diff --git a/CHANGELOG.md b/CHANGELOG.md index 651069268a..77591d140a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,30 @@ # UNRELEASED +### feat: Support canister log allowed viewer list + +Added support for the canister log allowed viewer list, enabling specified users to access a canister's logs without needing to be set as the canister's controller. +Valid settings are: +- `--add-log-viewer`, `--remove-log-viewer` and `--set-log-viewer` flags with `dfx canister update-settings` +- `--log-viewer` flag with `dfx canister create` +- `canisters[].initialization_values.log_visibility.allowed_viewers` in `dfx.json` + +# 0.24.1 + ### feat: More PocketIC flags supported `dfx start --pocketic` is now compatible with `--artificial-delay` and the `subnet_type` configuration option, and enables `--enable-canister-http` by default. ## Dependencies +### Frontend canister + +#### feat: Better error messages when proposing a batch + +Add the batch id in the error messages of `propose_commit_batch`. + +Module hash: 2c9e30df9be951a6884c702a97bbb8c0b438f33d4208fa612b1de6fb1752db76 + ### Motoko Updated Motoko to [0.13.0](https://github.com/dfinity/motoko/releases/tag/0.13.0) diff --git a/Cargo.lock b/Cargo.lock index 0ad8de3c08..c9213a6ab9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1514,7 +1514,7 @@ checksum = "322ef0094744e63628e6f0eb2295517f79276a5b342a4c2ff3042566ca181d4e" [[package]] name = "dfx" -version = "0.23.0-beta.3" +version = "0.24.0" dependencies = [ "actix", "aes-gcm", diff --git a/docs/cli-reference/dfx-canister.mdx b/docs/cli-reference/dfx-canister.mdx index 39e606227a..fd306c111c 100644 --- a/docs/cli-reference/dfx-canister.mdx +++ b/docs/cli-reference/dfx-canister.mdx @@ -280,7 +280,8 @@ You can use the following options with the `dfx canister create` command. | `--memory-allocation ` | Specifies how much memory the canister is allowed to use in total. This should be a value in the range [0..12 GiB]. A setting of 0 means the canister will have access to memory on a “best-effort” basis: It will only be charged for the memory it uses, but at any point in time may stop running if it tries to allocate more memory when there isn’t space available on the subnet. | | `--reserved-cycles-limit ` | Specifies the upper limit for the canister's reserved cycles. | | `--wasm-memory-limit ` | Specifies a soft upper limit for the canister's heap memory. | -| `--log-visibility ` | Specifies who is allowed to read the canister's logs. Can be either "controllers" or "public". | +| `--log-viewer ` | Specifies the principal as an allowed viewers. Can be specified more than once. Cannot be used with `--log-visibility`. | +| `--log-visibility ` | Specifies who can read the canister's logs: "controllers" or "public". For custom allowed viewers, use `--log-viewer`. | | `--no-wallet` | Performs the call with the user Identity as the Sender of messages. Bypasses the Wallet canister. Enabled by default. | | `--with-cycles ` | Specifies the initial cycle balance to deposit into the newly created canister. The specified amount needs to take the canister create fee into account. This amount is deducted from the wallet's cycle balance. | | `--specified-id ` | Attempts to create the canister with this Canister ID | @@ -1137,14 +1138,17 @@ You can specify the following options for the `dfx canister update-settings` com | Option | Description | |-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `--add-controller ` | Add a principal to the list of controllers of the canister. | +| `--add-log-viewer ` | Add a principal to the list of log viewers of the canister. Can be specified more than once to add multiple log viewers. If current log visibility is `public` or `controllers`, it will be changed to the custom allowed viewer list. | | `-c`, `--compute-allocation ` | Specifies the canister's compute allocation. This should be a percent in the range [0..100]. | | `--confirm-very-long-freezing-threshold` | Freezing thresholds above ~1.5 years require this option as confirmation. | | `--set-controller ` | Specifies the identity name or the principal of the new controller. Can be specified more than once, indicating the canister will have multiple controllers. If any controllers are set with this parameter, any other controllers will be removed. | +| `--set-log-viewer ` | Specifies the the principal of the log viewer of the canister. Can be specified more than once, indicating the canister will have multiple log viewers. If any log viewers are set with this parameter, any other log viewers will be removed. If current log visibility is `public` or `controllers`, it will be changed to the custom allowed viewer list. | | `--memory-allocation ` | Specifies how much memory the canister is allowed to use in total. This should be a value in the range [0..12 GiB]. A setting of 0 means the canister will have access to memory on a “best-effort” basis: It will only be charged for the memory it uses, but at any point in time may stop running if it tries to allocate more memory when there isn’t space available on the subnet. | | `--reserved-cycles-limit ` | Specifies the upper limit of the canister's reserved cycles. | | `--wasm-memory-limit ` | Specifies a soft upper limit for the canister's heap memory. | -| `--log-visibility ` | Specifies who is allowed to read the canister's logs. Can be either "controllers" or "public". | +| `--log-visibility ` | Specifies who is allowed to read the canister's logs. Can be either "controllers" or "public". For custom allowed viewers, use `--set-log-viewer` or `--add-log-viewer`. | | `--remove-controller ` | Removes a principal from the list of controllers of the canister. | +| `--remove-log-viewer ` | Removes a principal from the list of log viewers of the canister. Can be specified more than once to remove multiple log viewers. | | `--freezing-threshold ` | Set the [freezing threshold](https://internetcomputer.org/docs/current/references/ic-interface-spec/#ic-create_canister) in seconds for a canister. This should be a value in the range [0..2^64^-1]. Very long thresholds require the `--confirm-very-long-freezing-threshold` option. | | `-y`, `--yes` | Skips yes/no checks by answering 'yes'. Such checks can result in loss of control, so this is not recommended outside of CI. | diff --git a/docs/cli-reference/dfx-envars.mdx b/docs/cli-reference/dfx-envars.mdx index a4845569e7..4b9f0ea558 100644 --- a/docs/cli-reference/dfx-envars.mdx +++ b/docs/cli-reference/dfx-envars.mdx @@ -68,3 +68,11 @@ DFX_VERSION=0.13.1 dfx deploy --network ic ## DFX_DISABLE_QUERY_VERIFICATION Set this to a non-empty value to disable verification of replica-signed queries. + +## DFX_REPLICA_PATH + +Use the `DFX_REPLICA_PATH` environment variable to specify a file path to a local version of the replica. If this option is used, `canister_sandbox` and `sandbox_launcher` must be in the same directory with the desired replica version. + +## DFX_IC_STARTER_PATH + +Use the `DFX_IC_STARTER_PATH` environment variable to specify a file path to a local version of `ic-starter`. diff --git a/docs/dfx-json-schema.json b/docs/dfx-json-schema.json index ec157b6e98..3e7240d3a4 100644 --- a/docs/dfx-json-schema.json +++ b/docs/dfx-json-schema.json @@ -137,10 +137,29 @@ } }, "CanisterLogVisibility": { - "type": "string", - "enum": [ - "controllers", - "public" + "oneOf": [ + { + "type": "string", + "enum": [ + "controllers", + "public" + ] + }, + { + "type": "object", + "required": [ + "allowed_viewers" + ], + "properties": { + "allowed_viewers": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } ] }, "CanisterMetadataSection": { @@ -947,7 +966,7 @@ }, "log_visibility": { "title": "Log Visibility", - "description": "Specifies who is allowed to read the canister's logs.\n\nCan be \"public\" or \"controllers\".", + "description": "Specifies who is allowed to read the canister's logs.\n\nCan be \"public\", \"controllers\" or \"allowed_viewers\" with a list of principals.", "anyOf": [ { "$ref": "#/definitions/CanisterLogVisibility" diff --git a/e2e/tests-dfx/canister_logs.bash b/e2e/tests-dfx/canister_logs.bash index 27f6de53c6..367d10fcae 100644 --- a/e2e/tests-dfx/canister_logs.bash +++ b/e2e/tests-dfx/canister_logs.bash @@ -65,3 +65,29 @@ dfx_canister_logs_tail_n_1() { assert_not_contains "Alice" assert_contains "Bob" } + +@test "canister logs only visible to allowed viewers." { + install_asset logs + dfx_start + dfx canister create --all + dfx build + dfx canister install e2e_project + dfx canister call e2e_project hello Alice + sleep 2 + + assert_command dfx canister logs e2e_project + assert_contains "Hello, Alice!" + + # Create identity for viewers. + assert_command dfx identity new --storage-mode plaintext alice + ALICE_PRINCIPAL=$(dfx identity get-principal --identity alice) + + assert_command_fail dfx canister logs e2e_project --identity alice + + assert_command dfx canister update-settings --add-log-viewer="${ALICE_PRINCIPAL}" e2e_project + assert_command dfx canister status e2e_project + assert_contains "${ALICE_PRINCIPAL}" + + assert_command dfx canister logs e2e_project --identity alice + assert_contains "Hello, Alice!" +} diff --git a/e2e/tests-dfx/create.bash b/e2e/tests-dfx/create.bash index 9c15e48f77..881bee09fa 100644 --- a/e2e/tests-dfx/create.bash +++ b/e2e/tests-dfx/create.bash @@ -352,3 +352,85 @@ teardown() { assert_contains 'Freezing threshold: 2_592_000' assert_contains 'Log visibility: controllers' } + +@test "create with multiple log allowed viewer list in dfx.json" { + # Create two identities + assert_command dfx identity new --storage-mode plaintext alice + assert_command dfx identity new --storage-mode plaintext bob + ALICE_PRINCIPAL=$(dfx identity get-principal --identity alice) + BOB_PRINCIPAL=$(dfx identity get-principal --identity bob) + + jq '.canisters.e2e_project_backend.initialization_values={ + "compute_allocation": 5, + "freezing_threshold": "7days", + "memory_allocation": "2 GiB", + "reserved_cycles_limit": 1000000000000, + "wasm_memory_limit": "1 GiB", + "log_visibility": { + "allowed_viewers" : + ['\""$ALICE_PRINCIPAL"\"', '\""$BOB_PRINCIPAL"\"'] + } + }' dfx.json | sponge dfx.json + dfx_start + assert_command dfx deploy e2e_project_backend --no-wallet + assert_command dfx canister status e2e_project_backend + assert_contains 'Memory allocation: 2_147_483_648' + assert_contains 'Compute allocation: 5' + assert_contains 'Reserved cycles limit: 1_000_000_000_000' + assert_contains 'Wasm memory limit: 1_073_741_824' + assert_contains 'Freezing threshold: 604_800' + assert_contains "${ALICE_PRINCIPAL}" + assert_contains "${BOB_PRINCIPAL}" +} + +@test "create with multiple log allowed viewer list" { + # Create two identities + assert_command dfx identity new --storage-mode plaintext alice + assert_command dfx identity new --storage-mode plaintext bob + ALICE_PRINCIPAL=$(dfx identity get-principal --identity alice) + BOB_PRINCIPAL=$(dfx identity get-principal --identity bob) + + dfx_start + assert_command dfx canister create --all --log-viewer "${ALICE_PRINCIPAL}" --log-viewer "${BOB_PRINCIPAL}" --no-wallet + assert_command dfx deploy e2e_project_backend --no-wallet + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" + assert_contains "${BOB_PRINCIPAL}" +} + +# The following function decodes a canister id in the textual form into its binary form +# and is taken from the [IC Interface Specification](https://internetcomputer.org/docs/current/references/ic-interface-spec#principal). +function textual_decode() { + echo -n "$1" | tr -d - | tr "[:lower:]" "[:upper:]" | + fold -w 8 | xargs -n1 printf '%-8s' | tr ' ' = | + base32 -d | xxd -p | tr -d '\n' | cut -b9- | tr "[:lower:]" "[:upper:]" +} + +@test "create targets application subnet in PocketIC" { + [[ ! "$USE_POCKETIC" ]] && skip "skipped for replica: no support for multiple subnets" + dfx_start + # create the backend canister without a wallet canister so that the backend canister is the only canister ever created + assert_command dfx canister create e2e_project_backend --no-wallet + # actual canister id + CANISTER_ID="$(dfx canister id e2e_project_backend)" + # base64 encode the actual canister id + CANISTER_ID_BASE64="$(textual_decode "${CANISTER_ID}" | xxd -r -p | base64)" + # fetch topology from PocketIC server + TOPOLOGY="$(curl "http://127.0.0.1:$(dfx info replica-port)/instances/0/read/topology")" + # find application subnet id in the topology + for subnet_id in $(echo "${TOPOLOGY}" | jq keys[]) + do + SUBNET_KIND="$(echo "$TOPOLOGY" | jq -r ".${subnet_id}.\"subnet_kind\"")" + if [ "${SUBNET_KIND}" == "Application" ] + then + # find the expected canister id as the beginning of the first canister range of the app subnet + EXPECTED_CANISTER_ID_BASE64="$(echo "$TOPOLOGY" | jq -r ".${subnet_id}.\"canister_ranges\"[0].\"start\".\"canister_id\"")" + fi + done + # check if the actual canister id matches the expected canister id + if [ "${CANISTER_ID_BASE64}" != "${EXPECTED_CANISTER_ID_BASE64}" ] + then + echo "Canister id ${CANISTER_ID_BASE64} does not match expected canister id ${EXPECTED_CANISTER_ID_BASE64}" + exit 1 + fi +} diff --git a/e2e/tests-dfx/update_settings.bash b/e2e/tests-dfx/update_settings.bash index 63af5cb86f..74d668cf61 100644 --- a/e2e/tests-dfx/update_settings.bash +++ b/e2e/tests-dfx/update_settings.bash @@ -66,6 +66,8 @@ teardown() { dfx_start assert_command dfx deploy e2e_project_backend assert_command dfx canister status e2e_project_backend + + # Test against a single canister. assert_contains "Log visibility: controllers" assert_command dfx canister update-settings e2e_project_backend --log-visibility public assert_command dfx canister status e2e_project_backend @@ -73,6 +75,84 @@ teardown() { assert_command dfx canister update-settings e2e_project_backend --log-visibility controllers assert_command dfx canister status e2e_project_backend assert_contains "Log visibility: controllers" + + # Test --all code path. + assert_command dfx canister update-settings --log-visibility public --all + assert_command dfx canister status e2e_project_backend + assert_contains "Log visibility: public" + assert_command dfx canister update-settings --log-visibility controllers --all + assert_command dfx canister status e2e_project_backend + assert_contains "Log visibility: controllers" +} + +@test "update log allowed viewer list" { + # Create two identities + assert_command dfx identity new --storage-mode plaintext alice + assert_command dfx identity new --storage-mode plaintext bob + ALICE_PRINCIPAL=$(dfx identity get-principal --identity alice) + BOB_PRINCIPAL=$(dfx identity get-principal --identity bob) + + dfx_new + dfx_start + assert_command dfx deploy e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "Log visibility: controllers" + + # Test against a single canister. + assert_command dfx canister update-settings --add-log-viewer="${ALICE_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" + + assert_command dfx canister update-settings --remove-log-viewer="${BOB_PRINCIPAL}" e2e_project_backend + assert_contains "'${BOB_PRINCIPAL}' is not in the allowed list" + + assert_command dfx canister update-settings --add-log-viewer="${BOB_PRINCIPAL}" --remove-log-viewer="${ALICE_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "${BOB_PRINCIPAL}" + assert_not_contains "${ALICE_PRINCIPAL}" + + assert_command dfx canister update-settings --set-log-viewer="${ALICE_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" + assert_not_contains "${BOB_PRINCIPAL}" + + assert_command dfx canister update-settings --remove-log-viewer="${ALICE_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "allowed viewers list is empty" + + assert_command dfx canister update-settings --add-log-viewer="${BOB_PRINCIPAL}" --add-log-viewer="${ALICE_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" + assert_contains "${BOB_PRINCIPAL}" + + assert_command dfx canister update-settings --remove-log-viewer="${ALICE_PRINCIPAL}" --remove-log-viewer="${BOB_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "allowed viewers list is empty" + + assert_command dfx canister update-settings --set-log-viewer="${BOB_PRINCIPAL}" --set-log-viewer="${ALICE_PRINCIPAL}" e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" + assert_contains "${BOB_PRINCIPAL}" + + assert_command dfx canister update-settings --log-visibility controllers e2e_project_backend + assert_command dfx canister status e2e_project_backend + assert_contains "Log visibility: controllers" + + assert_command_fail dfx canister update-settings --remove-log-viewer="${BOB_PRINCIPAL}" e2e_project_backend + assert_contains "Removing reviewers is not allowed with 'public' or 'controllers' log visibility." + + # Test --all code path. + assert_command dfx canister update-settings --add-log-viewer="${ALICE_PRINCIPAL}" --all + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" + + assert_command dfx canister update-settings --remove-log-viewer="${ALICE_PRINCIPAL}" --all + assert_command dfx canister status e2e_project_backend + assert_contains "allowed viewers list is empty" + + assert_command dfx canister update-settings --set-log-viewer="${ALICE_PRINCIPAL}" --all + assert_command dfx canister status e2e_project_backend + assert_contains "${ALICE_PRINCIPAL}" } @test "set controller" { diff --git a/public/manifest.json b/public/manifest.json index 96ba0bf371..55593a164c 100644 --- a/public/manifest.json +++ b/public/manifest.json @@ -1,6 +1,6 @@ { "tags": { - "latest": "0.23.0" + "latest": "0.24.0" }, "versions": [ "0.5.0", @@ -71,6 +71,7 @@ "0.20.1", "0.21.0", "0.22.0", - "0.23.0" + "0.23.0", + "0.24.0" ] -} +} \ No newline at end of file diff --git a/src/canisters/frontend/ic-certified-assets/src/state_machine.rs b/src/canisters/frontend/ic-certified-assets/src/state_machine.rs index 7b859fbcad..fa4b04bad6 100644 --- a/src/canisters/frontend/ic-certified-assets/src/state_machine.rs +++ b/src/canisters/frontend/ic-certified-assets/src/state_machine.rs @@ -625,7 +625,7 @@ impl State { .get_mut(&batch_id) .ok_or_else(|| "batch not found".to_string())?; if batch.commit_batch_arguments.is_some() { - return Err("batch has been proposed".to_string()); + return Err(format!("batch {} has been proposed", batch_id)); } batch.expires_at = Int::from(now + BATCH_EXPIRY_NANOS); @@ -674,7 +674,10 @@ impl State { .get_mut(&arg.batch_id) .expect("batch not found"); if batch.commit_batch_arguments.is_some() { - return Err("batch already has proposed CommitBatchArguments".to_string()); + return Err(format!( + "batch {} already has proposed CommitBatchArguments", + arg.batch_id + )); }; batch.commit_batch_arguments = Some(arg); Ok(()) diff --git a/src/canisters/frontend/ic-certified-assets/src/tests.rs b/src/canisters/frontend/ic-certified-assets/src/tests.rs index a1669c2942..1bc56d1b0c 100644 --- a/src/canisters/frontend/ic-certified-assets/src/tests.rs +++ b/src/canisters/frontend/ic-certified-assets/src/tests.rs @@ -699,12 +699,17 @@ fn can_propose_commit_batch_exactly_once() { let batch_1 = state.create_batch(time_now).unwrap(); let args = CommitBatchArguments { - batch_id: batch_1, + batch_id: batch_1.clone(), operations: vec![], }; assert_eq!(Ok(()), state.propose_commit_batch(args.clone())); match state.propose_commit_batch(args) { - Err(err) if err == *"batch already has proposed CommitBatchArguments" => {} + Err(err) + if err + == format!( + "batch {} already has proposed CommitBatchArguments", + batch_1, + ) => {} other => panic!("expected batch already proposed error, got: {:?}", other), }; } @@ -730,17 +735,17 @@ fn cannot_create_chunk_in_proposed_batch_() { }, time_now, ) { - Err(err) if err == *"batch has been proposed" => {} + Err(err) if err == format!("batch {} has been proposed", batch_1) => {} other => panic!("expected batch already proposed error, got: {:?}", other), } match state.create_chunks( CreateChunksArg { - batch_id: batch_1, + batch_id: batch_1.clone(), content: vec![ByteBuf::from(BODY.to_vec())], }, time_now, ) { - Err(err) if err == *"batch has been proposed" => {} + Err(err) if err == format!("batch {} has been proposed", batch_1) => {} other => panic!("expected batch already proposed error, got: {:?}", other), } } @@ -822,12 +827,12 @@ fn batches_with_evidence_do_not_expire() { match state.create_chunk( CreateChunkArg { - batch_id: batch_1, + batch_id: batch_1.clone(), content: ByteBuf::from(BODY.to_vec()), }, time_now, ) { - Err(err) if err == *"batch has been proposed" => {} + Err(err) if err == format!("batch {} has been proposed", batch_1) => {} other => panic!("expected batch already proposed error, got: {:?}", other), } } diff --git a/src/dfx-core/src/config/model/dfinity.rs b/src/dfx-core/src/config/model/dfinity.rs index 6fe142b1f6..e26edada97 100644 --- a/src/dfx-core/src/config/model/dfinity.rs +++ b/src/dfx-core/src/config/model/dfinity.rs @@ -407,12 +407,14 @@ impl CanisterTypeProperties { } } -#[derive(Copy, Clone, Default, Debug, PartialEq, Eq, Serialize, Deserialize, JsonSchema)] -#[serde(rename_all = "lowercase")] +#[derive(Clone, Default, Debug, PartialEq, Eq, Serialize, Deserialize, JsonSchema)] +#[serde(rename_all = "snake_case")] pub enum CanisterLogVisibility { #[default] Controllers, Public, + #[schemars(with = "Vec::")] + AllowedViewers(Vec), } impl From for LogVisibility { @@ -420,6 +422,9 @@ impl From for LogVisibility { match value { CanisterLogVisibility::Controllers => LogVisibility::Controllers, CanisterLogVisibility::Public => LogVisibility::Public, + CanisterLogVisibility::AllowedViewers(viewers) => { + LogVisibility::AllowedViewers(viewers) + } } } } @@ -475,7 +480,7 @@ pub struct InitializationValues { /// # Log Visibility /// Specifies who is allowed to read the canister's logs. /// - /// Can be "public" or "controllers". + /// Can be "public", "controllers" or "allowed_viewers" with a list of principals. #[schemars(with = "Option")] pub log_visibility: Option, } @@ -1008,6 +1013,7 @@ impl ConfigInterface { .map_err(|e| GetLogVisibilityFailed(canister_name.to_string(), e))? .initialization_values .log_visibility + .clone() .map(|visibility| visibility.into())) } diff --git a/src/dfx-core/src/config/model/replica_config.rs b/src/dfx-core/src/config/model/replica_config.rs index 389e6c3c86..ed4164b56d 100644 --- a/src/dfx-core/src/config/model/replica_config.rs +++ b/src/dfx-core/src/config/model/replica_config.rs @@ -1,4 +1,5 @@ use crate::config::model::dfinity::{ReplicaLogLevel, ReplicaSubnetType}; +use candid::Principal; use serde::{Deserialize, Serialize}; use std::borrow::Cow; use std::default::Default; @@ -192,6 +193,7 @@ pub enum CachedReplicaConfig<'a> { #[derive(Serialize, Deserialize, Debug, PartialEq, Eq)] pub struct CachedConfig<'a> { pub replica_rev: String, + pub effective_canister_id: Option, #[serde(flatten)] pub config: CachedReplicaConfig<'a>, } @@ -200,23 +202,29 @@ impl<'a> CachedConfig<'a> { pub fn replica(config: &'a ReplicaConfig, replica_rev: String) -> Self { Self { replica_rev, + effective_canister_id: None, config: CachedReplicaConfig::Replica { config: Cow::Borrowed(config), }, } } - pub fn pocketic(config: &'a ReplicaConfig, replica_rev: String) -> Self { + pub fn pocketic( + config: &'a ReplicaConfig, + replica_rev: String, + effective_canister_id: Option, + ) -> Self { Self { replica_rev, + effective_canister_id, config: CachedReplicaConfig::PocketIc { config: Cow::Borrowed(config), }, } } - pub fn is_pocketic(&self) -> bool { - matches!(self.config, CachedReplicaConfig::PocketIc { .. }) - } pub fn can_share_state(&self, other: &Self) -> bool { self == other } + pub fn get_effective_canister_id(&self) -> Option { + self.effective_canister_id + } } diff --git a/src/dfx-core/src/config/project_templates.rs b/src/dfx-core/src/config/project_templates.rs index 6dbe27e6b8..28c5565131 100644 --- a/src/dfx-core/src/config/project_templates.rs +++ b/src/dfx-core/src/config/project_templates.rs @@ -1,5 +1,6 @@ use itertools::Itertools; use std::collections::BTreeMap; +use std::fmt::Display; use std::io; use std::sync::OnceLock; @@ -17,11 +18,18 @@ pub enum Category { Frontend, FrontendTest, Extra, + Support, } #[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd, Hash)] pub struct ProjectTemplateName(pub String); +impl Display for ProjectTemplateName { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + write!(f, "{}", self.0) + } +} + #[derive(Debug, Clone)] pub struct ProjectTemplate { /// The name of the template as specified on the command line, @@ -38,14 +46,17 @@ pub struct ProjectTemplate { /// as well as for interactive selection pub category: Category, - /// If true, run `cargo update` after creating the project - pub update_cargo_lockfile: bool, + /// Other project templates to patch in alongside this one + pub requirements: Vec, + + /// Run a command after adding the canister to dfx.json + pub post_create: Vec, - /// If true, patch in the any_js template files - pub has_js: bool, + /// If set, display a spinner while this command runs + pub post_create_spinner_message: Option, - /// If true, run npm install - pub install_node_dependencies: bool, + /// If the post-create command fails, display this warning but don't fail + pub post_create_failure_warning: Option, /// The sort order is fixed rather than settable in properties: /// For backend: diff --git a/src/dfx/Cargo.toml b/src/dfx/Cargo.toml index e337648599..b87d9dc9a8 100644 --- a/src/dfx/Cargo.toml +++ b/src/dfx/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "dfx" -version = "0.23.0-beta.3" +version = "0.24.0" authors.workspace = true edition.workspace = true repository.workspace = true diff --git a/src/dfx/src/actors/mod.rs b/src/dfx/src/actors/mod.rs index ee44edd16b..721f35a73f 100644 --- a/src/dfx/src/actors/mod.rs +++ b/src/dfx/src/actors/mod.rs @@ -203,6 +203,7 @@ pub fn start_pocketic_actor( let actor_config = pocketic::Config { pocketic_path, + effective_config_path: local_server_descriptor.effective_config_path(), replica_config, port: local_server_descriptor.replica.port, port_file: pocketic_port_path, diff --git a/src/dfx/src/actors/pocketic.rs b/src/dfx/src/actors/pocketic.rs index 102f943d44..3e8b2a8d3c 100644 --- a/src/dfx/src/actors/pocketic.rs +++ b/src/dfx/src/actors/pocketic.rs @@ -4,14 +4,21 @@ use crate::actors::shutdown_controller::signals::outbound::Shutdown; use crate::actors::shutdown_controller::signals::ShutdownSubscribe; use crate::actors::shutdown_controller::ShutdownController; use crate::lib::error::{DfxError, DfxResult}; +#[cfg(unix)] +use crate::lib::info::replica_rev; use actix::{ Actor, ActorContext, ActorFutureExt, Addr, AsyncContext, Context, Handler, Recipient, ResponseActFuture, Running, WrapFuture, }; use anyhow::{anyhow, bail}; +#[cfg(unix)] use candid::Principal; use crossbeam::channel::{unbounded, Receiver, Sender}; +#[cfg(unix)] +use dfx_core::config::model::replica_config::CachedConfig; use dfx_core::config::model::replica_config::ReplicaConfig; +#[cfg(unix)] +use dfx_core::json::save_json_file; use slog::{debug, error, info, warn, Logger}; use std::ops::ControlFlow::{self, *}; use std::path::{Path, PathBuf}; @@ -30,13 +37,11 @@ pub mod signals { } } -pub const POCKETIC_EFFECTIVE_CANISTER_ID: Principal = - Principal::from_slice(&[0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x01, 0x01]); - /// The configuration for the PocketIC actor. #[derive(Clone)] pub struct Config { pub pocketic_path: PathBuf, + pub effective_config_path: PathBuf, pub replica_config: ReplicaConfig, pub port: Option, pub port_file: PathBuf, @@ -257,7 +262,12 @@ fn pocketic_start_thread( } } }; - let instance = match initialize_pocketic(port, &config.replica_config, logger.clone()) { + let instance = match initialize_pocketic( + port, + &config.effective_config_path, + &config.replica_config, + logger.clone(), + ) { Err(e) => { error!(logger, "Failed to initialize PocketIC: {e:#}"); @@ -311,6 +321,7 @@ fn pocketic_start_thread( #[tokio::main(flavor = "current_thread")] async fn initialize_pocketic( port: u16, + effective_config_path: &Path, replica_config: &ReplicaConfig, logger: Logger, ) -> DfxResult { @@ -326,7 +337,7 @@ async fn initialize_pocketic( let mut subnet_config_set = ExtendedSubnetConfigSet { nns: Some(SubnetSpec::default()), sns: Some(SubnetSpec::default()), - ii: None, + ii: Some(SubnetSpec::default()), fiduciary: None, bitcoin: None, system: vec![], @@ -357,7 +368,33 @@ async fn initialize_pocketic( CreateInstanceResponse::Error { message } => { bail!("PocketIC init error: {message}"); } - CreateInstanceResponse::Created { instance_id, .. } => instance_id, + CreateInstanceResponse::Created { + instance_id, + topology, + } => { + let subnets = match replica_config.subnet_type { + ReplicaSubnetType::Application => topology.get_app_subnets(), + ReplicaSubnetType::System => topology.get_system_subnets(), + ReplicaSubnetType::VerifiedApplication => topology.get_verified_app_subnets(), + }; + if subnets.len() != 1 { + return Err(anyhow!("Internal error: PocketIC topology contains multiple subnets of the same subnet kind.")); + } + let subnet_id = subnets[0]; + let subnet_config = topology.0.get(&subnet_id).ok_or(anyhow!( + "Internal error: subnet id {} not found in PocketIC topology", + subnet_id + ))?; + let effective_canister_id = + Principal::from_slice(&subnet_config.canister_ranges[0].start.canister_id); + let effective_config = CachedConfig::pocketic( + replica_config, + replica_rev().into(), + Some(effective_canister_id), + ); + save_json_file(effective_config_path, &effective_config)?; + instance_id + } }; init_client .post(format!( @@ -387,7 +424,7 @@ async fn initialize_pocketic( } #[cfg(not(unix))] -fn initialize_pocketic(_: u16, _: &ReplicaConfig, _: Logger) -> DfxResult { +fn initialize_pocketic(_: u16, _: &Path, _: &ReplicaConfig, _: Logger) -> DfxResult { bail!("PocketIC not supported on this platform") } diff --git a/src/dfx/src/commands/canister/create.rs b/src/dfx/src/commands/canister/create.rs index f949ef5fa5..a5293f0f1c 100644 --- a/src/dfx/src/commands/canister/create.rs +++ b/src/dfx/src/commands/canister/create.rs @@ -1,3 +1,4 @@ +use crate::lib::canister_logs::log_visibility::LogVisibilityOpt; use crate::lib::deps::get_pull_canisters_in_config; use crate::lib::environment::Environment; use crate::lib::error::{DfxError, DfxResult}; @@ -9,7 +10,8 @@ use crate::lib::operations::canister::create_canister; use crate::lib::root_key::fetch_root_key_if_needed; use crate::util::clap::parsers::{ compute_allocation_parser, freezing_threshold_parser, log_visibility_parser, - memory_allocation_parser, reserved_cycles_limit_parser, wasm_memory_limit_parser, + memory_allocation_parser, principal_parser, reserved_cycles_limit_parser, + wasm_memory_limit_parser, }; use crate::util::clap::parsers::{cycle_amount_parser, icrc_subaccount_parser}; use crate::util::clap::subnet_selection_opt::SubnetSelectionOpt; @@ -92,9 +94,14 @@ pub struct CanisterCreateOpts { /// Specifies who is allowed to read the canister's logs. /// Can be either "controllers" or "public". - #[arg(long, value_parser = log_visibility_parser)] + #[arg(long, value_parser = log_visibility_parser, conflicts_with("log_viewer"))] log_visibility: Option, + /// Specifies the the principal of the log viewer of the canister. + /// Can be specified more than once. + #[arg(long, action = ArgAction::Append, value_parser = principal_parser, conflicts_with("log_visibility"))] + log_viewer: Option>, + /// Performs the call with the user Identity as the Sender of messages. /// Bypasses the Wallet canister. #[arg(long)] @@ -202,7 +209,9 @@ pub async fn exec( ) .with_context(|| format!("Failed to read Wasm memory limit of {canister_name}."))?; let log_visibility = get_log_visibility( - opts.log_visibility, + env, + LogVisibilityOpt::from(&opts.log_visibility, &opts.log_viewer).as_ref(), + None, Some(config_interface), Some(canister_name), ) @@ -285,7 +294,9 @@ pub async fn exec( ) .with_context(|| format!("Failed to read Wasm memory limit of {canister_name}."))?; let log_visibility = get_log_visibility( - opts.log_visibility.clone(), + env, + LogVisibilityOpt::from(&opts.log_visibility, &opts.log_viewer).as_ref(), + None, Some(config_interface), Some(canister_name), ) diff --git a/src/dfx/src/commands/canister/status.rs b/src/dfx/src/commands/canister/status.rs index 8bac6b2eb8..d3183759b9 100644 --- a/src/dfx/src/commands/canister/status.rs +++ b/src/dfx/src/commands/canister/status.rs @@ -55,18 +55,23 @@ async fn canister_status( LogVisibility::Controllers => "controllers".to_string(), LogVisibility::Public => "public".to_string(), LogVisibility::AllowedViewers(viewers) => { - let mut viewers: Vec<_> = viewers.iter().map(Principal::to_text).collect(); - viewers.sort(); - format!("allowed viewers: {}", viewers.join(", ")) + if viewers.is_empty() { + "allowed viewers list is empty".to_string() + } else { + let mut viewers: Vec<_> = viewers.iter().map(Principal::to_text).collect(); + viewers.sort(); + format!("allowed viewers: {}", viewers.join(", ")) + } } }; - println!("Canister status call result for {canister}.\nStatus: {status}\nControllers: {controllers}\nMemory allocation: {memory_allocation}\nCompute allocation: {compute_allocation}\nFreezing threshold: {freezing_threshold}\nMemory Size: {memory_size:?}\nBalance: {balance} Cycles\nReserved: {reserved} Cycles\nReserved cycles limit: {reserved_cycles_limit}\nWasm memory limit: {wasm_memory_limit}\nModule hash: {module_hash}\nNumber of queries: {queries_total}\nInstructions spent in queries: {query_instructions_total}\nTotal query request payload size (bytes): {query_req_payload_total}\nTotal query response payload size (bytes): {query_resp_payload_total}\nLog visibility: {log_visibility}", + println!("Canister status call result for {canister}.\nStatus: {status}\nControllers: {controllers}\nMemory allocation: {memory_allocation}\nCompute allocation: {compute_allocation}\nFreezing threshold: {freezing_threshold}\nIdle cycles burned per day: {idle_cycles_burned_per_day}\nMemory Size: {memory_size:?}\nBalance: {balance} Cycles\nReserved: {reserved} Cycles\nReserved cycles limit: {reserved_cycles_limit}\nWasm memory limit: {wasm_memory_limit}\nModule hash: {module_hash}\nNumber of queries: {queries_total}\nInstructions spent in queries: {query_instructions_total}\nTotal query request payload size (bytes): {query_req_payload_total}\nTotal query response payload size (bytes): {query_resp_payload_total}\nLog visibility: {log_visibility}", status = status.status, controllers = controllers.join(" "), memory_allocation = status.settings.memory_allocation, compute_allocation = status.settings.compute_allocation, freezing_threshold = status.settings.freezing_threshold, + idle_cycles_burned_per_day = status.idle_cycles_burned_per_day, memory_size = status.memory_size, balance = status.cycles, reserved = status.reserved_cycles, diff --git a/src/dfx/src/commands/canister/update_settings.rs b/src/dfx/src/commands/canister/update_settings.rs index 8367e6ff39..f6867c58af 100644 --- a/src/dfx/src/commands/canister/update_settings.rs +++ b/src/dfx/src/commands/canister/update_settings.rs @@ -1,3 +1,4 @@ +use crate::lib::canister_logs::log_visibility::LogVisibilityOpt; use crate::lib::diagnosis::DiagnosedError; use crate::lib::environment::Environment; use crate::lib::error::{DfxError, DfxResult}; @@ -8,8 +9,8 @@ use crate::lib::ic_attributes::{ use crate::lib::operations::canister::{get_canister_status, update_settings}; use crate::lib::root_key::fetch_root_key_if_needed; use crate::util::clap::parsers::{ - compute_allocation_parser, freezing_threshold_parser, log_visibility_parser, - memory_allocation_parser, reserved_cycles_limit_parser, wasm_memory_limit_parser, + compute_allocation_parser, freezing_threshold_parser, memory_allocation_parser, + reserved_cycles_limit_parser, wasm_memory_limit_parser, }; use anyhow::{bail, Context}; use byte_unit::Byte; @@ -20,7 +21,7 @@ use dfx_core::error::identity::InstantiateIdentityFromNameError::GetIdentityPrin use dfx_core::identity::CallSender; use fn_error_context::context; use ic_agent::identity::Identity; -use ic_utils::interfaces::management_canister::LogVisibility; +use ic_utils::interfaces::management_canister::StatusCallResult; /// Update one or more of a canister's settings (i.e its controller, compute allocation, or memory allocation.) #[derive(Parser, Debug)] @@ -88,10 +89,8 @@ pub struct UpdateSettingsOpts { #[arg(long, value_parser = wasm_memory_limit_parser)] wasm_memory_limit: Option, - /// Specifies who is allowed to read the canister's logs. - /// Can be either "controllers" or "public". - #[arg(long, value_parser = log_visibility_parser)] - log_visibility: Option, + #[command(flatten)] + log_visibility_opt: Option, /// Freezing thresholds above ~1.5 years require this flag as confirmation. #[arg(long)] @@ -157,11 +156,29 @@ pub async fn exec( get_reserved_cycles_limit(opts.reserved_cycles_limit, config_interface, canister_name)?; let wasm_memory_limit = get_wasm_memory_limit(opts.wasm_memory_limit, config_interface, canister_name)?; - let log_visibility = - get_log_visibility(opts.log_visibility.clone(), config_interface, canister_name)?; + let mut current_status: Option = None; + if let Some(log_visibility) = &opts.log_visibility_opt { + if log_visibility.require_current_settings() { + current_status = Some(get_canister_status(env, canister_id, call_sender).await?); + } + } + let log_visibility = get_log_visibility( + env, + opts.log_visibility_opt.as_ref(), + current_status.as_ref(), + config_interface, + canister_name, + )?; if let Some(added) = &opts.add_controller { - let status = get_canister_status(env, canister_id, call_sender).await?; - let mut existing_controllers = status.settings.controllers; + if current_status.is_none() { + current_status = Some(get_canister_status(env, canister_id, call_sender).await?); + } + let mut existing_controllers = current_status + .as_ref() + .unwrap() + .settings + .controllers + .clone(); for s in added { existing_controllers.push(controller_to_principal(env, s)?); } @@ -171,8 +188,11 @@ pub async fn exec( let controllers = if opts.add_controller.is_some() { controllers.as_mut().unwrap() } else { - let status = get_canister_status(env, canister_id, call_sender).await?; - controllers.get_or_insert(status.settings.controllers) + if current_status.is_none() { + current_status = + Some(get_canister_status(env, canister_id, call_sender).await?); + } + controllers.get_or_insert(current_status.unwrap().settings.controllers) }; let removed = removed .iter() @@ -240,15 +260,32 @@ pub async fn exec( Some(canister_name), ) .with_context(|| format!("Failed to get Wasm memory limit for {canister_name}."))?; + let mut current_status: Option = None; + if let Some(log_visibility) = &opts.log_visibility_opt { + if log_visibility.require_current_settings() { + current_status = + Some(get_canister_status(env, canister_id, call_sender).await?); + } + } let log_visibility = get_log_visibility( - opts.log_visibility.clone(), + env, + opts.log_visibility_opt.as_ref(), + current_status.as_ref(), Some(config_interface), Some(canister_name), ) .with_context(|| format!("Failed to get log visibility for {canister_name}."))?; if let Some(added) = &opts.add_controller { - let status = get_canister_status(env, canister_id, call_sender).await?; - let mut existing_controllers = status.settings.controllers; + if current_status.is_none() { + current_status = + Some(get_canister_status(env, canister_id, call_sender).await?); + } + let mut existing_controllers = current_status + .as_ref() + .unwrap() + .settings + .controllers + .clone(); for s in added { existing_controllers.push(controller_to_principal(env, s)?); } @@ -258,8 +295,11 @@ pub async fn exec( let controllers = if opts.add_controller.is_some() { controllers.as_mut().unwrap() } else { - let status = get_canister_status(env, canister_id, call_sender).await?; - controllers.get_or_insert(status.settings.controllers) + if current_status.is_none() { + current_status = + Some(get_canister_status(env, canister_id, call_sender).await?); + } + controllers.get_or_insert(current_status.unwrap().settings.controllers) }; let removed = removed .iter() diff --git a/src/dfx/src/commands/new.rs b/src/dfx/src/commands/new.rs index 0b1ab2aa8a..15c7a388b7 100644 --- a/src/dfx/src/commands/new.rs +++ b/src/dfx/src/commands/new.rs @@ -6,7 +6,8 @@ use crate::lib::manifest::{get_latest_version, is_upgrade_necessary}; use crate::lib::program; use crate::util::assets; use crate::util::clap::parsers::project_name_parser; -use anyhow::{anyhow, bail, ensure, Context}; +use crate::util::command::direct_or_shell_command; +use anyhow::{anyhow, bail, ensure, Context, Error}; use clap::builder::PossibleValuesParser; use clap::Parser; use console::{style, Style}; @@ -21,10 +22,10 @@ use fn_error_context::context; use indicatif::HumanBytes; use semver::Version; use slog::{info, warn, Logger}; -use std::collections::BTreeMap; +use std::collections::{BTreeMap, HashMap}; use std::io::{self, IsTerminal, Read}; use std::path::{Path, PathBuf}; -use std::process::{Command, Stdio}; +use std::process::{Command, ExitStatus, Stdio}; use std::time::Duration; use tar::Archive; @@ -216,6 +217,13 @@ pub fn init_git(log: &Logger, project_name: &Path) -> DfxResult { Ok(()) } +fn replace_variables(mut s: String, variables: &BTreeMap) -> String { + variables.iter().for_each(|(name, value)| { + s = s.replace(&format!("__{name}__"), value); + }); + s +} + #[context("Failed to unpack archive to {}.", root.to_string_lossy())] fn write_files_from_entries( log: &Logger, @@ -236,25 +244,17 @@ fn write_files_from_entries( let v = match String::from_utf8(v) { Err(err) => err.into_bytes(), - Ok(mut s) => { - // Perform replacements. - variables.iter().for_each(|(name, value)| { - s = s.replace(&format!("__{name}__"), value); - }); - s.into_bytes() - } + Ok(s) => replace_variables(s, variables).into_bytes(), }; // Perform path replacements. - let mut p = root + let p = root .join(file.header().path()?) .to_str() .expect("Non unicode project name path.") .to_string(); - variables.iter().for_each(|(name, value)| { - p = p.replace(&format!("__{name}__"), value); - }); + let p = replace_variables(p, variables); let p = PathBuf::from(p); if p.extension() == Some("json-patch".as_ref()) { @@ -269,27 +269,12 @@ fn write_files_from_entries( Ok(()) } -#[context("Failed to run 'npm install'.")] -fn npm_install(location: &Path) -> DfxResult { - Command::new(program::NPM) - .arg("install") - .arg("--quiet") - .arg("--no-progress") - .arg("--workspaces") - .arg("--if-present") - .stdout(Stdio::inherit()) - .stderr(Stdio::inherit()) - .current_dir(location) - .spawn() - .map_err(DfxError::from) -} - #[context("Failed to scaffold frontend code.")] fn scaffold_frontend_code( env: &dyn Environment, dry_run: bool, project_name: &Path, - frontend: ProjectTemplate, + frontend: &ProjectTemplate, frontend_tests: Option, agent_version: &Option, variables: &BTreeMap, @@ -318,7 +303,7 @@ fn scaffold_frontend_code( project_name_str.to_uppercase(), ); - write_project_template_resources(log, &frontend, project_name, dry_run, &variables)?; + write_project_template_resources(log, frontend, project_name, dry_run, &variables)?; if let Some(frontend_tests) = frontend_tests { write_project_template_resources( @@ -331,19 +316,8 @@ fn scaffold_frontend_code( } // Only install node dependencies if we're not running in dry run. - if !dry_run && frontend.install_node_dependencies { - // Install node modules. Error is not blocking, we just show a message instead. - if node_installed { - let b = env.new_spinner("Installing node dependencies...".into()); - - if npm_install(project_name)?.wait().is_ok() { - b.finish_with_message("Done.".into()); - } else { - b.finish_with_message( - "An error occurred. See the messages above for more details.".into(), - ); - } - } + if !dry_run { + run_post_create_command(env, project_name, frontend, &variables)?; } } else { if !node_installed { @@ -371,7 +345,6 @@ fn scaffold_frontend_code( variables, )?; } - Ok(()) } @@ -520,20 +493,15 @@ pub fn exec(env: &dyn Environment, mut opts: NewOpts) -> DfxResult { None }; - if backend.has_js || frontend.as_ref().map_or(false, |t| t.has_js) { - write_files_from_entries( - log, - &mut assets::new_project_js_files().context("Failed to get JS config archive.")?, - project_name, - dry_run, - &variables, - )?; + let requirements = get_requirements(&backend, frontend.as_ref(), &extras)?; + for requirement in &requirements { + write_project_template_resources(log, requirement, project_name, dry_run, &variables)?; } write_project_template_resources(log, &backend, project_name, dry_run, &variables)?; - for extra in extras { - write_project_template_resources(log, &extra, project_name, dry_run, &variables)?; + for extra in &extras { + write_project_template_resources(log, extra, project_name, dry_run, &variables)?; } if let Some(frontend) = frontend { @@ -541,7 +509,7 @@ pub fn exec(env: &dyn Environment, mut opts: NewOpts) -> DfxResult { env, dry_run, project_name, - frontend, + &frontend, frontend_tests, &opts.agent_version, &variables, @@ -578,26 +546,12 @@ pub fn exec(env: &dyn Environment, mut opts: NewOpts) -> DfxResult { init_git(log, project_name)?; } - if backend.update_cargo_lockfile { - // dfx build will use --locked, so update the lockfile beforehand - const MSG: &str = "You will need to run it yourself (or a similar command like `cargo vendor`), because `dfx build` will use the --locked flag with Cargo."; - if let Ok(code) = Command::new("cargo") - .arg("update") - .arg("--manifest-path") - .arg(project_name.join("Cargo.toml")) - .stderr(Stdio::inherit()) - .stdout(Stdio::inherit()) - .status() - { - if !code.success() { - warn!(log, "Failed to run `cargo update`. {MSG}"); - } - } else { - warn!( - log, - "Failed to run `cargo update` - is Cargo installed? {MSG}" - ) - } + run_post_create_command(env, project_name, &backend, &variables)?; + for extra in extras { + run_post_create_command(env, project_name, &extra, &variables)? + } + for requirement in &requirements { + run_post_create_command(env, project_name, requirement, &variables)?; } } @@ -615,6 +569,133 @@ pub fn exec(env: &dyn Environment, mut opts: NewOpts) -> DfxResult { Ok(()) } +fn get_requirements( + backend: &ProjectTemplate, + frontend: Option<&ProjectTemplate>, + extras: &[ProjectTemplate], +) -> DfxResult> { + let mut requirements = vec![]; + + let mut have = HashMap::new(); + have.insert(backend.name.clone(), backend.clone()); + if let Some(frontend) = frontend { + have.insert(frontend.name.clone(), frontend.clone()); + } + for extra in extras { + have.insert(extra.name.clone(), extra.clone()); + } + + loop { + let new_requirements = have + .iter() + .flat_map(|(_, template)| template.requirements.clone()) + .filter(|requirement| !have.contains_key(requirement)) + .collect::>(); + + for new_requirement in &new_requirements { + let Some(requirement) = find_project_template(new_requirement) else { + bail!("Did not find required project template {}", new_requirement) + }; + have.insert(requirement.name.clone(), requirement.clone()); + requirements.push(requirement); + } + + if new_requirements.is_empty() { + break; + } + } + + Ok(requirements) +} + +fn run_post_create_command( + env: &dyn Environment, + root: &Path, + project_template: &ProjectTemplate, + variables: &BTreeMap, +) -> DfxResult { + let log = env.get_logger(); + + for command in &project_template.post_create { + let command = replace_variables(command.clone(), variables); + let mut cmd = direct_or_shell_command(&command, root)?; + + let spinner = project_template + .post_create_spinner_message + .as_ref() + .map(|msg| env.new_spinner(msg.clone().into())); + + let status = cmd + .stderr(Stdio::inherit()) + .stdout(Stdio::inherit()) + .status() + .with_context(|| { + format!( + "Failed to run post-create command '{}' for project template '{}.", + &command, &project_template.name + ) + }); + + if let Some(spinner) = spinner { + let message = match status { + Ok(status) if status.success() => "Done.", + _ => "Failed.", + }; + spinner.finish_with_message(message.into()); + } + if let Some(warning) = &project_template.post_create_failure_warning { + warn_on_post_create_error(log, status, &command, warning); + } else { + fail_on_post_create_error(command, status)?; + } + } + Ok(()) +} + +fn warn_on_post_create_error( + log: &Logger, + status: Result, + command: &str, + warning: &str, +) { + match status { + Ok(status) if status.success() => {} + Ok(status) => match status.code() { + Some(code) => { + warn!( + log, + "Post-create command '{command}' failed with exit code {code}. {warning}", + ); + } + None => { + warn!(log, "Post-create command '{command}' failed. {warning}"); + } + }, + Err(e) => { + warn!( + log, + "Failed to execute post-create command '{command}': {e}. {warning}" + ); + } + } +} + +fn fail_on_post_create_error( + command: String, + status: Result, +) -> Result<(), Error> { + let status = status?; + if !status.success() { + match status.code() { + Some(code) => { + bail!("Post-create command '{command}' failed with exit code {code}.") + } + None => bail!("Post-create command '{command}' failed."), + } + } + Ok(()) +} + fn write_project_template_resources( logger: &Logger, template: &ProjectTemplate, diff --git a/src/dfx/src/commands/start.rs b/src/dfx/src/commands/start.rs index b5f96855f5..4e556cbecd 100644 --- a/src/dfx/src/commands/start.rs +++ b/src/dfx/src/commands/start.rs @@ -323,7 +323,7 @@ pub fn exec( }; let effective_config = if pocketic { - CachedConfig::pocketic(&replica_config, replica_rev().into()) + CachedConfig::pocketic(&replica_config, replica_rev().into(), None) } else { CachedConfig::replica(&replica_config, replica_rev().into()) }; diff --git a/src/dfx/src/lib/builders/mod.rs b/src/dfx/src/lib/builders/mod.rs index 2ba74ec65f..0344c27b0e 100644 --- a/src/dfx/src/lib/builders/mod.rs +++ b/src/dfx/src/lib/builders/mod.rs @@ -3,6 +3,7 @@ use crate::lib::canister_info::CanisterInfo; use crate::lib::environment::Environment; use crate::lib::error::{BuildError, DfxError, DfxResult}; use crate::lib::models::canister::CanisterPool; +use crate::util::command::direct_or_shell_command; use anyhow::{bail, Context}; use candid::Principal as CanisterId; use candid_parser::utils::CandidSource; @@ -27,7 +28,6 @@ mod motoko; mod pull; mod rust; -use crate::util::command::direct_or_shell_command; pub use custom::custom_download; #[derive(Debug)] diff --git a/src/dfx/src/lib/canister_info/rust.rs b/src/dfx/src/lib/canister_info/rust.rs index 82a9e753cc..a3b7266c26 100644 --- a/src/dfx/src/lib/canister_info/rust.rs +++ b/src/dfx/src/lib/canister_info/rust.rs @@ -63,7 +63,10 @@ impl CanisterInfoFactory for RustCanisterInfo { (format!("crate `{package}`"), package.clone()) }; let mut candidate_targets = package_info.targets.iter().filter(|x| { - x.name == crate_name && x.crate_types.iter().any(|c| c == "cdylib" || c == "bin") + x.crate_types.iter().any(|c| { + (c == "cdylib" && x.name == crate_name.replace('-', "_")) + || (c == "bin" && x.name == crate_name) + }) }); let Some(target) = candidate_targets.next() else { if let Some(wrong_type_crate) = diff --git a/src/dfx/src/lib/canister_logs/log_visibility.rs b/src/dfx/src/lib/canister_logs/log_visibility.rs new file mode 100644 index 0000000000..02e1829cb7 --- /dev/null +++ b/src/dfx/src/lib/canister_logs/log_visibility.rs @@ -0,0 +1,142 @@ +use crate::lib::environment::Environment; +use crate::lib::error::DfxResult; +use crate::util::clap::parsers::{log_visibility_parser, principal_parser}; +use anyhow::anyhow; +use candid::Principal; +use clap::{ArgAction, Args}; +use dfx_core::cli::ask_for_consent; +use ic_utils::interfaces::management_canister::{LogVisibility, StatusCallResult}; + +#[derive(Args, Clone, Debug, Default)] +pub struct LogVisibilityOpt { + /// Specifies who is allowed to read the canister's logs. + /// Can be either "controllers" or "public". + #[arg( + long, + value_parser = log_visibility_parser, + conflicts_with("add_log_viewer"), + conflicts_with("remove_log_viewer"), + conflicts_with("set_log_viewer"), + )] + log_visibility: Option, + + /// Add a principal to the list of log viewers of the canister. + #[arg(long, action = ArgAction::Append, value_parser = principal_parser, conflicts_with("set_log_viewer"))] + add_log_viewer: Option>, + + /// Removes a principal from the list of log viewers of the canister. + #[arg(long, action = ArgAction::Append, value_parser = principal_parser, conflicts_with("set_log_viewer"))] + remove_log_viewer: Option>, + + /// Specifies the the principal of the log viewer of the canister. + /// Can be specified more than once. + #[arg( + long, + action = ArgAction::Append, + value_parser = principal_parser, + conflicts_with("add_log_viewer"), + conflicts_with("remove_log_viewer"), + )] + set_log_viewer: Option>, +} + +impl LogVisibilityOpt { + pub fn require_current_settings(&self) -> bool { + self.add_log_viewer.is_some() || self.remove_log_viewer.is_some() + } + + pub fn from( + log_visibility: &Option, + log_viewer: &Option>, + ) -> Option { + if let Some(log_visibility) = log_visibility { + return Some(LogVisibilityOpt { + log_visibility: Some(log_visibility.clone()), + add_log_viewer: None, + remove_log_viewer: None, + set_log_viewer: None, + }); + } + + if let Some(log_viewer) = log_viewer { + return Some(LogVisibilityOpt { + log_visibility: None, + add_log_viewer: None, + remove_log_viewer: None, + set_log_viewer: Some(log_viewer.clone()), + }); + } + + None + } + + pub fn to_log_visibility( + &self, + env: &dyn Environment, + current_status: Option<&StatusCallResult>, + ) -> DfxResult { + let logger = env.get_logger(); + + // For public and controllers. + if let Some(log_visibility) = self.log_visibility.as_ref() { + return Ok(log_visibility.clone()); + } + + // For setting viewers. + if let Some(principals) = self.set_log_viewer.as_ref() { + return Ok(LogVisibility::AllowedViewers(principals.clone())); + } + + // Get the current viewer list for adding and removing, only for update-settings. + let mut current_visibility: Option = None; + let mut viewers = match current_status { + Some(status) => { + current_visibility = Some(status.settings.log_visibility.clone()); + match &status.settings.log_visibility { + LogVisibility::AllowedViewers(viewers) => viewers.clone(), + _ => vec![], + } + } + None => vec![], + }; + + // Adding. + if let Some(added) = self.add_log_viewer.as_ref() { + if let Some(LogVisibility::Public) = current_visibility { + let msg = "Current log is public to everyone. Adding log reviewers will make the log only visible to the reviewers."; + ask_for_consent(msg)?; + } + + for principal in added { + if !viewers.iter().any(|x| x == principal) { + viewers.push(*principal); + } + } + } + + // Removing. + if let Some(removed) = self.remove_log_viewer.as_ref() { + if let Some(visibility) = ¤t_visibility { + match visibility { + LogVisibility::Public | LogVisibility::Controllers => { + return Err(anyhow!("Removing reviewers is not allowed with 'public' or 'controllers' log visibility.")); + } + _ => (), + } + } + for principal in removed { + if let Some(idx) = viewers.iter().position(|x| x == principal) { + viewers.swap_remove(idx); + } else { + slog::warn!( + logger, + "Principal '{}' is not in the allowed list.", + principal.to_text() + ); + } + } + } + + Ok(LogVisibility::AllowedViewers(viewers)) + } +} diff --git a/src/dfx/src/lib/canister_logs/mod.rs b/src/dfx/src/lib/canister_logs/mod.rs new file mode 100644 index 0000000000..befc0b7994 --- /dev/null +++ b/src/dfx/src/lib/canister_logs/mod.rs @@ -0,0 +1 @@ +pub mod log_visibility; diff --git a/src/dfx/src/lib/environment.rs b/src/dfx/src/lib/environment.rs index 0433478eb4..5b9ecc4881 100644 --- a/src/dfx/src/lib/environment.rs +++ b/src/dfx/src/lib/environment.rs @@ -1,4 +1,3 @@ -use crate::actors::pocketic::POCKETIC_EFFECTIVE_CANISTER_ID; use crate::config::cache::DiskBasedCache; use crate::config::dfx_version; use crate::lib::error::DfxResult; @@ -298,8 +297,7 @@ impl<'a> AgentEnvironment<'a> { let url = network_descriptor.first_provider()?; let effective_canister_id = if let Some(d) = &network_descriptor.local_server_descriptor { d.effective_config()? - .is_some_and(|c| c.is_pocketic()) - .then_some(POCKETIC_EFFECTIVE_CANISTER_ID) + .and_then(|c| c.get_effective_canister_id()) } else { None }; diff --git a/src/dfx/src/lib/ic_attributes/mod.rs b/src/dfx/src/lib/ic_attributes/mod.rs index 7d93589811..a7cf379a02 100644 --- a/src/dfx/src/lib/ic_attributes/mod.rs +++ b/src/dfx/src/lib/ic_attributes/mod.rs @@ -1,3 +1,5 @@ +use crate::lib::canister_logs::log_visibility::LogVisibilityOpt; +use crate::lib::environment::Environment; use crate::lib::error::DfxResult; use anyhow::{anyhow, Context, Error}; use byte_unit::Byte; @@ -7,7 +9,7 @@ use fn_error_context::context; use ic_utils::interfaces::management_canister::{ attributes::{ComputeAllocation, FreezingThreshold, MemoryAllocation, ReservedCyclesLimit}, builders::WasmMemoryLimit, - LogVisibility, + LogVisibility, StatusCallResult, }; use num_traits::ToPrimitive; use std::convert::TryFrom; @@ -218,12 +220,16 @@ pub fn get_wasm_memory_limit( } pub fn get_log_visibility( - log_visibility: Option, + env: &dyn Environment, + log_visibility: Option<&LogVisibilityOpt>, + current_settings: Option<&StatusCallResult>, config_interface: Option<&ConfigInterface>, canister_name: Option<&str>, ) -> DfxResult> { let log_visibility = match (log_visibility, config_interface, canister_name) { - (Some(log_visibility), _, _) => Some(log_visibility), + (Some(log_visibility), _, _) => { + Some(log_visibility.to_log_visibility(env, current_settings)?) + } (None, Some(config_interface), Some(canister_name)) => { config_interface.get_log_visibility(canister_name)? } diff --git a/src/dfx/src/lib/mod.rs b/src/dfx/src/lib/mod.rs index c1d33bc68f..8a93c56690 100644 --- a/src/dfx/src/lib/mod.rs +++ b/src/dfx/src/lib/mod.rs @@ -1,6 +1,7 @@ pub mod agent; pub mod builders; pub mod canister_info; +pub mod canister_logs; pub mod cycles_ledger_types; pub mod deps; pub mod dfxvm; diff --git a/src/dfx/src/lib/project/templates.rs b/src/dfx/src/lib/project/templates.rs index 609837fde7..364556a504 100644 --- a/src/dfx/src/lib/project/templates.rs +++ b/src/dfx/src/lib/project/templates.rs @@ -3,6 +3,12 @@ use dfx_core::config::project_templates::{ Category, ProjectTemplate, ProjectTemplateName, ResourceLocation, }; +const NPM_INSTALL: &str = "npm install --quiet --no-progress --workspaces --if-present"; +const NPM_INSTALL_SPINNER_MESSAGE: &str = "Installing node dependencies..."; +const NPM_INSTALL_FAILURE_WARNING: &str = + "An error occurred. See the messages above for more details."; +const CARGO_UPDATE_FAILURE_MESSAGE: &str = "You will need to run it yourself (or a similar command like `cargo vendor`), because `dfx build` will use the --locked flag with Cargo."; + pub fn builtin_templates() -> Vec { let motoko = ProjectTemplate { name: ProjectTemplateName("motoko".to_string()), @@ -11,10 +17,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_motoko_files, }, category: Category::Backend, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 0, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let rust = ProjectTemplate { @@ -24,10 +31,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_rust_files, }, category: Category::Backend, + post_create: vec!["cargo update".to_string()], + post_create_failure_warning: Some(CARGO_UPDATE_FAILURE_MESSAGE.to_string()), + post_create_spinner_message: None, + requirements: vec![], sort_order: 1, - update_cargo_lockfile: true, - has_js: false, - install_node_dependencies: false, }; let azle = ProjectTemplate { @@ -37,10 +45,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_azle_files, }, category: Category::Backend, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![ProjectTemplateName("dfx_js_base".to_string())], sort_order: 2, - update_cargo_lockfile: false, - has_js: true, - install_node_dependencies: false, }; let kybra = ProjectTemplate { @@ -50,10 +59,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_kybra_files, }, category: Category::Backend, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 2, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let sveltekit = ProjectTemplate { @@ -63,10 +73,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_svelte_files, }, category: Category::Frontend, + post_create: vec![NPM_INSTALL.to_string()], + post_create_failure_warning: Some(NPM_INSTALL_FAILURE_WARNING.to_string()), + post_create_spinner_message: Some(NPM_INSTALL_SPINNER_MESSAGE.to_string()), + requirements: vec![ProjectTemplateName("dfx_js_base".to_string())], sort_order: 0, - update_cargo_lockfile: false, - has_js: true, - install_node_dependencies: true, }; let react = ProjectTemplate { @@ -76,10 +87,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_react_files, }, category: Category::Frontend, + post_create: vec![NPM_INSTALL.to_string()], + post_create_failure_warning: Some(NPM_INSTALL_FAILURE_WARNING.to_string()), + post_create_spinner_message: Some(NPM_INSTALL_SPINNER_MESSAGE.to_string()), + requirements: vec![ProjectTemplateName("dfx_js_base".to_string())], sort_order: 1, - update_cargo_lockfile: false, - has_js: true, - install_node_dependencies: true, }; let vue = ProjectTemplate { @@ -89,10 +101,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_vue_files, }, category: Category::Frontend, + post_create: vec![NPM_INSTALL.to_string()], + post_create_failure_warning: Some(NPM_INSTALL_FAILURE_WARNING.to_string()), + post_create_spinner_message: Some(NPM_INSTALL_SPINNER_MESSAGE.to_string()), + requirements: vec![ProjectTemplateName("dfx_js_base".to_string())], sort_order: 2, - update_cargo_lockfile: false, - has_js: true, - install_node_dependencies: true, }; let vanilla = ProjectTemplate { @@ -102,10 +115,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_vanillajs_files, }, category: Category::Frontend, + post_create: vec![NPM_INSTALL.to_string()], + post_create_failure_warning: Some(NPM_INSTALL_FAILURE_WARNING.to_string()), + post_create_spinner_message: Some(NPM_INSTALL_SPINNER_MESSAGE.to_string()), + requirements: vec![ProjectTemplateName("dfx_js_base".to_string())], sort_order: 3, - update_cargo_lockfile: false, - has_js: true, - install_node_dependencies: true, }; let simple_assets = ProjectTemplate { @@ -115,10 +129,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_assets_files, }, category: Category::Frontend, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 4, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let sveltekit_tests = ProjectTemplate { @@ -128,10 +143,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_svelte_test_files, }, category: Category::FrontendTest, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 0, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let react_tests = ProjectTemplate { @@ -141,10 +157,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_react_test_files, }, category: Category::FrontendTest, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 0, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let vue_tests = ProjectTemplate { @@ -154,10 +171,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_vue_test_files, }, category: Category::FrontendTest, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 0, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let vanillajs_tests = ProjectTemplate { @@ -167,10 +185,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_vanillajs_test_files, }, category: Category::FrontendTest, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 0, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let internet_identity = ProjectTemplate { @@ -180,10 +199,11 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_internet_identity_files, }, category: Category::Extra, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 0, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, }; let bitcoin = ProjectTemplate { @@ -193,10 +213,25 @@ pub fn builtin_templates() -> Vec { get_archive_fn: assets::new_project_bitcoin_files, }, category: Category::Extra, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], sort_order: 1, - update_cargo_lockfile: false, - has_js: false, - install_node_dependencies: false, + }; + + let js_base = ProjectTemplate { + name: ProjectTemplateName("dfx_js_base".to_string()), + display: ">".to_string(), + resource_location: ResourceLocation::Bundled { + get_archive_fn: assets::new_project_js_files, + }, + category: Category::Support, + post_create: vec![], + post_create_failure_warning: None, + post_create_spinner_message: None, + requirements: vec![], + sort_order: 2, }; vec![ @@ -215,5 +250,6 @@ pub fn builtin_templates() -> Vec { vanillajs_tests, internet_identity, bitcoin, + js_base, ] } diff --git a/src/dfx/src/util/clap/parsers.rs b/src/dfx/src/util/clap/parsers.rs index 443a599e0e..33f7c8fa21 100644 --- a/src/dfx/src/util/clap/parsers.rs +++ b/src/dfx/src/util/clap/parsers.rs @@ -1,4 +1,5 @@ use byte_unit::{Byte, ByteUnit}; +use candid::Principal; use ic_utils::interfaces::management_canister::LogVisibility; use icrc_ledger_types::icrc1::account::Subaccount; use rust_decimal::Decimal; @@ -137,6 +138,13 @@ pub fn log_visibility_parser(log_visibility: &str) -> Result Result { + match Principal::from_text(principal_text) { + Ok(principal) => Ok(principal), + _ => Err(("Failed to convert to a principal.").to_string()), + } +} + pub fn freezing_threshold_parser(freezing_threshold: &str) -> Result { freezing_threshold .parse::() diff --git a/src/distributed/assetstorage.wasm.gz b/src/distributed/assetstorage.wasm.gz index 9afc172fe4..1b691cb7ca 100755 Binary files a/src/distributed/assetstorage.wasm.gz and b/src/distributed/assetstorage.wasm.gz differ