e945dff
Merge branch 'master' into maksym/exc-1670-v2
maksymar Aug 8, 2024
4943da7
clippy
maksymar Aug 8, 2024
a45f3fc
Merge branch 'master' into maksym/exc-1670-v2
maksymar Aug 9, 2024
407f393
fix query_handler logic to include controllers check for allowed_viewers
maksymar Aug 9, 2024
c02e736
Merge branch 'master' into maksym/exc-1670-v2
maksymar Aug 9, 2024
5f64ebe
add cleanup todo comment
maksymar Aug 9, 2024
4428c87
switch from into to from
maksymar Aug 9, 2024
fede740
Merge branch 'master' into maksym/exc-1670-v2
maksymar Aug 9, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions rs/execution_environment/src/canister_settings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use ic_base_types::{NumBytes, NumSeconds};
use ic_cycles_account_manager::{CyclesAccountManager, ResourceSaturation};
use ic_error_types::{ErrorCode, UserError};
use ic_interfaces::execution_environment::SubnetAvailableMemory;
use ic_management_canister_types::{CanisterSettingsArgs, LogVisibility};
use ic_management_canister_types::{CanisterSettingsArgs, LogVisibilityV2};
use ic_types::{
ComputeAllocation, Cycles, InvalidComputeAllocationError, InvalidMemoryAllocationError,
MemoryAllocation, PrincipalId,
Expand All @@ -25,7 +25,7 @@ pub(crate) struct CanisterSettings {
pub(crate) wasm_memory_threshold: Option<NumBytes>,
pub(crate) freezing_threshold: Option<NumSeconds>,
pub(crate) reserved_cycles_limit: Option<Cycles>,
pub(crate) log_visibility: Option<LogVisibility>,
pub(crate) log_visibility: Option<LogVisibilityV2>,
pub(crate) wasm_memory_limit: Option<NumBytes>,
}

Expand All @@ -37,7 +37,7 @@ impl CanisterSettings {
wasm_memory_threshold: Option<NumBytes>,
freezing_threshold: Option<NumSeconds>,
reserved_cycles_limit: Option<Cycles>,
log_visibility: Option<LogVisibility>,
log_visibility: Option<LogVisibilityV2>,
wasm_memory_limit: Option<NumBytes>,
) -> Self {
Self {
Expand Down Expand Up @@ -76,7 +76,7 @@ impl CanisterSettings {
self.reserved_cycles_limit
}

pub fn log_visibility(&self) -> Option<&LogVisibility> {
pub fn log_visibility(&self) -> Option<&LogVisibilityV2> {
self.log_visibility.as_ref()
}

Expand Down Expand Up @@ -179,7 +179,7 @@ pub(crate) struct CanisterSettingsBuilder {
wasm_memory_threshold: Option<NumBytes>,
freezing_threshold: Option<NumSeconds>,
reserved_cycles_limit: Option<Cycles>,
log_visibility: Option<LogVisibility>,
log_visibility: Option<LogVisibilityV2>,
wasm_memory_limit: Option<NumBytes>,
}

Expand Down Expand Up @@ -253,7 +253,7 @@ impl CanisterSettingsBuilder {
}
}

pub fn with_log_visibility(self, log_visibility: LogVisibility) -> Self {
pub fn with_log_visibility(self, log_visibility: LogVisibilityV2) -> Self {
Self {
log_visibility: Some(log_visibility),
..self
Expand Down Expand Up @@ -348,7 +348,7 @@ pub(crate) struct ValidatedCanisterSettings {
freezing_threshold: Option<NumSeconds>,
reserved_cycles_limit: Option<Cycles>,
reservation_cycles: Cycles,
log_visibility: Option<LogVisibility>,
log_visibility: Option<LogVisibilityV2>,
wasm_memory_limit: Option<NumBytes>,
}

Expand Down Expand Up @@ -381,7 +381,7 @@ impl ValidatedCanisterSettings {
self.reservation_cycles
}

pub fn log_visibility(&self) -> Option<&LogVisibility> {
pub fn log_visibility(&self) -> Option<&LogVisibilityV2> {
self.log_visibility.as_ref()
}

Expand Down
14 changes: 7 additions & 7 deletions rs/execution_environment/src/execution_environment/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use ic_management_canister_types::{
self as ic00, BitcoinGetUtxosArgs, BitcoinNetwork, BoundedHttpHeaders, CanisterChange,
CanisterHttpRequestArgs, CanisterIdRecord, CanisterStatusResultV2, CanisterStatusType,
DerivationPath, EcdsaCurve, EcdsaKeyId, EmptyBlob, FetchCanisterLogsRequest, HttpMethod,
LogVisibility, MasterPublicKeyId, Method, Payload as Ic00Payload,
LogVisibilityV2, MasterPublicKeyId, Method, Payload as Ic00Payload,
ProvisionalCreateCanisterWithCyclesArgs, ProvisionalTopUpCanisterArgs, SchnorrAlgorithm,
SchnorrKeyId, TakeCanisterSnapshotArgs, TransformContext, TransformFunc, IC_00,
};
Expand Down Expand Up @@ -3524,7 +3524,7 @@ fn test_canister_settings_log_visibility_default_controllers() {
// Assert.
assert_eq!(
canister_status.settings().log_visibility(),
&LogVisibility::Controllers
&LogVisibilityV2::Controllers
);
}

Expand All @@ -3537,7 +3537,7 @@ fn test_canister_settings_log_visibility_create_with_settings() {
.create_canister_with_settings(
Cycles::new(1_000_000_000),
ic00::CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Public)
.with_log_visibility(LogVisibilityV2::Public)
.build(),
)
.unwrap();
Expand All @@ -3546,7 +3546,7 @@ fn test_canister_settings_log_visibility_create_with_settings() {
// Assert.
assert_eq!(
canister_status.settings().log_visibility(),
&LogVisibility::Public
&LogVisibilityV2::Public
);
}

Expand All @@ -3556,14 +3556,14 @@ fn test_canister_settings_log_visibility_set_to_public() {
let mut test = ExecutionTestBuilder::new().build();
let canister_id = test.create_canister(Cycles::new(1_000_000_000));
// Act.
test.set_log_visibility(canister_id, LogVisibility::Public)
test.set_log_visibility(canister_id, LogVisibilityV2::Public)
.unwrap();
let result = test.canister_status(canister_id);
let canister_status = CanisterStatusResultV2::decode(&get_reply(result)).unwrap();
// Assert.
assert_eq!(
canister_status.settings().log_visibility(),
&LogVisibility::Public
&LogVisibilityV2::Public
);
}

Expand All @@ -3574,7 +3574,7 @@ fn test_fetch_canister_logs_should_accept_ingress_message() {
let mut test = ExecutionTestBuilder::new().build();
let canister_id = test.universal_canister().unwrap();
let not_a_controller = user_test_id(42);
test.set_log_visibility(canister_id, LogVisibility::Public)
test.set_log_visibility(canister_id, LogVisibilityV2::Public)
.unwrap();
// Act.
test.set_user_id(not_a_controller);
Expand Down
22 changes: 17 additions & 5 deletions rs/execution_environment/src/query_handler.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ use tower::{util::BoxCloneService, Service};

pub(crate) use self::query_scheduler::{QueryScheduler, QuerySchedulerFlag};
use ic_management_canister_types::{
FetchCanisterLogsRequest, FetchCanisterLogsResponse, LogVisibility, Payload, QueryMethod,
FetchCanisterLogsRequest, FetchCanisterLogsResponse, LogVisibilityV2, Payload, QueryMethod,
};

/// Convert an object into CBOR binary.
Expand Down Expand Up @@ -282,6 +282,10 @@ impl InternalHttpQueryHandler {
}
}

// TODO(EXC-1678): remove after release.
/// Feature flag to enable/disable allowed viewers for canister log visibility.
const ALLOWED_VIEWERS_ENABLED: bool = false;
maksymar marked this conversation as resolved.
Show resolved Hide resolved

fn fetch_canister_logs(
sender: PrincipalId,
state: &ReplicatedState,
Expand All @@ -295,10 +299,18 @@ fn fetch_canister_logs(
)
})?;

match canister.log_visibility() {
LogVisibility::Public => Ok(()),
LogVisibility::Controllers if canister.controllers().contains(&sender) => Ok(()),
LogVisibility::Controllers => Err(UserError::new(
let log_visibility = match canister.log_visibility() {
// If the feature is disabled override `AllowedViewers` with default value.
LogVisibilityV2::AllowedViewers(_) if !ALLOWED_VIEWERS_ENABLED => {
&LogVisibilityV2::default()
}
other => other,
};
match log_visibility {
LogVisibilityV2::Public => Ok(()),
LogVisibilityV2::Controllers if canister.controllers().contains(&sender) => Ok(()),
LogVisibilityV2::AllowedViewers(principals) if principals.get().contains(&sender) => Ok(()),
LogVisibilityV2::AllowedViewers(_) | LogVisibilityV2::Controllers => Err(UserError::new(
ErrorCode::CanisterRejectedMessage,
format!(
"Caller {} is not allowed to query ic00 method {}",
Expand Down
72 changes: 49 additions & 23 deletions rs/execution_environment/tests/canister_logging.rs
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
use ic_config::execution_environment::Config as ExecutionConfig;
use ic_config::subnet_config::SubnetConfig;
use ic_management_canister_types::{
self as ic00, CanisterIdRecord, CanisterInstallMode, CanisterLogRecord, CanisterSettingsArgs,
CanisterSettingsArgsBuilder, DataSize, EmptyBlob, FetchCanisterLogsRequest,
FetchCanisterLogsResponse, LogVisibility, Payload,
self as ic00, BoundedAllowedViewers, CanisterIdRecord, CanisterInstallMode, CanisterLogRecord,
CanisterSettingsArgs, CanisterSettingsArgsBuilder, DataSize, EmptyBlob,
FetchCanisterLogsRequest, FetchCanisterLogsResponse, LogVisibilityV2, Payload,
};
use ic_registry_subnet_type::SubnetType;
use ic_state_machine_tests::{
Expand Down Expand Up @@ -79,7 +79,7 @@ fn setup_with_controller(wasm: Vec<u8>) -> (StateMachine, CanisterId, PrincipalI
let controller = PrincipalId::new_user_test_id(42);
let (env, canister_id) = setup_and_install_wasm(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Controllers)
.with_log_visibility(LogVisibilityV2::Controllers)
.with_controllers(vec![controller])
.build(),
wasm,
Expand Down Expand Up @@ -111,7 +111,7 @@ fn fetch_canister_logs(
fn test_fetch_canister_logs_via_submit_ingress() {
let (env, canister_id) = setup_and_install_wasm(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Public)
.with_log_visibility(LogVisibilityV2::Public)
.build(),
wat_canister().build_wasm(),
);
Expand All @@ -135,7 +135,7 @@ fn test_fetch_canister_logs_via_execute_ingress() {
// Test fetch_canister_logs API call results.
let (env, canister_id) = setup_and_install_wasm(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Public)
.with_log_visibility(LogVisibilityV2::Public)
.build(),
wat_canister().build_wasm(),
);
Expand All @@ -159,7 +159,7 @@ fn test_fetch_canister_logs_via_query_call() {
// Test fetch_canister_logs API call results.
let (env, canister_id) = setup_and_install_wasm(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Public)
.with_log_visibility(LogVisibilityV2::Public)
.build(),
wat_canister().build_wasm(),
);
Expand Down Expand Up @@ -230,37 +230,63 @@ fn test_fetch_canister_logs_via_composite_query_call() {
#[test]
fn test_log_visibility_of_fetch_canister_logs() {
// Test combinations of log_visibility and sender for fetch_canister_logs API call.
let controller = PrincipalId::new_user_test_id(27);
let not_a_controller = PrincipalId::new_user_test_id(42);
let controller = PrincipalId::new_user_test_id(1);
let not_a_controller = PrincipalId::new_user_test_id(2);
let allowed_viewer = PrincipalId::new_user_test_id(3);
let not_allowed_viewer = PrincipalId::new_user_test_id(4);
let allowed_viewers = BoundedAllowedViewers::new(vec![allowed_viewer]);
let ok = Ok(WasmResult::Reply(
FetchCanisterLogsResponse {
canister_log_records: vec![],
}
.encode(),
));
let error = Err(UserError::new(
ErrorCode::CanisterRejectedMessage,
format!(
"Caller {not_a_controller} is not allowed to query ic00 method fetch_canister_logs"
),
));
fn not_allowed_error(caller: &PrincipalId) -> Result<WasmResult, UserError> {
Err(UserError::new(
ErrorCode::CanisterRejectedMessage,
format!("Caller {caller} is not allowed to query ic00 method fetch_canister_logs"),
))
}
let test_cases = vec![
// (log_visibility, sender, expected_result)
(LogVisibility::Public, controller, ok.clone()),
(LogVisibility::Public, not_a_controller, ok.clone()),
(LogVisibility::Controllers, controller, ok),
(LogVisibility::Controllers, not_a_controller, error),
(LogVisibilityV2::Public, controller, ok.clone()),
(LogVisibilityV2::Public, not_a_controller, ok.clone()),
(LogVisibilityV2::Controllers, controller, ok.clone()),
(
LogVisibilityV2::Controllers,
not_a_controller,
not_allowed_error(&not_a_controller),
),
(
LogVisibilityV2::AllowedViewers(allowed_viewers.clone()),
allowed_viewer,
// TODO(EXC-1675): when disabled works as for controllers, change to ok when enabled.
not_allowed_error(&allowed_viewer),
),
(
LogVisibilityV2::AllowedViewers(allowed_viewers.clone()),
not_allowed_viewer,
not_allowed_error(&not_allowed_viewer),
),
(
LogVisibilityV2::AllowedViewers(allowed_viewers),
controller,
ok,
),
];
for (log_visibility, sender, expected_result) in test_cases {
let (env, canister_id) = setup_and_install_wasm(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(log_visibility)
.with_log_visibility(log_visibility.clone())
.with_controllers(vec![controller])
.build(),
wat_canister().build_wasm(),
);
let actual_result = fetch_canister_logs(&env, sender, canister_id);
assert_eq!(actual_result, expected_result);
assert_eq!(
actual_result, expected_result,
"Failed for log_visibility: {log_visibility:?}, sender: {sender}"
);
}
}

Expand Down Expand Up @@ -730,7 +756,7 @@ fn test_logging_debug_print_persists_over_upgrade() {
fn test_logging_trap_at_install_start() {
let (env, canister_id) = setup(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Public)
.with_log_visibility(LogVisibilityV2::Public)
.build(),
);
env.advance_time(TIME_STEP);
Expand Down Expand Up @@ -763,7 +789,7 @@ fn test_logging_trap_at_install_start() {
fn test_logging_trap_at_install_init() {
let (env, canister_id) = setup(
CanisterSettingsArgsBuilder::new()
.with_log_visibility(LogVisibility::Public)
.with_log_visibility(LogVisibilityV2::Public)
.build(),
);
env.advance_time(TIME_STEP);
Expand Down
1 change: 1 addition & 0 deletions rs/nns/cmc/cmc.did
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ type BlockIndex = nat64;
type log_visibility = variant {
controllers;
public;
allowed_viewers : vec principal;
aterga marked this conversation as resolved.
Show resolved Hide resolved
};
type CanisterSettings = record {
controllers : opt vec principal;
Expand Down
6 changes: 3 additions & 3 deletions rs/replica_tests/tests/canister_lifecycle.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use ic_error_types::{ErrorCode, RejectCode};
use ic_management_canister_types::{
self as ic00, CanisterChange, CanisterIdRecord, CanisterInstallMode,
CanisterSettingsArgsBuilder, CanisterStatusResultV2, CanisterStatusType, EmptyBlob,
InstallCodeArgs, LogVisibility, Method, Payload, UpdateSettingsArgs, IC_00,
InstallCodeArgs, Method, Payload, UpdateSettingsArgs, IC_00,
};
use ic_registry_provisional_whitelist::ProvisionalWhitelist;
use ic_replica_tests as utils;
Expand Down Expand Up @@ -712,7 +712,7 @@ fn can_get_canister_information() {
None,
2592000,
Some(5_000_000_000_000u128),
LogVisibility::default(),
Default::default(),
0u128,
0u128,
0u128,
Expand Down Expand Up @@ -770,7 +770,7 @@ fn can_get_canister_information() {
None,
259200,
None,
LogVisibility::default(),
Default::default(),
0u128,
0u128,
0u128,
Expand Down
4 changes: 2 additions & 2 deletions rs/replicated_state/src/canister_state.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use crate::canister_state::queues::CanisterOutputQueuesIterator;
use crate::canister_state::system_state::{CanisterStatus, ExecutionTask, SystemState};
use crate::{InputQueueType, StateError};
pub use execution_state::{EmbedderCache, ExecutionState, ExportedFunctions, Global};
use ic_management_canister_types::{CanisterStatusType, LogVisibility};
use ic_management_canister_types::{CanisterStatusType, LogVisibilityV2};
use ic_registry_subnet_type::SubnetType;
use ic_types::batch::TotalQueryStats;
use ic_types::methods::SystemMethod;
Expand Down Expand Up @@ -153,7 +153,7 @@ impl CanisterState {
&self.system_state.controllers
}

pub fn log_visibility(&self) -> &LogVisibility {
pub fn log_visibility(&self) -> &LogVisibilityV2 {
&self.system_state.log_visibility
}

Expand Down
Loading