This PR fixes the tls configuration to work if client auth is not
enabled and adds a `--tls` flag to extractor and navigator which
allows you to enable tls without overriding any certificates.
There is a test for extractor but none for navigator since there are
no tls tests at all afaict atm. I did however test it manually.
changelog_begin
- [Navigator] Navigator can now run a TLS enabled ledger without
client authentication. You can enable TLS without any special
certificates by passing ``--tls``.
- [Extractor] Extractor can now run a TLS enabled ledger without
client authentication. You can enable TLS without any special
certificates by passing ``--tls``.
changelog_end
Currently sandbox only supports TLS if you also enable client
authentication. There is no reason for why this has to be the case and
for things like DABL we want TLS without client authentication so it’s
useful to be able to test this in sandbox. This PR introduces a
`--client-auth` flag that allows you to configure the behavior. The
default is the current one of requiring client authentication.
This PR does not yet update Java clients, however, the Haskell client
supports this already and is used to test this functionality.
I’ve also added a section in the documentation on TLS (there were no
docs at all so far).
changelog_begin
- [DAML Sandbox] When Sandbox is run with TLS enabled, you can now
configure the requirement for client authentication via
``--client-auth``. See
https://docs.daml.com/tools/sandbox.html#running-with-tls for more information.
changelog_end
We exclude the tests that create lots of data.
CommandDeduplicationIT is disabled as kvutils does not yet
have time-based deduplication.
CHANGELOG_BEGIN
CHANGELOG_END
changelog_begin
changelog_end
For now this is only used for the daml-helper tests. I’ll shuffle
things around and use it for all tests in a separate PR.
* Capture lastSeenOffset in the @volatile var
CHANGELOG_BEGIN
[JSON API - Experimental] Websocket stream now emits last seen offset instead of the heartbeat message.
``{"heartbeat": "ping"}`` is replaced by ``{"events":[],"offset":"<last seen offset>"}``. See #4510.
CHANGELOG_END
* updating docs
* moving the last seen offset into the stream, WIP
* adding in-stream state
* minor docs
* cleanup the heartbeat logic
* minot cleanup
* Change live and heartbeat msg handling + some debug logging (to be removed)
* fixing ts tests, cleaning up
* Adding todo with the reference to the follow-up ticket
* Adding todo with the reference to the follow-up ticket
* Reduce repetition by reuse of 'modPath'
changelog_begin
changelog_end
* Use intercalate not joinPath; import </> from FilePath.Posix
These two changes should remove any ambiguity about whether paths are
treated any differently on Windows vs 'nix.
* Add command deduplication changelog
Fixes#4623
CHANGELOG_BEGIN
- [Sandbox] The command client is no longer idempontent with respect to duplicate
submissions. Duplicate submissions now instead return an ALREADY_EXISTS error,
consistent with the new deduplication mechanism of the submission client.
See also `issue #4623 <https://github.com/digital-asset/daml/issues/4623>`_.
CHANGELOG_END
* Add changelog entry for command deduplication
Fixes#4623
CHANGELOG_BEGIN
- [Sandbox] The command client is no longer idempotent with respect to duplicate
submissions. Duplicate submissions now instead return an ALREADY_EXISTS error,
consistent with the new deduplication mechanism of the submission client.
See also `issue #4623 <https://github.com/digital-asset/daml/issues/4623>`_.
CHANGELOG_END
This PR adds TLS support to DAML helper both via client certs and
without (although the latter is not tested so far since atm this is
not supported by sandbox). The CLI options follow the scheme used by
navigator/extractor/… with the addition that you can just pass `--tls`
which will turn on TLS without custom root certs or client certs.
changelog_begin
- [DAML Assistant] You can now connect to ledger via TLS for ``daml
deploy`` and ``daml ledger`` commands. See
https://docs.daml.com/deploy/generic_ledger.html for more information.
changelog_end
* daml-assistant tests: fix flaky test on Windows
```
bazel test //daml-assistant:test --test_arg=--quickcheck-replay=425714
```
failed on Windows in the test-case:
```
tail . ascendents == ascendents . takeDirectory
```
In that case the two path components given two the test case shrink to
`p1 = "a"` and `p2 = "\\"`. Confusingly, on Windows
```
isRelative "\\" == True
```
while
```
"a" </> "\\" = "\\"
```
This is documented behaviour on Windows, see [1] and [2].
Using `p1 </> p2 /= p2` instead of `isRelative p2` works around this.
[1]: https://hackage.haskell.org/package/filepath-1.4.2.1/docs/System-FilePath-Posix.html#v:-60--47--62-
[2]: https://hackage.haskell.org/package/filepath-1.4.2.1/docs/System-FilePath-Posix.html#v:isRelative
* Fix ascendants test group name
`ascendants` is defined in `DA.Daml.Project.Util`, not
`DA.Daml.Assistant`.
CHANGELOG_BEGIN
CHANGELOG_END
Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
* Don't read exclusive end in completions query
CHANGELOG_BEGIN
CHANGELOG_END
* Store offsets directly and do +1 only on read side
* Fix existing completions
* Add test for the completion service
Co-authored-by: Gerolf Seitz <gerolf.seitz@digitalasset.com>
* Rename EC auth cmdline options in line with the standard and document them.
CHANGELOG_BEGIN
CHANGELOG_END
* 📝 Fix doc
* Auth docs: change `RSA DSA` -> `RSA Signature` (clashed with DSA algo)
As proposed by @SamirTalwar-DA
CHANGELOG_BEGIN
[Sandbox] Rename the `--auth-jwt-ec256-crt` command line option to `--auth-jwt-es256-crt` as well as `--auth-jwt-ec256-crt` to `--auth-jwt-es256-crt` and fix their docs
CHANGELOG_END
* kvutils: Avoid casting `ArgumentCaptor` and friends in tests.
Instead, use generics the way they're intended.
CHANGELOG_BEGIN
CHANGELOG_END
* kvutils: In KeyValueParticipantStateWriterSpec, drop the Option.
This includes the generated docs for the typescipt libraries daml-react,
daml-ledger and daml-types in the documentation presented on
docs.daml.com. Next step is to create better readmes in this libraries.
CHANGELOG_BEGIN
CHANGELOG_END
After some investigation, canton does not currently expose a nice way
to tell ammonite where it should write its files or even better use
the in-memory mode. However, ammonite respects $HOME so we can just
set that to a temp directory which fixes the issue.
changelog_begin
changelog_end
* Split upgrade models into a separate package
This PR splits the upgrade example into 3 packages instead of 2 which
avoids a dependency from the model on the old model. This is explained
in the documentation.
changelog_begin
changelog_end
* Fix typo
Dependencies on other DAML projects are declared with the `dar_dict` attribute of the build rule. This attribute also declares the names by which the `.dar` files are known in the client project, corresponding to the references in the `daml.yaml` config.
The new rule is used build & test the upgrade documentation example code.
changelog_begin
changelog_end
* Include Bazel patch to mark tests as exclusive
This should hopefully avoid rerunning the conformance tests as often
as we do now. While this patch is not applied on Windows (since we get
it from nix), this is not really an issue since most of the exclusive
tests (in particular, all conformance tests) are disabled on Windows
anyway.
I’ve tested this locally accross a couple of runs and I get the
caching I want and looking at the code in the patch, the change looks
very reasonable. I somewhat wonder if it just broke internally at
google because they marked tests as exclusive that should have gotten
no-cache.
changelog_begin
changelog_end
* Disable caching for canton
In the current state of the release instructions, the person in charge
of the release has to figure out how to produce the changelog. This PR
adds more specific (and hopefully simpler) instructions for producing
relevant changelogs.
CHANGELOG_BEGIN
CHANGELOG_END
Currently, on Linux, after the normal build, we try running the release
script (in "dry run" mode). This is to check that the release script not
only compiles, but actually runs. To be honest I'm not entirely sure why
we do that as a separate step (i.e. why does `bazel test //...` not give
us confidence about this script?), but the point of this PR is that,
while there may be some benefit in running this script on normal PRs to
check that we have not broken the release step, there is absolutely no
point in running it _on a release build_, i.e. right after we've used
the same script in "real" ("wet run"? 🤔) mode.
CHANGELOG_BEGIN
CHANGELOG_END
CHANGELOG_BEGIN
[Documentation] Ledger API documentation clarifies how witness_parties
are determined depending on whether CreatedEvents are served as part of
the flat or full transaction stream.
CHANGELOG_END
This PR changes the release version format for snapshot releases to
allow for an optional "build number", i.e. "how many times have we
screwed up this release before this attempt?".
Adding this to the version string should be fine because:
- It is a number, so GHC will be happy.
- It is dot-separated and (manually) incrementing, so all three formats
will sort it correctly.
- The SemVer->GHC conversion only looks at the beginning and ending of
the snapshot string, and this changes the middle.
This is necessary because sometimes we screw up releases (e.g. #4902),
but also because sometimes releases screw themselves up by somehow
corrupting the Windows cache, and so far changing the version number has
been the only way out of that. So far that has meant changing the target
commit, but that's a very poor reason to choose a target commit.
We should not have to include additional code in a release just because
our release process is flaky.
CHANGELOG_BEGIN
CHANGELOG_END
* ledger-api-test-tool: Fix warnings flagged by IntelliJ IDEA.
* ledger-api-test-tool: Open-world mode.
In open-world mode, parties aren't allocated; their names are just
reserved for the test case, so that no other test will accidentally use
the same party name.
This is so we can test ledgers which dynamically allocate parties, such
as Sandbox.
* sandbox: Run conformance tests in "open-world" mode.
This means that the tests don't explicitly allocate parties (except for
a few), instead relying on Sandbox's implicit party allocation feature.
This is not enabled for Sandbox Next yet.
* sandbox-next: Implicit party allocation.
This is added to the command submission service.
CHANGELOG_BEGIN
CHANGELOG_END
* sandbox-next: Don't implicitly allocate pre-existing parties.
* ledger-api-test-tool: Move pre-allocation into ParticipantTestContext.
* ledger-api-test-tool: We can reserve parties or wait for them. Not both.
Make illegal states unrepresentable as early as possible.
* sandbox: Name ApiSubmissionService's private methods a little better.
* sandbox: Move ApiSubmissionService's conditional logic into methods.
* sandbox: Document why we set `implicitPartyAllocation` to `false`.
* sandbox: Document why `implicitPartyAllocation` is dangerous.
This doesn’t really make sense since the main point of targetting an older
LF version is because your server does not support the newer LF
version but including dependencies in newer LF versions makes that
completely useless. In the current state, this also produces a bunch
of errors that look very confusing and while we might be able to fix
them, I don’t think it’s worth doing.
changelog_begin
changelog_end
fixes#4596
