Update Splice from CCI (#350)

Signed-off-by: DA Automation <splice-maintainers@digitalasset.com>
Co-authored-by: DA Automation <splice-maintainers@digitalasset.com>

Author: canton-network-da

apps/app/src/test/resources/frontend-config.jsonnet

@@ -37,7 +37,7 @@ local testAuth(enabled, auth0Config) =
 
 local validatorNodes(clusterProtocol, clusterAddress, port) = {
   alice: {
-    jsonApiBackend: { url: 'http://127.0.0.1:6201' },
+    jsonApiBackend: { url: 'http://127.0.0.1:6501' },
     jsonApi: { url: 'http://localhost:' + port + '/api/json-api/' },
     participantAdmin: { url: 'http://localhost:6202' },
     validator: { url: 'http://localhost:5503/api/validator' },
@@ -46,7 +46,7 @@ local validatorNodes(clusterProtocol, clusterAddress, port) = {
     scan: { url: 'http://localhost:5012/api/scan' },
   },
   bob: {
-    jsonApiBackend: { url: 'http://127.0.0.1:6301' },
+    jsonApiBackend: { url: 'http://127.0.0.1:6601' },
     jsonApi: { url: 'http://localhost:' + port + '/api/json-api/' },
     participantAdmin: { url: 'http://localhost:6302' },
     validator: { url: 'http://localhost:5603/api/validator' },

apps/app/src/test/resources/simple-topology-canton-simtime.conf

@@ -7,45 +7,65 @@ _participant_template.testing-time.type = monotonic-time
 _sv1Participant_client {
   admin-api.port = 15102
   ledger-api.port = 15101
+  http-ledger-api {
+    server.port = 16101
+    allow-insecure-tokens = true
+  }
 }
 
 _sv2Participant_client {
   admin-api.port = 15202
   ledger-api.port = 15201
+  http-ledger-api {
+    server.port = 16201
+    allow-insecure-tokens = true
+  }
 }
 
 _sv3Participant_client {
   admin-api.port = 15302
   ledger-api.port = 15301
+  http-ledger-api {
+    server.port = 16301
+    allow-insecure-tokens = true
+  }
 }
 
 _sv4Participant_client {
   admin-api.port = 15402
   ledger-api.port = 15401
+  http-ledger-api {
+    server.port = 16401
+    allow-insecure-tokens = true
+  }
 }
 
 _aliceParticipant_client {
   admin-api.port = 15502
   ledger-api.port = 15501
   # Used in token standard tests
   http-ledger-api {
-    server.port = 16201
+    server.port = 16501
     allow-insecure-tokens = true
   }
 }
 
 _bobParticipant_client {
   admin-api.port = 15602
   ledger-api.port = 15601
-  # Unused so just disable it
-  http-ledger-api = null
+  http-ledger-api {
+    server.port = 16601
+    allow-insecure-tokens = true
+  }
 }
 
 _splitwellParticipant_client {
   admin-api.port = 15702
   ledger-api.port = 15701
-  # Unused so just disable it
-  http-ledger-api = null
+  http-ledger-api {
+    server.port = 16701
+    allow-insecure-tokens = true
+  }
 }
 
 _sv1Sequencer_client {

apps/app/src/test/resources/simple-topology-canton.conf

@@ -6,28 +6,44 @@ include required("include/participants.conf")
 _sv1Participant_client {
   admin-api.port = 5102
   ledger-api.port = 5101
+  http-ledger-api {
+    server.port = 6101
+    allow-insecure-tokens = true
+  }
 }
 
 _sv2Participant_client {
   admin-api.port = 5202
   ledger-api.port = 5201
+  http-ledger-api {
+    server.port = 6201
+    allow-insecure-tokens = true
+  }
 }
 
 _sv3Participant_client {
   admin-api.port = 5302
   ledger-api.port = 5301
+  http-ledger-api {
+    server.port = 6301
+    allow-insecure-tokens = true
+  }
 }
 
 _sv4Participant_client {
   admin-api.port = 5402
   ledger-api.port = 5401
+  http-ledger-api {
+    server.port = 6401
+    allow-insecure-tokens = true
+  }
 }
 
 _aliceParticipant_client {
   admin-api.port = 5502
   ledger-api.port = 5501
   http-ledger-api {
-    server.port = 6201
+    server.port = 6501
     allow-insecure-tokens = true
   }
 }
@@ -36,7 +52,7 @@ _bobParticipant_client {
   admin-api.port = 5602
   ledger-api.port = 5601
   http-ledger-api {
-    server.port = 6301
+    server.port = 6601
     allow-insecure-tokens = true
   }
 }
@@ -45,7 +61,7 @@ _splitwellParticipant_client {
   admin-api.port = 5702
   ledger-api.port = 5701
   http-ledger-api {
-    server.port = 6401
+    server.port = 6701
     allow-insecure-tokens = true
   }
 }

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/plugins/TokenStandardCliSanityCheckPlugin.scala

@@ -0,0 +1,189 @@
+package org.lfdecentralizedtrust.splice.integration.plugins
+
+import com.daml.ledger.javaapi.data.Identifier
+import com.digitalasset.canton.ScalaFuturesWithPatience
+import com.digitalasset.canton.integration.EnvironmentSetupPlugin
+import com.digitalasset.canton.logging.SuppressingLogger
+import com.digitalasset.canton.topology.PartyId
+import com.digitalasset.canton.tracing.TraceContext
+import org.lfdecentralizedtrust.splice.config.SpliceConfig
+import org.lfdecentralizedtrust.splice.environment.SpliceEnvironment
+import org.lfdecentralizedtrust.splice.integration.tests.SpliceTests.SpliceTestConsoleEnvironment
+import org.lfdecentralizedtrust.splice.util.CommonAppInstanceReferences
+import org.scalatest.concurrent.Eventually
+import org.scalatest.matchers.should.Matchers
+import org.scalatest.{Inside, Inspectors, LoneElement}
+
+import scala.collection.mutable
+import scala.sys.process.{Process, ProcessLogger}
+
+import java.nio.file.Files
+import java.util.UUID
+import TokenStandardCliSanityCheckPlugin.*
+
+import scala.collection.parallel.CollectionConverters.*
+import scala.util.control.NonFatal
+import scala.util.{Success, Try}
+
+/** Runs `token-standard/cli`, to make sure that we have:
+  * - no transactions that would break it.
+  * - no transactions that get parsed as raw creates/archives,
+  *   as they should all be under some known/parseable exercise.
+  *   Unless their templates are ignored in `rawBehavior`,
+  *   in which case we know they're created via ledger API on purpose.
+  */
+class TokenStandardCliSanityCheckPlugin(
+    rawBehavior: OutputCreateArchiveBehavior,
+    protected val loggerFactory: SuppressingLogger,
+) extends EnvironmentSetupPlugin[SpliceConfig, SpliceEnvironment]
+    with Matchers
+    with Eventually
+    with Inspectors
+    with ScalaFuturesWithPatience
+    with LoneElement
+    with Inside
+    with CommonAppInstanceReferences {
+
+  override def beforeEnvironmentDestroyed(
+      config: SpliceConfig,
+      environment: SpliceTestConsoleEnvironment,
+  ): Unit = {
+    try {
+      TraceContext.withNewTraceContext { implicit tc =>
+        // `SuppressingLogger.suppress` support neither nested nor **concurrent** calls
+        // but we need it for (expected) connection errors
+        loggerFactory.suppressWarningsAndErrors {
+          // Using `par` to save some time per test
+          environment.wallets.par.foreach { wallet =>
+            val ledgerApiUser = wallet.config.ledgerApiUser
+            val validator = environment.validators.local
+              .find(_.config.adminApi.port.unwrap == wallet.config.adminApi.url.effectivePort)
+              .getOrElse(
+                throw new RuntimeException(s"Failed to find validator for wallet of $ledgerApiUser")
+              )
+            // JSON API port = gRPCport + 1000
+            val participantHttpApiPort =
+              validator.participantClient.config.ledgerApi.port.unwrap + 1000
+
+            if (
+              validator.config.enableWallet &&
+              Try(wallet.httpLive && validator.participantClient.health.is_running())
+                .getOrElse(false)
+            ) {
+              // Sometimes userStatus will fail with 404
+              Try(wallet.userStatus()) match {
+                case Success(userStatus)
+                    if userStatus.userOnboarded && userStatus.userWalletInstalled =>
+                  val party = PartyId.tryFromProtoPrimitive(userStatus.party)
+                  val authToken = wallet.token.getOrElse(
+                    throw new IllegalStateException(
+                      s"No auth token found for wallet of ${party.toProtoPrimitive}"
+                    )
+                  )
+                  // check no command blows up
+                  runCommand("list-holdings", party, authToken, participantHttpApiPort, Seq.empty)
+                  val holdingTxsDebugPath =
+                    Files.createTempFile(UUID.randomUUID().toString, ".json")
+                  logger.info(
+                    s"Debug Output of token-standard command list-holding-txs will be written to $holdingTxsDebugPath"
+                  )
+                  // check also that list-holding-txs does not contain raw events
+                  val holdingTxsExtraArgs =
+                    Seq("-d", holdingTxsDebugPath.toAbsolutePath.toString) ++ (rawBehavior match {
+                      case OutputCreateArchiveBehavior.IgnoreAll => Seq.empty
+                      case OutputCreateArchiveBehavior.IgnoreForTemplateIds(templateIds) =>
+                        Seq("--strict") ++ templateIds.headOption.toList.flatMap(tId =>
+                          Seq("--strict-ignore", tId.getEntityName) ++ templateIds.tail
+                            .map(_.getEntityName)
+                        )
+                    })
+                  runCommand(
+                    "list-holding-txs",
+                    party,
+                    authToken,
+                    participantHttpApiPort,
+                    holdingTxsExtraArgs,
+                  )
+                case result =>
+                  logger.info(
+                    s"Not checking wallet for user $ledgerApiUser because it's not available: $result"
+                  )
+              }
+            } else {
+              logger.info(
+                s"Token-standard CLI not running for $ledgerApiUser because either wallet or participant are not alive."
+              )
+            }
+          }
+        }
+      }
+    } catch {
+      case NonFatal(ex) =>
+        val msg = "Failed to run token-standard sanity check"
+        logger.error(msg)(TraceContext.empty)
+        throw new RuntimeException(msg, ex)
+    }
+  }
+
+  private def runCommand(
+      command: String,
+      partyId: PartyId,
+      token: String,
+      participantPort: Int,
+      extraArgs: Seq[String],
+  )(implicit
+      tc: TraceContext
+  ): String = {
+    val readLines = mutable.Buffer[String]()
+    val logProcessor = ProcessLogger { line =>
+      {
+        logger.debug(s"CLI output: $line")
+        readLines.append(line)
+      }
+    }
+    val cwd = new java.io.File("token-standard/cli")
+
+    val args = Seq(
+      "npm",
+      "run",
+      "cli",
+      "--",
+      command,
+      partyId.toProtoPrimitive,
+      "-l",
+      s"http://localhost:$participantPort",
+      "-a",
+      token,
+    ) ++ extraArgs
+    val exitCodeTry = Try(Process(args, cwd).!(logProcessor))
+    if (exitCodeTry.toOption.exists(_ != 0) || exitCodeTry.isFailure) {
+      logger.error(s"Failed to run $args: $exitCodeTry. Dumping output.")(TraceContext.empty)
+      readLines.foreach(logger.error(_)(TraceContext.empty))
+      // sometimes readlines is empty...?
+      throw new RuntimeException(s"$args failed: ${readLines}")
+    }
+    val result = readLines
+      .dropWhile(line => !line.startsWith("[") && !line.startsWith("{")) // remove npm noise
+      .mkString("\n")
+    val tmpFile = Files.createTempFile(UUID.randomUUID().toString, ".json")
+    Files.writeString(tmpFile, result)
+    logger.debug(s"Output of token-standard command $command written to $tmpFile")
+    result
+  }
+
+}
+
+object TokenStandardCliSanityCheckPlugin {
+  sealed trait OutputCreateArchiveBehavior
+  object OutputCreateArchiveBehavior {
+
+    /** Presence of a type:"Created"|"Archived" will fail unless explicitly ignored in the Seq.
+      */
+    case class IgnoreForTemplateIds(templateIds: Seq[Identifier])
+        extends OutputCreateArchiveBehavior
+
+    /** The CLI will still be run, making sure that it doesn't crash, but its output won't be validated.
+      */
+    case object IgnoreAll extends OutputCreateArchiveBehavior
+  }
+}

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/AnsAuth0FrontendIntegrationTest.scala

@@ -15,6 +15,9 @@ class AnsAuth0FrontendIntegrationTest
     with AnsFrontendTestUtil
     with FrontendLoginUtil {
 
+  // The change of the authyority appears to break the JSON API and causes "The supplied authentication is invalid"
+  override protected def runTokenStandardCliSanityCheck: Boolean = false
+
   override def environmentDefinition
       : org.lfdecentralizedtrust.splice.integration.EnvironmentDefinition =
     EnvironmentDefinition

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/AnsIntegrationTest.scala

@@ -64,7 +64,7 @@ class AnsIntegrationTest extends IntegrationTest with WalletTestUtil with Trigge
     sv1Backend.dsoDelegateBasedAutomation.trigger[ExpiredAnsEntryTrigger]
 
   // created by the expiry test
-  override protected lazy val updateHistoryIgnoredRootCreates: Seq[Identifier] = Seq(
+  override protected lazy val sanityChecksIgnoredRootCreates: Seq[Identifier] = Seq(
     codegen.AnsEntry.TEMPLATE_ID_WITH_PACKAGE_ID
   )
 

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/BootstrapPackageConfigIntegrationTest.scala

@@ -26,6 +26,7 @@ import org.lfdecentralizedtrust.splice.console.{
 }
 import org.lfdecentralizedtrust.splice.environment.{DarResources, PackageIdResolver}
 import org.lfdecentralizedtrust.splice.integration.EnvironmentDefinition
+import org.lfdecentralizedtrust.splice.integration.plugins.TokenStandardCliSanityCheckPlugin
 import org.lfdecentralizedtrust.splice.integration.tests.SpliceTests.{
   IntegrationTest,
   SpliceTestConsoleEnvironment,
@@ -47,6 +48,12 @@ class BootstrapPackageConfigIntegrationTest
     with SplitwellTestUtil
     with StandaloneCanton {
 
+  // this test starts up on older version (see initialPackageConfig), which don't define token-standard interfaces
+  // and thus everything will show up as raw create/archives.
+  override protected lazy val tokenStandardCliBehavior
+      : TokenStandardCliSanityCheckPlugin.OutputCreateArchiveBehavior =
+    TokenStandardCliSanityCheckPlugin.OutputCreateArchiveBehavior.IgnoreAll
+
   override def dbsSuffix = "bootstrapdso"
 
   // Runs against a temporary Canton instance.

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ExternalPartySetupProposalIntegrationTest.scala

@@ -59,11 +59,11 @@ class ExternalPartySetupProposalIntegrationTest
     with TriggerTestUtil
     with ExternallySignedPartyTestUtil {
 
-  override lazy val updateHistoryIgnoredRootExercises = Seq(
+  override lazy val sanityChecksIgnoredRootExercises = Seq(
     (TransferPreapproval.TEMPLATE_ID_WITH_PACKAGE_ID, "Archive")
   )
 
-  override lazy val updateHistoryIgnoredRootCreates = Seq(
+  override lazy val sanityChecksIgnoredRootCreates = Seq(
     TransferPreapproval.TEMPLATE_ID_WITH_PACKAGE_ID,
     amuletCodegen.AppRewardCoupon.TEMPLATE_ID_WITH_PACKAGE_ID,
   )