mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 17:28:46 +03:00
4e1c5fedb3
* Check visibility for by-key operation of local contracts fixes #9454 I tried out two approaches for this: 1. The one here where we add a new callback. This has the advantage that the engine remains oblivious to visibility checks. They are all done outside and the engine doesn’t even know about the reading parties. 2. Make the engine aware of the reading parties. A start of that is in #9458. Both work in principle but I ended up going for 1 in the end. Doing half of the visibility checks outside the engine and half inside just seems worse than the current state. changelog_begin - [Daml Engine] Fix a bug where it was possible to fetch/lookup/exercise a local contract by key even if the reading parties are not stakeholders. See #9454 for details. changelog_end * Disable new test on Canton changelog_begin changelog_end * Exclude from compat tests changelog_begin changelog_end * s/LocalLookup/LocalFetch/ changelog_begin changelog_end * Address review changelog_begin changelog_end
162 lines
6.1 KiB
Python
162 lines
6.1 KiB
Python
# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
load("//ledger/ledger-api-test-tool:conformance.bzl", "conformance_test")
|
|
load("@os_info//:os_info.bzl", "is_windows")
|
|
|
|
java_binary(
|
|
name = "canton",
|
|
main_class = "com.digitalasset.canton.CantonCommunityApp",
|
|
runtime_deps = ["@canton//:lib"],
|
|
)
|
|
|
|
# Disabled on Windows because `coreutils` and `grpcurl` aren't easily available.
|
|
genrule(
|
|
name = "canton-test-runner-with-dependencies-script",
|
|
srcs = [
|
|
":canton-test-runner.sh",
|
|
],
|
|
outs = ["canton-test-runner-with-dependencies.sh"],
|
|
cmd = """
|
|
cat > $@ <<EOF
|
|
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
f=bazel_tools/tools/bash/runfiles/runfiles.bash
|
|
source "\\$${RUNFILES_DIR:-/dev/null}/\\$$f" 2>/dev/null || \\
|
|
source "\\$$(grep -sm1 "^\\$$f " "\\$${RUNFILES_MANIFEST_FILE:-/dev/null}" | cut -f2- -d' ')" 2>/dev/null || \\
|
|
source "\\$$0.runfiles/\\$$f" 2>/dev/null || \\
|
|
source "\\$$(grep -sm1 "^\\$$f " "\\$$0.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \\
|
|
source "\\$$(grep -sm1 "^\\$$f " "\\$$0.exe.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \\
|
|
{ echo>&2 "ERROR: cannot find \\$$f"; exit 1; }; f=; set -e
|
|
|
|
PATH="\\$$(rlocation coreutils_nix/bin):\\$$(rlocation curl_nix/bin):\\$$(rlocation grpcurl_nix/bin):\\$$(rlocation jq_dev_env/bin):\\$$PATH"
|
|
export PATH
|
|
|
|
EOF
|
|
cat $< >> $@
|
|
""",
|
|
) if not is_windows else None
|
|
|
|
# Required because running `canton-test-runner-with-dependencies-script` directly fails.
|
|
sh_binary(
|
|
name = "canton-test-runner-with-dependencies",
|
|
srcs = [":canton-test-runner-with-dependencies-script"],
|
|
# Ideally these would be part of the script definition above, but that doesn't seem to work.
|
|
deps = ["@bazel_tools//tools/bash/runfiles"],
|
|
) if not is_windows else None
|
|
|
|
conformance_test(
|
|
name = "conformance-test",
|
|
# Ideally these would be part of the script definition above, but that doesn't seem to work.
|
|
extra_data = [
|
|
":bootstrap.canton",
|
|
":canton_deploy.jar",
|
|
":canton.conf",
|
|
":logback-debug.xml",
|
|
"@coreutils_nix//:bin/base64",
|
|
"@curl_nix//:bin/curl",
|
|
"@grpcurl_nix//:bin/grpcurl",
|
|
"@jq_dev_env//:jq",
|
|
"@jdk11_nix//:bin/java",
|
|
],
|
|
lf_versions = [
|
|
"stable",
|
|
"latest",
|
|
],
|
|
ports = [
|
|
5011,
|
|
5021,
|
|
5031,
|
|
5041,
|
|
],
|
|
runner = "@//bazel_tools/client_server/runner:runner",
|
|
server = ":canton-test-runner-with-dependencies",
|
|
test_tool_args = [
|
|
"--verbose",
|
|
"--concurrent-test-runs=4", # lowered from default #procs to reduce flakes - details in https://github.com/digital-asset/daml/issues/7316
|
|
# The following three contract key tests require uniqueness
|
|
"--exclude=ContractKeysIT,ContractKeysIT:CKFetchOrLookup,ContractKeysIT:CKNoFetchUndisclosed,ContractKeysIT:CKMaintainerScoped" +
|
|
",ParticipantPruningIT" + # see "conformance-test-participant-pruning" below
|
|
",ConfigManagementServiceIT,LedgerConfigurationServiceIT" + # dynamic config management not supported by Canton
|
|
",ClosedWorldIT" + # Canton currently fails this test with a different error (missing namespace in "unallocated" party id)
|
|
# Excluding tests that require contract key uniqueness and RWArchiveVsFailedLookupByKey (finding a lookup failure after contract creation)
|
|
",RaceConditionIT:WWDoubleNonTransientCreate,RaceConditionIT:WWArchiveVsNonTransientCreate,RaceConditionIT:RWTransientCreateVsNonTransientCreate,RaceConditionIT:RWArchiveVsFailedLookupByKey",
|
|
],
|
|
) if not is_windows else None
|
|
|
|
conformance_test(
|
|
name = "conformance-test-contract-keys",
|
|
# Ideally these would be part of the script definition above, but that doesn't seem to work.
|
|
extra_data = [
|
|
":bootstrap.canton",
|
|
":canton_deploy.jar",
|
|
":canton.conf",
|
|
":unique-contract-keys.conf", # needed to pass all contract keys conformance tests
|
|
":logback-debug.xml",
|
|
"@coreutils_nix//:bin/base64",
|
|
"@curl_nix//:bin/curl",
|
|
"@grpcurl_nix//:bin/grpcurl",
|
|
"@jq_dev_env//:jq",
|
|
"@jdk11_nix//:bin/java",
|
|
],
|
|
lf_versions = [
|
|
"stable",
|
|
"latest",
|
|
],
|
|
ports = [
|
|
5011,
|
|
5021,
|
|
5031,
|
|
5041,
|
|
],
|
|
runner = "@//bazel_tools/client_server/runner:runner",
|
|
server = ":canton-test-runner-with-dependencies",
|
|
test_tool_args = [
|
|
"--verbose",
|
|
"--concurrent-test-runs=4", # lowered from default #procs to reduce flakes - details in https://github.com/digital-asset/daml/issues/7316
|
|
"--include=ContractKeysIT" +
|
|
",RaceConditionIT",
|
|
# Some of gRPC status codes changed from INVALID_ARGUMENT to ABORTED (see https://github.com/digital-asset/daml/pull/9218):
|
|
# LocalKeyVisibility can be reenabled on the next canton update.
|
|
"--exclude=ContractKeysIT:CKFetchOrLookup,ContractKeysIT:CKNoFetchUndisclosed,ContractKeysIT:CKMaintainerScoped,ContractKeysIT:CKLocalKeyVisibility",
|
|
],
|
|
) if not is_windows else None
|
|
|
|
conformance_test(
|
|
name = "conformance-test-participant-pruning",
|
|
# Ideally these would be part of the script definition above, but that doesn't seem to work.
|
|
extra_data = [
|
|
":bootstrap.canton",
|
|
":canton_deploy.jar",
|
|
":canton.conf",
|
|
":enable-faster-pruning.conf", # needed to prevent timing out on prune requests
|
|
":logback-debug.xml",
|
|
"@coreutils_nix//:bin/base64",
|
|
"@curl_nix//:bin/curl",
|
|
"@grpcurl_nix//:bin/grpcurl",
|
|
"@jq_dev_env//:jq",
|
|
"@jdk11_nix//:bin/java",
|
|
],
|
|
lf_versions = [
|
|
"stable",
|
|
"latest",
|
|
],
|
|
ports = [
|
|
5011,
|
|
5021,
|
|
5031,
|
|
5041,
|
|
],
|
|
runner = "@//bazel_tools/client_server/runner:runner",
|
|
server = ":canton-test-runner-with-dependencies",
|
|
tags = [
|
|
"manual", # pruning test is flaky on canton because of safe-pruning offset reconciliation checks
|
|
],
|
|
test_tool_args = [
|
|
"--verbose",
|
|
"--include=ParticipantPruningIT",
|
|
],
|
|
) if not is_windows else None
|