Update 2023-09-26.23 (#113)

Reference commit: ceb4c77515

Co-authored-by: Canton <canton@digitalasset.com>

Author: canton-machine

community/app-base/src/main/scala/com/digitalasset/canton/admin/api/client/commands/ParticipantAdminCommands.scala

@@ -29,7 +29,12 @@ import com.digitalasset.canton.participant.admin.v0.PingServiceGrpc.PingServiceS
 import com.digitalasset.canton.participant.admin.v0.PruningServiceGrpc.PruningServiceStub
 import com.digitalasset.canton.participant.admin.v0.ResourceManagementServiceGrpc.ResourceManagementServiceStub
 import com.digitalasset.canton.participant.admin.v0.TransferServiceGrpc.TransferServiceStub
-import com.digitalasset.canton.participant.admin.v0.{ResourceLimits as _, *}
+import com.digitalasset.canton.participant.admin.v0.{
+  PurgeContractsRequest,
+  PurgeContractsResponse,
+  ResourceLimits as _,
+  *,
+}
 import com.digitalasset.canton.participant.admin.{ResourceLimits, v0}
 import com.digitalasset.canton.participant.domain.DomainConnectionConfig as CDomainConnectionConfig
 import com.digitalasset.canton.participant.sync.UpstreamOffsetConvert
@@ -162,7 +167,7 @@ object ParticipantAdminCommands {
       ): Either[String, Unit] = {
         response.success match {
           case None => Left("unexpected empty response")
-          case Some(success) => Right(())
+          case Some(_success) => Right(())
         }
       }
 
@@ -534,6 +539,36 @@ object ParticipantAdminCommands {
       }
     }
 
+    final case class PurgeContracts(
+        domain: DomainAlias,
+        contracts: Seq[LfContractId],
+        ignoreAlreadyPurged: Boolean,
+    ) extends GrpcAdminCommand[PurgeContractsRequest, PurgeContractsResponse, Unit] {
+
+      override type Svc = ParticipantRepairServiceStub
+
+      override def createService(channel: ManagedChannel): ParticipantRepairServiceStub =
+        ParticipantRepairServiceGrpc.stub(channel)
+
+      override def createRequest(): Either[String, PurgeContractsRequest] = {
+        Right(
+          PurgeContractsRequest(
+            domain = domain.toProtoPrimitive,
+            contractIds = contracts.map(_.coid),
+            ignoreAlreadyPurged = ignoreAlreadyPurged,
+          )
+        )
+      }
+
+      override def submitRequest(
+          service: ParticipantRepairServiceStub,
+          request: PurgeContractsRequest,
+      ): Future[PurgeContractsResponse] = service.purgeContracts(request)
+
+      override def handleResponse(response: PurgeContractsResponse): Either[String, Unit] =
+        Right(())
+    }
+
     final case class MigrateDomain(
         sourceDomainAlias: DomainAlias,
         targetDomainConfig: CDomainConnectionConfig,

community/app-base/src/main/scala/com/digitalasset/canton/admin/api/client/commands/TopologyAdminCommands.scala

@@ -154,12 +154,13 @@ object TopologyAdminCommands {
         namespace: Fingerprint,
         authorizedKey: Fingerprint,
         isRootDelegation: Boolean,
+        force: Boolean,
     ) extends BaseCommand[v0.NamespaceDelegationAuthorization] {
 
       override def createRequest(): Either[String, v0.NamespaceDelegationAuthorization] =
         Right(
           v0.NamespaceDelegationAuthorization(
-            authData(ops, signedBy, replaceExisting = false, force = false),
+            authData(ops, signedBy, replaceExisting = false, force = force),
             namespace.toProtoPrimitive,
             authorizedKey.toProtoPrimitive,
             isRootDelegation,

community/app-base/src/main/scala/com/digitalasset/canton/admin/api/client/commands/TopologyAdminCommandsX.scala

@@ -668,7 +668,7 @@ object TopologyAdminCommandsX {
           store: String,
           serial: Option[PositiveInt] = None,
           change: TopologyChangeOpX = TopologyChangeOpX.Replace,
-          mustFullyAuthorize: Boolean = true,
+          mustFullyAuthorize: Boolean = false,
       ): Propose[M] =
         Propose(Right(mapping), signedBy, change, serial, mustFullyAuthorize, store)
 

community/app-base/src/main/scala/com/digitalasset/canton/console/InstanceReference.scala

@@ -456,7 +456,7 @@ object ParticipantReference {
   val InstanceType = "Participant"
 }
 
-trait ParticipantReferenceCommon
+sealed trait ParticipantReferenceCommon
     extends ConsoleCommandGroup
     with ParticipantAdministration
     with LedgerApiAdministration
@@ -493,6 +493,9 @@ trait ParticipantReferenceCommon
   lazy private val replicationGroup =
     new ParticipantReplicationAdministrationGroup(this, consoleEnvironment)
 
+  @Help.Summary("Commands to repair the participant contract state", FeatureFlag.Repair)
+  @Help.Group("Repair")
+  def repair: ParticipantRepairAdministration
 }
 
 abstract class ParticipantReference(
@@ -542,7 +545,7 @@ abstract class ParticipantReference(
   ): Boolean = topology.participant_domain_states.active(domainId, participantId)
 }
 
-trait RemoteParticipantReferenceCommon
+sealed trait RemoteParticipantReferenceCommon
     extends LedgerApiCommandRunner
     with ParticipantReferenceCommon {
 

community/app-base/src/main/scala/com/digitalasset/canton/console/commands/ParticipantRepairAdministration.scala

@@ -52,6 +52,35 @@ class ParticipantRepairAdministration(
     with NoTracing
     with Helpful {
 
+  @Help.Summary("Purge contracts with specified Contract IDs from local participant.")
+  @Help.Description(
+    """This is a last resort command to recover from data corruption, e.g. in scenarios in which participant
+      |contracts have somehow gotten out of sync and need to be manually purged, or in situations in which
+      |stakeholders are no longer available to agree to their archival. The participant needs to be disconnected from
+      |the domain on which the contracts with "contractIds" reside at the time of the call, and as of now the domain
+      |cannot have had any inflight requests.
+      |The "ignoreAlreadyPurged" flag makes it possible to invoke the command multiple times with the same
+      |parameters in case an earlier command invocation has failed.
+      |As repair commands are powerful tools to recover from unforeseen data corruption, but dangerous under normal
+      |operation, use of this command requires (temporarily) enabling the "features.enable-repair-commands"
+      |configuration. In addition repair commands can run for an unbounded time depending on the number of
+      |contract ids passed in. Be sure to not connect the participant to the domain until the call returns."""
+  )
+  def purge(
+      domain: DomainAlias,
+      contractIds: Seq[LfContractId],
+      ignoreAlreadyPurged: Boolean = true,
+  ): Unit =
+    consoleEnvironment.run {
+      runner.adminCommand(
+        ParticipantAdminCommands.ParticipantRepairManagement.PurgeContracts(
+          domain = domain,
+          contracts = contractIds,
+          ignoreAlreadyPurged = ignoreAlreadyPurged,
+        )
+      )
+    }
+
   @Help.Summary("Migrate contracts from one domain to another one.")
   @Help.Description(
     """This method can be used to migrate all the contracts associated with a domain to a new domain connection.
@@ -320,29 +349,6 @@ abstract class LocalParticipantRepairAdministration(
       }
     }
 
-  @Help.Summary("Purge contracts with specified Contract IDs from local participant.")
-  @Help.Description(
-    """This is a last resort command to recover from data corruption, e.g. in scenarios in which participant
-      |contracts have somehow gotten out of sync and need to be manually purged, or in situations in which
-      |stakeholders are no longer available to agree to their archival. The participant needs to be disconnected from
-      |the domain on which the contracts with "contractIds" reside at the time of the call, and as of now the domain
-      |cannot have had any inflight requests.
-      |The "ignoreAlreadyPurged" flag makes it possible to invoke the command multiple times with the same
-      |parameters in case an earlier command invocation has failed.
-      |As repair commands are powerful tools to recover from unforeseen data corruption, but dangerous under normal
-      |operation, use of this command requires (temporarily) enabling the "features.enable-repair-commands"
-      |configuration. In addition repair commands can run for an unbounded time depending on the number of
-      |contract ids passed in. Be sure to not connect the participant to the domain until the call returns."""
-  )
-  def purge(
-      domain: DomainAlias,
-      contractIds: Seq[LfContractId],
-      ignoreAlreadyPurged: Boolean = true,
-  ): Unit =
-    runRepairCommand(tc =>
-      access(_.sync.repairService.purgeContracts(domain, contractIds, ignoreAlreadyPurged)(tc))
-    )
-
   @Help.Summary("Move contracts with specified Contract IDs from one domain to another.")
   @Help.Description(
     """This is a last resort command to recover from data corruption in scenarios in which a domain is

community/app-base/src/main/scala/com/digitalasset/canton/console/commands/TopologyAdministration.scala

@@ -231,11 +231,20 @@ class TopologyAdministrationGroup(
         synchronize: Option[NonNegativeDuration] = Some(
           consoleEnvironment.commandTimeouts.bounded
         ),
+        // intentionally not documented force flag, as it is dangerous
+        force: Boolean = false,
     ): ByteString =
       synchronisation.run(synchronize)(consoleEnvironment.run {
         adminCommand(
           TopologyAdminCommands.Write
-            .AuthorizeNamespaceDelegation(ops, signedBy, namespace, authorizedKey, isRootDelegation)
+            .AuthorizeNamespaceDelegation(
+              ops,
+              signedBy,
+              namespace,
+              authorizedKey,
+              isRootDelegation,
+              force,
+            )
         )
       })
 

community/app-base/src/main/scala/com/digitalasset/canton/console/commands/TopologyAdministrationX.scala

@@ -324,8 +324,7 @@ class TopologyAdministrationGroupX(
                   signedBy = signedBy.toList,
                   serial = serial,
                   change = TopologyChangeOpX.Replace,
-                  // TODO(#12390): change to false when activating topology transaction validation
-                  mustFullyAuthorize = true,
+                  mustFullyAuthorize = false,
                   store = store,
                 )
               }
@@ -521,8 +520,7 @@ class TopologyAdministrationGroupX(
         domainId: Option[DomainId] = None,
         serial: Option[PositiveInt] = None,
         groupAddressing: Boolean = false,
-        // TODO(#12390): change to false when activating topology transaction validation
-        mustFullyAuthorize: Boolean = true,
+        mustFullyAuthorize: Boolean = false,
         store: String = AuthorizedStore.filterName,
     ): SignedTopologyTransactionX[TopologyChangeOpX, PartyToParticipantX] = {
       val op = NonEmpty.from(newParticipants) match {
@@ -908,8 +906,7 @@ class TopologyAdministrationGroupX(
             signedBy = signedBy.toList,
             serial = serial,
             change = TopologyChangeOpX.Replace,
-            // TODO(#12390): change to false when activating topology transaction validation
-            mustFullyAuthorize = true,
+            mustFullyAuthorize = false,
             store = store.getOrElse(domainId.filterString),
           )
         )
@@ -961,8 +958,7 @@ class TopologyAdministrationGroupX(
             signedBy = signedBy.toList,
             serial = serial,
             change = TopologyChangeOpX.Replace,
-            // TODO(#12390): change to false when activating topology transaction validation
-            mustFullyAuthorize = true,
+            mustFullyAuthorize = false,
             store = store.getOrElse(domainId.filterString),
           )
         )
@@ -1015,8 +1011,7 @@ class TopologyAdministrationGroupX(
             ),
             signedBy.toList,
             serial = serial,
-            // TODO(#12390): change to false when activating topology transaction validation
-            mustFullyAuthorize = true,
+            mustFullyAuthorize = false,
             store = store.getOrElse(domain.filterString),
           )
         )

community/app-base/src/main/scala/com/digitalasset/canton/environment/Environment.scala

@@ -164,13 +164,16 @@ trait Environment extends NamedLogging with AutoCloseable with NoTracing {
   logger.debug(config.portDescription)
 
   implicit val scheduler: ScheduledExecutorService =
-    Threading.singleThreadScheduledExecutor(loggerFactory.threadName + "-env-scheduler", logger)
+    Threading.singleThreadScheduledExecutor(
+      loggerFactory.threadName + "-env-scheduler",
+      noTracingLogger,
+    )
 
-  private val numThreads = Threading.detectNumberOfThreads(logger)
+  private val numThreads = Threading.detectNumberOfThreads(noTracingLogger)
   implicit val executionContext: ExecutionContextIdlenessExecutorService =
     Threading.newExecutionContext(
       loggerFactory.threadName + "-env-execution-context",
-      logger,
+      noTracingLogger,
       metricsFactory.executionServiceMetrics,
       numThreads,
     )
@@ -200,7 +203,7 @@ trait Environment extends NamedLogging with AutoCloseable with NoTracing {
     AkkaUtil.createExecutionSequencerFactory(
       loggerFactory.threadName + "-admin-workflow-services",
       // don't log the number of threads twice, as we log it already when creating the first pool
-      NamedLogging.noopLogger,
+      NamedLogging.noopNoTracingLogger,
     )
 
   // additional closeables

community/app/src/pack/examples/03-advanced-configuration/api/large-in-memory-fan-out.conf

@@ -0,0 +1,5 @@
+_shared {
+  ledger-api {
+    max-transactions-in-memory-fan-out-buffer-size = 10000 // default 1000
+  }
+}

community/app/src/pack/examples/03-advanced-configuration/api/large-ledger-api-cache.conf

@@ -0,0 +1,6 @@
+_shared {
+  ledger-api {
+    max-contract-state-cache-size = 100000      // default 1e4
+    max-contract-key-state-cache-size = 100000  // default 1e4
+  }
+}