digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 17:28:46 +03:00
Code Issues Projects Releases Wiki Activity
4f0ceff7a2
daml/ledger/ledger-api-test-tool-on-canton/BUILD.bazel
Moritz Kiefer 4e1c5fedb3
Check visibility for by-key operation of local contracts (#9470) 
* Check visibility for by-key operation of local contracts

fixes #9454

I tried out two approaches for this:

1. The one here where we add a new callback. This has the advantage
   that the engine remains oblivious to visibility checks. They are all
   done outside and the engine doesn’t even know about the reading
   parties.
2. Make the engine aware of the reading parties. A start of that is in
   #9458.

Both work in principle but I ended up going for 1 in the end. Doing
half of the visibility checks outside the engine and half inside just
seems worse than the current state.

changelog_begin

- [Daml Engine] Fix a bug where it was possible to
  fetch/lookup/exercise a local contract by key even if the reading parties
  are not stakeholders. See #9454 for details.

changelog_end

* Disable new test on Canton

changelog_begin
changelog_end

* Exclude from compat tests

changelog_begin
changelog_end

* s/LocalLookup/LocalFetch/

changelog_begin
changelog_end

* Address review

changelog_begin
changelog_end
2021-04-22 21:39:12 +02:00

162 lines
6.1 KiB
Python
Raw Blame History

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
load("//ledger/ledger-api-test-tool:conformance.bzl", "conformance_test")
load("@os_info//:os_info.bzl", "is_windows")
java_binary(
name = "canton",
main_class = "com.digitalasset.canton.CantonCommunityApp",
runtime_deps = ["@canton//:lib"],
)
# Disabled on Windows because `coreutils` and `grpcurl` aren't easily available.
genrule(
name = "canton-test-runner-with-dependencies-script",
srcs = [
":canton-test-runner.sh",
],
outs = ["canton-test-runner-with-dependencies.sh"],
cmd = """
cat > $@ <<EOF
#!/usr/bin/env bash
set -euo pipefail
f=bazel_tools/tools/bash/runfiles/runfiles.bash
source "\\$${RUNFILES_DIR:-/dev/null}/\\$$f" 2>/dev/null || \\
source "\\$$(grep -sm1 "^\\$$f " "\\$${RUNFILES_MANIFEST_FILE:-/dev/null}" | cut -f2- -d' ')" 2>/dev/null || \\
source "\\$$0.runfiles/\\$$f" 2>/dev/null || \\
source "\\$$(grep -sm1 "^\\$$f " "\\$$0.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \\
source "\\$$(grep -sm1 "^\\$$f " "\\$$0.exe.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \\
{ echo>&2 "ERROR: cannot find \\$$f"; exit 1; }; f=; set -e
PATH="\\$$(rlocation coreutils_nix/bin):\\$$(rlocation curl_nix/bin):\\$$(rlocation grpcurl_nix/bin):\\$$(rlocation jq_dev_env/bin):\\$$PATH"
export PATH
EOF
cat $< >> $@
""",
) if not is_windows else None
# Required because running `canton-test-runner-with-dependencies-script` directly fails.
sh_binary(
name = "canton-test-runner-with-dependencies",
srcs = [":canton-test-runner-with-dependencies-script"],
# Ideally these would be part of the script definition above, but that doesn't seem to work.
deps = ["@bazel_tools//tools/bash/runfiles"],
) if not is_windows else None
conformance_test(
name = "conformance-test",
# Ideally these would be part of the script definition above, but that doesn't seem to work.
extra_data = [
":bootstrap.canton",
":canton_deploy.jar",
":canton.conf",
":logback-debug.xml",
"@coreutils_nix//:bin/base64",
"@curl_nix//:bin/curl",
"@grpcurl_nix//:bin/grpcurl",
"@jq_dev_env//:jq",
"@jdk11_nix//:bin/java",
],
lf_versions = [
"stable",
"latest",
],
ports = [
5011,
5021,
5031,
5041,
],
runner = "@//bazel_tools/client_server/runner:runner",
server = ":canton-test-runner-with-dependencies",
test_tool_args = [
"--verbose",
"--concurrent-test-runs=4", # lowered from default #procs to reduce flakes - details in https://github.com/digital-asset/daml/issues/7316
# The following three contract key tests require uniqueness
"--exclude=ContractKeysIT,ContractKeysIT:CKFetchOrLookup,ContractKeysIT:CKNoFetchUndisclosed,ContractKeysIT:CKMaintainerScoped" +
",ParticipantPruningIT" + # see "conformance-test-participant-pruning" below
",ConfigManagementServiceIT,LedgerConfigurationServiceIT" + # dynamic config management not supported by Canton
",ClosedWorldIT" + # Canton currently fails this test with a different error (missing namespace in "unallocated" party id)
# Excluding tests that require contract key uniqueness and RWArchiveVsFailedLookupByKey (finding a lookup failure after contract creation)
",RaceConditionIT:WWDoubleNonTransientCreate,RaceConditionIT:WWArchiveVsNonTransientCreate,RaceConditionIT:RWTransientCreateVsNonTransientCreate,RaceConditionIT:RWArchiveVsFailedLookupByKey",
],
) if not is_windows else None
conformance_test(
name = "conformance-test-contract-keys",
# Ideally these would be part of the script definition above, but that doesn't seem to work.
extra_data = [
":bootstrap.canton",
":canton_deploy.jar",
":canton.conf",
":unique-contract-keys.conf", # needed to pass all contract keys conformance tests
":logback-debug.xml",
"@coreutils_nix//:bin/base64",
"@curl_nix//:bin/curl",
"@grpcurl_nix//:bin/grpcurl",
"@jq_dev_env//:jq",
"@jdk11_nix//:bin/java",
],
lf_versions = [
"stable",
"latest",
],
ports = [
5011,
5021,
5031,
5041,
],
runner = "@//bazel_tools/client_server/runner:runner",
server = ":canton-test-runner-with-dependencies",
test_tool_args = [
"--verbose",
"--concurrent-test-runs=4", # lowered from default #procs to reduce flakes - details in https://github.com/digital-asset/daml/issues/7316
"--include=ContractKeysIT" +
",RaceConditionIT",
# Some of gRPC status codes changed from INVALID_ARGUMENT to ABORTED (see https://github.com/digital-asset/daml/pull/9218):
# LocalKeyVisibility can be reenabled on the next canton update.
"--exclude=ContractKeysIT:CKFetchOrLookup,ContractKeysIT:CKNoFetchUndisclosed,ContractKeysIT:CKMaintainerScoped,ContractKeysIT:CKLocalKeyVisibility",
],
) if not is_windows else None
conformance_test(
name = "conformance-test-participant-pruning",
# Ideally these would be part of the script definition above, but that doesn't seem to work.
extra_data = [
":bootstrap.canton",
":canton_deploy.jar",
":canton.conf",
":enable-faster-pruning.conf", # needed to prevent timing out on prune requests
":logback-debug.xml",
"@coreutils_nix//:bin/base64",
"@curl_nix//:bin/curl",
"@grpcurl_nix//:bin/grpcurl",
"@jq_dev_env//:jq",
"@jdk11_nix//:bin/java",
],
lf_versions = [
"stable",
"latest",
],
ports = [
5011,
5021,
5031,
5041,
],
runner = "@//bazel_tools/client_server/runner:runner",
server = ":canton-test-runner-with-dependencies",
tags = [
"manual", # pruning test is flaky on canton because of safe-pruning offset reconciliation checks
],
test_tool_args = [
"--verbose",
"--include=ParticipantPruningIT",
],
) if not is_windows else None
Reference in New Issue View Git Blame Copy Permalink