In SandboxFixture when mixing in the auth middleware fixture, set
up the ledger client with a user token instead of a claims token
when not running in the claims-token-specific auth tests.
Fixes#12831.
* note about inClaims
* prevent Product, Serializable warts with AuthServiceJWTPayload
CHANGELOG_BEGIN
CHANGELOG_END
changelog_begin
Ledger API Specification: CreateUser and GetUser endpoints of UserManagementService now return the CreateUserResponse or GetUserResponse messages, whereas previously they were returning the User message).
changelog_end
CHANGELOG_BEGIN
Ledger API Specification: When using user management based authorization streams will now get aborted on authenticated user's rights change.
CHANGELOG_END
Continues the work started in https://github.com/digital-asset/daml/pull/12543
These libraries were only needed to transition from Scala 2.12 to 2.13
and are no longer useful as all the necessary items are now available
in Scala 2.13.
changelog_begin
changelog_end
* With mock metering service
* Reformat
changelog_begin
changelog_end
* Include nanos in generation time
* Update with review comments
* Update service count
* Remove the reset service from sandbox-classic and sandbox
CHANGELOG_BEGIN
Reset service has been removed from the sandbox-classic, sandbox and daml-on-sql
CHANGELOG_END
* format it
* user management: require `daml_ledger_api` scope in user access tokens
The accesss token's scope must include `daml_ledger_api` to ensure
that access token was issued for accessing the Daml ledger api.
CHANGELOG_BEGIN
CHANGELOG_END
New year, new copyright, new expected unknown issues with various files
that won't be covered by the script and/or will be but shouldn't change.
I'll do the details on Jan 1, but would appreciate this being
preapproved so I can actually get it merged by then.
CHANGELOG_BEGIN
CHANGELOG_END
This PR prepares the landscape for seamless integration of Index DB with non IndexService related
front components like UserManagementStore.
DbSupport is a simply a DbDispatcher and a StorageBackendFactory. Creation of it comes also in Flyway migrated flavor for capturing common need.
This is a pure refactoring PR: no behavior/feature changes
CHANGELOG_BEGIN
CHANGELOG_END
* Fix#12133: correct error for tokens with invalid user-ids
- also changes the error for a token referring to an unknown user from `UNAUTHENTICATED` to `PERMISSION_DENIED`
CHANGELOG_BEGIN
CHANGELOG_END
user management: add defaulting for the application_id field of requests
CHANGELOG_BEGIN
- [Ledger API]: as a convenience when using JWT authentication, a
request's application_id field can be left empty to ask the server to
set the field to the id of the authenticated user or the application-id
in the custom token. There are three services that currently specify
application_id's in the request: CommandService,
CommandSubmissionService, and CommandCompletionService.
CHANGELOG_END
CHANGELOG_BEGIN
- [User Management]: add support for managing participant node users and authenticating
requests as these users using standard JWT tokens.
CHANGELOG_END
Co-authored-by: Marton Nagy <marton.nagy@digitalasset.com>
Co-authored-by: Adriaan Moors <90182053+adriaanm-da@users.noreply.github.com>
* [Self-service error codes] Do not return error code id in metadata
CHANGELOG_BEGIN
CHANGELOG_END
* Do not propagate definite_answer
* Additionally, remove redundant context info from error codes
* Fix tests
* Create IndexDbException as a specialization
* Used to globally define error codes returned by the persistence layer
that are logging
* [Self-service error codes] Implement V2 in Authorizer
CHANGELOG_BEGIN
CHANGELOG_END
* Added unit test for authorize (non-streamed)
* Fix after rebase
* Do not expose the error codes switching mechanism to the Java bindings
* Adjust InternalAuthorizationError to be SystemInternalAssumptionViolated
* Parameter names in test
* Testing AuthorizationInterceptor with regard to returned error codes
* Do not use default error code version switchers at instance creation
* Addressed Pawel's review comments
* Using ErrorFactories for error dispatching
* Pass loggingContext to Authorizer where available
* Generic internal authorization error
* Moved ErrorCodesVersionSwitcher to //ledger/error
CHANGELOG_BEGIN
CHANGELOG_END
* Rename ErrorCodeLoggingContext to ContextualizedErrorLogger
* Refactored ErrorFactories
* All error factories use ContextualizedErrorLogger for being able to dispatch self-service error codes.
* The ContextualizedErrorLogger is passed down from the dispatching Ledger API services.
* ErrorFactoriesSpec asserts both legacy (V1) and self-service error codes (V2).
* Adapted ApiSubmissionService
* Addressed Marcin's review comments
* Upgrade Scalatest to v3.2.9.
Because of some coupling we also have to upgrade Scalaz to the latest
v7.2 point release, v7.2.33.
The Scalatest changes are quite involved because the JAR has been broken
up into several smaller JARs. Because Bazel expects us to specify all
dependencies and doesn't allow transitive dependencies to be used
directly, this means that we need to specify the explicit Scalatest
components that we use.
As you can imagine, this results in quite a big set of changes. They
are, however, constrained to dependency management; all the code remains
the same.
CHANGELOG_BEGIN
CHANGELOG_END
* http-json-oracle: Fix a Scalatest dependency.
* ledger-api-client: Fix a Scalatest dependency.
* daml-lf/data: Move ID aliases to `Ref` from _ledger-api-common_.
This allows us to remove a lot of dependencies on _ledger-api-common_,
and use these aliases in other places where that module is not used.
CHANGELOG_BEGIN
CHANGELOG_END
* participant-integration-api: Remove an unused import.
* http-json-oracle: Remove `ledger-api-common` as a dependency.
* bindings-rxjava: Remove a now-unused dependency.
* Damlification of Scala files (primarily comments and strings).
* Corrected a typo.
CHANGELOG_BEGIN
CHANGELOG_END
* Fixed build.
* Fixed test case for acronyms.
* Reformatted.
* Do not require a JWT token for Health and Reflection services
CHANGELOG_BEGIN
- A JWT token is no longer required to call methods of Health and Reflection services
CHANGELOG_END
* Let service's authorizer decide about rejections
* Updated authorization test
* Added integration test for unsecured authorisation test for the Health service
* Added integration test for unsecured authorisation test for the Server Reflection service
* Updated Claims doc comments
* Minor change
* Reduced code duplication with SecuredServiceCallAuthTests and UnsecuredServiceCallAuthTests
* Added copyrights
* Move response status handling logic to Authorizer
* Port parts of //ledger/... to Scala 2.13
Fairly random choice of directories, I just went through them in
alphabetical order. The one thing that I had to disable for now are
the conformance tests since the ledger API test tool has a dependency
not compatible with Scala 2.13.
changelog_begin
changelog_end
* Remove accidentally included //ledger/ledger-api-client/...
doesn’t actually work yet
changelog_begin
changelog_end
* Upgrade scopt to 4.0.0
Scopt 3.x has some issues with Scala 2.13 because it expects an
immutable Seq on 2.13 meaning you cannot just pass in an Array. Rather
than fixing our callsites to convert to an immutable Seq everywhere,
this PR bumps to Scopt 4.0 which goes back to collection.Seq.
and leaving that aside, I’m a fan of upgrading dependencies anyway :)
changelog_begin
changelog_end
* Use val instead of def
changelog_begin
changelog_end
This PR updates scalafmt and enables trailingCommas =
multiple. Unfortunately, scalafmt broke the version field which means
we cannot fully preserve the rest of the config. I’ve made some
attempts to stay reasonably close to the original config but couldn’t
find an exact equivalent in a lot of cases. I don’t feel strongly
about any of the settings so happy to change them to something else.
As announced, this will be merged on Saturday to avoid too many conflicts.
changelog_begin
changelog_end
* Port damlc dependencies to Scala 2.13
I got a bit fed up by the fact that going directory by directory
didn’t really work since there are two many interdependencies in
tests (e.g., client tests depend on sandbox, sandbox tests depend on
clients, engine tests depend on DARs which depend on damlc, …).
So before attempting to continue with the per-directory process, this
is a bruteforce approach to break a lot of those cycles by porting all
dependencies of damlc which includes client bindings (for DAML Script)
and Sandbox Classic (also for DAML Script).
If this is too annoying to review let me know and I’ll try to split it
up into a few chunks.
changelog_begin
changelog_end
* Update daml-lf/data/src/main/2.13/com/daml/lf/data/LawlessTraversals.scala
Co-authored-by: Stephen Compall <stephen.compall@daml.com>
* fixup lawlesstraversal
changelog_begin
changelog_end
* less iterator more view
changelog_begin
changelog_end
* document safety of unsafeWrapArray
changelog_begin
changelog_end
Co-authored-by: Stephen Compall <stephen.compall@daml.com>
* participant-integration-api: Dedicated execution context for requests.
CHANGELOG_BEGIN
CHANGELOG_END
* participant-integration-api: Construct the services executor outside.
* participant-integration-api: Share the services EC with the GRPC stack.
* participant-integration-api: Use the new EC wherever possible.
And stop using DirectExecutionContext.
* sandbox-classic: Fix DevModeIT to use the right configuration.
I have no idea why this breaks now, but it was always technically
broken, so I'm fixing it.
* participant-integration-api: Push the services EC up one more level.
* Update newly added ApiParticipantPruning service accordingly
see https://github.com/digital-asset/daml/pull/7988#discussion_r525319097
* participant-integration-api: Ensure the LedgerConfigProvider is ready.
Somehow this slipped through.
* sandbox-classic: Fix `DefaultConfig` in tests.
* language-support/java: Disable seeding in tests again.
Co-authored-by: Oliver Seeliger <oliver.seeliger@digitalasset.com>
This is necessary to at least attempt an upgrade to 2.13 and
generally, I want to keep our rulesets up2date. rules-scala forces the
version of scalatest so we have to bump that at the same time.
This requires changes to basically all Scala test suites since the
import structure has changed and a bunch of things (primarily
scalacheck support) got split out.
Apologies for the giant PR, I don’t see a way to keep it smaller.
changelog_begin
changelog_end
* Add multi-party submissions to the ledger API
CHANGELOG_BEGIN
* [Ledger API] Command submission requests now contain new optional
fields used for multi-party submissions. Such submissions currently
return UNIMPLEMENTED errors, they will be enabled in the future.
CHANGELOG_END
* Adapt Haskell bindings
* Handle the new ledger API fields
* Fix SubmitAndWaitDummyCommand
* Remove unused methods
* Redesign multi-party auth tests
* Remove direct access of request party
* Apply review comments
* Improve protobuf comments
* Multi-party tracker map
* Fix validation logic
* Consistent metric naming
* ledger-api: Use `proto_jars`.
CHANGELOG_BEGIN
- [Ledger API] The Scala JARs containing the gRPC definitions no longer
contain the *.proto files used to generate the ScalaPB-based classes.
CHANGELOG_END
* Create a source JAR for *.proto files in `proto_jars`.
* ledger-api: Publish the protobuf sources as "ledger-api-proto".
CHANGELOG_BEGIN
- [Ledger API] The *.proto files containing the gRPC definitions are now
provided by a new Maven Central artifact, with the group "com.daml"
and the artifact name "ledger-api-proto".
CHANGELOG_END
* release: We don't need the "main-jar" option.
* Bazel: Proto JARs will always have a Maven artifact suffix.
* Bazel: Simplify Protobuf source file TAR and JAR targets.
* Bazel: Extract out Protobuf functions.
* Participant pruning ledger api server support ported from Canton
CHANGELOG_BEGIN
- [Ledger API]: The preview of `ParticipantPruningService` enables ledger participants to prune the "front" of ledger state at the participant including the ledger api server index.
CHANGELOG_END
* Review feedback from Stefano
* Add pruning tests plus missed command completions change
* Review feedback from Robert
* Improved test readability by having populate helper return offsets
* Review feedback
* Ledger api changes to pruning api and disable canton pruning test
- Change return result to PruneResponse
- Change type of PruneRequest.prune_up_to to string
* Review feedback: Use ApiOffsetSConverter for logged offsets
* concurrent: Tag DirectExecutionContext.
1. Tag `DirectExecutionContext` as `ExecutionContext[Nothing]`, thereby
stating that it works for any tagged `Future`.
2. Move `DirectExecutionContext` to the _libs-scala/concurrent_
library, as it requires it and it's tiny.
CHANGELOG_BEGIN
CHANGELOG_END
* concurrent: Fix the privacy of `DirectExecutionContextInternal`.
Co-authored-by: Stephen Compall <stephen.compall@daml.com>
Co-authored-by: Stephen Compall <stephen.compall@daml.com>
* remove unused definitions, params, args from ledger API Scala code
CHANGELOG_BEGIN
- [Ledger API] withTimeProvider removed from CommandClient; this method
has done nothing since the new ledger time model was introduced in
1.0.0. See `issue #6985 <https://github.com/digital-asset/daml/pull/6985>`__.
CHANGELOG_END
* percolate withTimeProvider and label removal elsewhere
* Log all authorization errors
CHANGELOG_BEGIN
- [Ledger API Server] The ledger API server now prints detailed log messages
whenever a request was rejected due to a failed
authorization.
CHANGELOG_END