update canton to 20240817.13886.vfc183f82 (#19799)

* update canton to 20240817.13886.vfc183f82 tell-slack: canton * bazel and maven * Pin ujson 2.0.0 --------- Co-authored-by: Azure Pipelines Daml Build <[email protected]> Co-authored-by: Tom Tantillo <[email protected]> Co-authored-by: Gerolf Seitz <[email protected]>
digital-asset · Aug 19, 2024 · ee0b486 · ee0b486
1 parent c40f715
commit ee0b486
Show file tree

Hide file tree

Showing 157 changed files with 5,347 additions and 1,660 deletions.
diff --git a/sdk/bazel-java-deps.bzl b/sdk/bazel-java-deps.bzl
@@ -52,6 +52,7 @@ protobuf_version = "3.24.0"
 pekko_version = "1.0.1"
 pekko_http_version = "1.0.0"
 tapir_version = "1.8.5"
+ujson_version = "2.0.0"
 
 guava_version = "31.1-jre"
 
@@ -98,9 +99,13 @@ def install_java_deps():
             "com.lihaoyi:ammonite-util_{}:2.5.9".format(scala_major_version),
             "com.lihaoyi:ammonite_{}:2.5.9".format(scala_version),
             "com.lihaoyi:fansi_{}:0.4.0".format(scala_major_version),
+            "com.lihaoyi:geny_{}:1.1.1".format(scala_major_version),
             "com.lihaoyi:os-lib_{}:0.8.0".format(scala_major_version),
             "com.lihaoyi:pprint_{}:0.8.1".format(scala_major_version),
             "com.lihaoyi:sourcecode_{}:0.3.0".format(scala_major_version),
+            "com.lihaoyi:ujson_{}:{}".format(scala_major_version, ujson_version),
+            "com.lihaoyi:ujson-circe_{}:{}".format(scala_major_version, ujson_version),
+            "com.lihaoyi:upickle-core_{}:{}".format(scala_major_version, ujson_version),
             "com.oracle.database.jdbc.debug:ojdbc8_g:19.18.0.0",
             "com.oracle.database.jdbc:ojdbc8:19.18.0.0",
             "com.softwaremill.sttp.tapir:tapir-json-circe_{}:{}".format(scala_major_version, tapir_version),

diff --git a/sdk/canton/BUILD.bazel b/sdk/canton/BUILD.bazel
@@ -824,6 +824,7 @@ scala_library(
         ":bindings-java",
         ":community_base",
         ":community_ledger_ledger-common",
+        ":community_ledger_transcode",
         ":community_util-logging",
         ":daml-common-staging_daml-errors",
         ":daml-common-staging_daml-jwt",
@@ -858,6 +859,10 @@ scala_library(
         "@maven//:com_google_guava_guava",
         "@maven//:com_google_protobuf_protobuf_java",
         "@maven//:com_google_protobuf_protobuf_java_util",
+        "@maven//:com_lihaoyi_geny_2_13",
+        "@maven//:com_lihaoyi_ujson_2_13",
+        "@maven//:com_lihaoyi_ujson_circe_2_13",
+        "@maven//:com_lihaoyi_upickle_core_2_13",
         "@maven//:com_softwaremill_magnolia1_2_magnolia_2_13",
         "@maven//:com_softwaremill_sttp_model_core_2_13",
         "@maven//:com_softwaremill_sttp_shared_core_2_13",
@@ -889,6 +894,34 @@ scala_library(
     ],
 )
 
+### community/ledger/transcode ###
+
+scala_library(
+    name = "community_ledger_transcode",
+    srcs = glob(["community/ledger/transcode/src/main/scala/**/*.scala"]),
+    plugins = [kind_projector_plugin],
+    resource_strip_prefix = "canton/community/ledger/transcode/src/main/resources",
+    resources = glob(["community/ledger/transcode/src/main/resources/**"]),
+    scalacopts = [
+        "-Xsource:3",
+        "-language:postfixOps",
+    ],
+    unused_dependency_checker_mode = "error",
+    deps = [
+        ":bindings-java",
+        ":ledger_api_proto_scala",
+        "//daml-lf/data",
+        "//daml-lf/language",
+        "@maven//:com_lihaoyi_geny_2_13",
+        "@maven//:com_lihaoyi_ujson_2_13",
+        "@maven//:com_lihaoyi_upickle_core_2_13",
+        "@maven//:com_thesamet_scalapb_scalapb_runtime_2_13",
+        "@maven//:junit_junit",
+        "@maven//:org_scala_lang_scala_reflect",
+        "@maven//:org_scalaz_scalaz_core_2_13",
+    ],
+)
+
 ### community/domain ###
 
 proto_library(

diff --git a/...ton/health/admin/v30/status_service.proto → ...ton/admin/health/v30/status_service.proto b/...ton/health/admin/v30/status_service.proto → ...ton/admin/health/v30/status_service.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package com.digitalasset.canton.health.admin.v30;
+package com.digitalasset.canton.admin.health.v30;
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";

diff --git a/...src/main/protobuf/com/digitalasset/canton/admin/participant/v30/domain_connectivity.proto b/...src/main/protobuf/com/digitalasset/canton/admin/participant/v30/domain_connectivity.proto
@@ -32,6 +32,8 @@ service DomainConnectivityService {
   rpc ListConfiguredDomains(ListConfiguredDomainsRequest) returns (ListConfiguredDomainsResponse);
   // Get the domain id of the given domain alias
   rpc GetDomainId(GetDomainIdRequest) returns (GetDomainIdResponse);
+  // Revoke the authentication tokens for all the sequencers on a domain and disconnect the sequencer clients
+  rpc Logout(LogoutRequest) returns (LogoutResponse);
 }
 
 message DomainConnectionConfig {
@@ -134,3 +136,10 @@ message GetDomainIdRequest {
 message GetDomainIdResponse {
   string domain_id = 2;
 }
+
+message LogoutRequest {
+  string domain_alias = 1;
+}
+
+message LogoutResponse {
+}
diff --git a/...alasset/canton/admin/api/client/commands/EnterpriseSequencerConnectionAdminCommands.scala b/...alasset/canton/admin/api/client/commands/EnterpriseSequencerConnectionAdminCommands.scala
@@ -70,4 +70,21 @@ object EnterpriseSequencerConnectionAdminCommands {
     override def handleResponse(response: v30.SetConnectionResponse): Either[String, Unit] =
       Either.unit
   }
+
+  final case class Logout()
+      extends BaseSequencerConnectionAdminCommand[v30.LogoutRequest, v30.LogoutResponse, Unit] {
+
+    override def createRequest(): Either[String, v30.LogoutRequest] =
+      Right(v30.LogoutRequest())
+
+    override def submitRequest(
+        service: v30.SequencerConnectionServiceGrpc.SequencerConnectionServiceStub,
+        request: v30.LogoutRequest,
+    ): Future[v30.LogoutResponse] =
+      service.logout(request)
+
+    override def handleResponse(response: v30.LogoutResponse): Either[String, Unit] = Right(
+      ()
+    )
+  }
 }
diff --git a/...in/scala/com/digitalasset/canton/admin/api/client/commands/ParticipantAdminCommands.scala b/...in/scala/com/digitalasset/canton/admin/api/client/commands/ParticipantAdminCommands.scala
@@ -911,6 +911,23 @@ object ParticipantAdminCommands {
 
       override def handleResponse(response: ModifyDomainResponse): Either[String, Unit] = Right(())
     }
+
+    final case class Logout(domainAlias: DomainAlias)
+        extends Base[LogoutRequest, LogoutResponse, Unit] {
+
+      override def createRequest(): Either[String, LogoutRequest] =
+        Right(LogoutRequest(domainAlias.toProtoPrimitive))
+
+      override def submitRequest(
+          service: DomainConnectivityServiceStub,
+          request: LogoutRequest,
+      ): Future[LogoutResponse] =
+        service.logout(request)
+
+      override def handleResponse(response: LogoutResponse): Either[String, Unit] = Right(
+        ()
+      )
+    }
   }
 
   object Resources {

diff --git a/...rc/main/scala/com/digitalasset/canton/admin/api/client/commands/StatusAdminCommands.scala b/...rc/main/scala/com/digitalasset/canton/admin/api/client/commands/StatusAdminCommands.scala
@@ -6,13 +6,14 @@ package com.digitalasset.canton.admin.api.client.commands
 import cats.syntax.either.*
 import ch.qos.logback.classic.Level
 import com.digitalasset.canton.ProtoDeserializationError
-import com.digitalasset.canton.health.admin.data.WaitingForExternalInput
-import com.digitalasset.canton.health.admin.v30.{
+import com.digitalasset.canton.admin.health.v30
+import com.digitalasset.canton.admin.health.v30.{
   HealthDumpRequest,
   HealthDumpResponse,
   StatusServiceGrpc,
 }
-import com.digitalasset.canton.health.admin.{data, v30}
+import com.digitalasset.canton.health.admin.data
+import com.digitalasset.canton.health.admin.data.WaitingForExternalInput
 import com.digitalasset.canton.serialization.ProtoConverter.ParsingResult
 import io.grpc.Context.CancellableContext
 import io.grpc.stub.StreamObserver

diff --git a/...ton/community/app-base/src/main/scala/com/digitalasset/canton/console/ConsoleMacros.scala b/...ton/community/app-base/src/main/scala/com/digitalasset/canton/console/ConsoleMacros.scala
@@ -679,7 +679,7 @@ trait ConsoleMacros extends NamedLogging with NoTracing {
               .map(_.transaction)
 
           existingDnsO.getOrElse(
-            owner.topology.decentralized_namespaces.propose(
+            owner.topology.decentralized_namespaces.propose_new(
               owners.map(_.namespace).toSet,
               PositiveInt.tryCreate(1.max(owners.size - 1)),
               store = store,

diff --git a/...mmunity/app-base/src/main/scala/com/digitalasset/canton/console/HealthDumpGenerator.scala b/...mmunity/app-base/src/main/scala/com/digitalasset/canton/console/HealthDumpGenerator.scala
@@ -6,11 +6,12 @@ package com.digitalasset.canton.console
 import better.files.File
 import com.digitalasset.canton.admin.api.client.commands.StatusAdminCommands
 import com.digitalasset.canton.admin.api.client.data.CantonStatus
+import com.digitalasset.canton.admin.health.v30
 import com.digitalasset.canton.config.LocalNodeConfig
 import com.digitalasset.canton.console.CommandErrors.CommandError
 import com.digitalasset.canton.environment.Environment
+import com.digitalasset.canton.health.admin.data
 import com.digitalasset.canton.health.admin.data.NodeStatus
-import com.digitalasset.canton.health.admin.{data, v30}
 import com.digitalasset.canton.metrics.MetricsSnapshot
 import com.digitalasset.canton.serialization.ProtoConverter.ParsingResult
 import com.digitalasset.canton.version.ReleaseVersion

diff --git a/...community/app-base/src/main/scala/com/digitalasset/canton/console/InstanceReference.scala b/...community/app-base/src/main/scala/com/digitalasset/canton/console/InstanceReference.scala
@@ -5,6 +5,7 @@ package com.digitalasset.canton.console
 
 import com.digitalasset.canton.admin.api.client.commands.EnterpriseSequencerAdminCommands.LocatePruningTimestampCommand
 import com.digitalasset.canton.admin.api.client.commands.*
+import com.digitalasset.canton.admin.api.client.data.topology.ListParticipantDomainPermissionResult
 import com.digitalasset.canton.admin.api.client.data.StaticDomainParameters as ConsoleStaticDomainParameters
 import com.digitalasset.canton.config.RequireTypes.{ExistingFile, NonNegativeInt, Port, PositiveInt}
 import com.digitalasset.canton.config.*
@@ -596,8 +597,35 @@ abstract class ParticipantReference(
   override protected def participantIsActiveOnDomain(
       domainId: DomainId,
       participantId: ParticipantId,
-  ): Boolean = topology.domain_trust_certificates.active(domainId, participantId)
+  ): Boolean = {
+    val hasDomainTrustCertificate =
+      topology.domain_trust_certificates.active(domainId, participantId)
+    val isDomainRestricted = topology.domain_parameters
+      .get_dynamic_domain_parameters(domainId)
+      .onboardingRestriction
+      .isRestricted
+    val domainPermission = topology.participant_domain_permissions.find(domainId, participantId)
+
+    // notice the `exists`, expressing the requirement of a permission to exist
+    val hasRequiredDomainPermission = domainPermission.exists(noLoginRestriction)
+    // notice the forall, expressing optionality for the permission to exist
+    val hasOptionalDomainPermission = domainPermission.forall(noLoginRestriction)
+
+    // for a participant to be considered active, it must have a domain trust certificate
+    hasDomainTrustCertificate &&
+    (
+      // if the domain is restricted, the participant MUST have the permission
+      (isDomainRestricted && hasRequiredDomainPermission) ||
+        // if the domain is UNrestricted, the participant may still be restricted by the domain
+        (!isDomainRestricted && hasOptionalDomainPermission)
+    )
+  }
 
+  private def noLoginRestriction(result: ListParticipantDomainPermissionResult): Boolean =
+    result.item.loginAfter
+      .forall(
+        _ <= consoleEnvironment.environment.clock.now
+      )
 }
 object ParticipantReference {
   val InstanceType = "Participant"
@@ -1167,7 +1195,7 @@ class LocalSequencerReference(
 
   override def adminToken: Option[String] = underlying.map(_.adminToken.secret)
 
-  @Help.Summary("Returns the sequencerx configuration")
+  @Help.Summary("Returns the sequencer configuration")
   override def config: SequencerNodeConfigCommon =
     consoleEnvironment.environment.config.sequencersByString(name)
 

diff --git a/...p-base/src/main/scala/com/digitalasset/canton/console/commands/HealthAdministration.scala b/...p-base/src/main/scala/com/digitalasset/canton/console/commands/HealthAdministration.scala
@@ -9,6 +9,7 @@ import com.digitalasset.canton.admin.api.client.commands.{
   StatusAdminCommands,
   TopologyAdminCommands,
 }
+import com.digitalasset.canton.admin.health.v30
 import com.digitalasset.canton.config.{ConsoleCommandTimeout, NonNegativeDuration}
 import com.digitalasset.canton.console.CommandErrors.CommandError
 import com.digitalasset.canton.console.ConsoleMacros.utils
@@ -22,8 +23,8 @@ import com.digitalasset.canton.console.{
   Helpful,
 }
 import com.digitalasset.canton.grpc.FileStreamObserver
+import com.digitalasset.canton.health.admin.data
 import com.digitalasset.canton.health.admin.data.NodeStatus
-import com.digitalasset.canton.health.admin.{data, v30}
 import com.digitalasset.canton.serialization.ProtoConverter.ParsingResult
 import io.grpc.Context
 

diff --git a/...e/src/main/scala/com/digitalasset/canton/console/commands/ParticipantAdministration.scala b/...e/src/main/scala/com/digitalasset/canton/console/commands/ParticipantAdministration.scala
@@ -1274,8 +1274,6 @@ trait ParticipantAdministration extends FeatureFlagFilter {
     )
     def active(domainAlias: DomainAlias): Boolean =
       list_connected().exists { r =>
-        // TODO(#14053): Filter out participants that are not permissioned on the domain. The TODO is because the daml 2.x
-        //  also asks the domain whether the participant is permissioned, i.e. do we need to for a ParticipantDomainPermission?
         r.domainAlias == domainAlias &&
         r.healthy &&
         participantIsActiveOnDomain(r.domainId, id)
@@ -1705,6 +1703,22 @@ trait ParticipantAdministration extends FeatureFlagFilter {
           ).toEither
         } yield ()
       }
+
+    @Help.Summary(
+      "Revoke this participant's authentication tokens and close all the sequencer connections in the given domain"
+    )
+    @Help.Description("""
+      domainAlias: the domain alias from which to logout
+      On all the sequencers from the specified domain, all existing authentication tokens for this participant
+      will be revoked.
+      Note that the participant is not disconnected from the domain; only the connections to the sequencers are closed.
+      The participant will automatically reopen connections, perform a challenge-response and obtain new tokens.
+      """)
+    def logout(domainAlias: DomainAlias): Unit = consoleEnvironment.run {
+      adminCommand(
+        ParticipantAdminCommands.DomainConnectivity.Logout(domainAlias)
+      )
+    }
   }
 
   @Help.Summary("Functionality for managing resources")
@@ -1764,7 +1778,6 @@ trait ParticipantHealthAdministrationCommon extends FeatureFlagFilter {
       participantId: ParticipantId,
       timeout: NonNegativeDuration,
       domainId: Option[DomainId],
-      workflowId: String,
       id: String,
   ): Either[String, Duration] =
     consoleEnvironment.run {
@@ -1793,7 +1806,7 @@ trait ParticipantHealthAdministrationCommon extends FeatureFlagFilter {
       id: String = "",
   ): Duration = {
     val adminApiRes: Either[String, Duration] =
-      ping_internal(participantId, timeout, domainId, "", id)
+      ping_internal(participantId, timeout, domainId, id)
     consoleEnvironment.runE(
       adminApiRes.leftMap { reason =>
         s"Unable to ping $participantId within ${LoggerUtil
@@ -1813,7 +1826,7 @@ trait ParticipantHealthAdministrationCommon extends FeatureFlagFilter {
       domainId: Option[DomainId] = None,
       id: String = "",
   ): Option[Duration] = check(FeatureFlag.Testing) {
-    ping_internal(participantId, timeout, domainId, "", id).toOption
+    ping_internal(participantId, timeout, domainId, id).toOption
   }
 }
 

diff --git a/...ase/src/main/scala/com/digitalasset/canton/console/commands/SequencerAdministration.scala b/...ase/src/main/scala/com/digitalasset/canton/console/commands/SequencerAdministration.scala
@@ -27,9 +27,9 @@ class SequencerAdministration(node: SequencerReference) extends ConsoleCommandGr
   @Help.Summary(
     "Download sequencer snapshot at given point in time to bootstrap another sequencer"
   )
+  @Help.Description("""It is recommended to use onboarding_state_for_sequencer for onboarding
+      |a new sequencer.""")
   def snapshot(timestamp: CantonTimestamp): SequencerSnapshot =
-    // TODO(#14074) add something like "snapshot for sequencer-id", rather than timestamp based
-    //      we still need to keep the timestamp based such that we can provide recovery for corrupted sequencers
     consoleEnvironment.run {
       runner.adminCommand(EnterpriseSequencerAdminCommands.Snapshot(timestamp))
     }

diff --git a/...in/scala/com/digitalasset/canton/console/commands/SequencerConnectionAdministration.scala b/...in/scala/com/digitalasset/canton/console/commands/SequencerConnectionAdministration.scala
@@ -96,5 +96,19 @@ trait SequencerConnectionAdministration extends Helpful {
         } yield ()
       }
 
+    @Help.Summary(
+      "Revoke this sequencer client node's authentication tokens and close all the sequencers connections."
+    )
+    @Help.Description("""
+      On all the sequencers, all existing authentication tokens for this sequencer client node will be revoked.
+      Note that the node is not disconnected from the domain; only the connections to the sequencers are closed.
+      The node will automatically reopen connections, perform a challenge-response and obtain new tokens.
+      """)
+    def logout(): Unit = consoleEnvironment.run {
+      adminCommand(
+        EnterpriseSequencerConnectionAdminCommands.Logout()
+      )
+    }
+
   }
 }