Update Splice from CCI (#313)

Signed-off-by: DA Automation <[email protected]>
Co-authored-by: DA Automation <[email protected]>

Author: canton-network-da

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/runbook/ValidatorPreflightIntegrationTest.scala

@@ -11,13 +11,15 @@ import com.daml.nonempty.NonEmpty
 import com.digitalasset.canton.integration.BaseEnvironmentDefinition
 import com.digitalasset.canton.networking.Endpoint
 import com.digitalasset.canton.topology.PartyId
+import com.digitalasset.canton.tracing.TraceContext
 import org.lfdecentralizedtrust.splice.util.Auth0Util.WithAuth0Support
 
 import java.net.URI
 import scala.collection.mutable
 import scala.concurrent.duration.*
 import scala.jdk.CollectionConverters.MapHasAsScala
 import scala.jdk.OptionConverters.RichOptional
+import scala.util.control.NonFatal
 
 /** Base for preflight tests running against a deployed validator
   */
@@ -59,22 +61,29 @@ abstract class ValidatorPreflightIntegrationTestBase
   override def beforeEach() = {
     super.beforeEach();
 
-    def addUser(name: String) = {
+    def addUser(name: String)(implicit traceContext: TraceContext) = {
       val user = auth0.createUser()
-      logger.debug(
-        s"Created user $name: email ${user.email}, password ${user.password}, id: ${user.id}"
-      )
       auth0Users += (name -> user)
     }
 
-    addUser("alice-validator")
-    addUser("bob-validator")
-    addUser("charlie-validator")
+    TraceContext.withNewTraceContext(implicit traceContext => {
+      try {
+        addUser("alice-validator")
+        addUser("bob-validator")
+        addUser("charlie-validator")
+      } catch {
+        case NonFatal(e) =>
+          // Logging the error, as an exception in this method will abort the test suite with no log output.
+          logger.error("addUser {alice,bob,charlie}-validator beforeEach failed", e)
+          throw e
+      }
+    })
   }
 
   override def afterEach() = {
     try super.afterEach()
-    finally auth0Users.values.map(user => user.close)
+    finally
+      auth0Users.values.foreach(user => user.close())
   }
 
   override def beforeAll() = {

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/util/Auth0Util.scala

@@ -38,7 +38,7 @@ class Auth0Util(
   private val auth = new AuthAPI(domain, managementApiClientId, managementApiClientSecret)
   val api = new ManagementAPI(domain, requestManagementAPIToken())
 
-  def createUser(): Auth0User = {
+  def createUser()(implicit tc: TraceContext): Auth0User = {
     val user = new User()
     val rand = new scala.util.Random
     val password = s"${rand.alphanumeric.take(20).mkString}${rand.nextInt()}"
@@ -48,11 +48,16 @@ class Auth0Util(
     user.setEmail(email)
     user.setVerifyEmail(false) // avoid auth0 trying to send mails
     user.setConnection("Username-Password-Authentication")
+    logger.debug(s"Creating user with username $username email $email and password $password")
     val id = executeManagementApiRequest(api.users().create(user)).getId
+    logger.debug(s"Created user ${email} with password ${password} (id: ${id})")
     new Auth0User(id, email, password, this)
   }
 
   def deleteUser(id: String): Unit = {
+    // Called from AutoCloseable.close, which doesn't propagate the trace context
+    implicit val traceContext: TraceContext = TraceContext.empty
+    logger.debug(s"Deleting user with id: ${id}")
     executeManagementApiRequest(api.users.delete(id))
   }
 
@@ -70,7 +75,9 @@ class Auth0Util(
     auth.requestToken(s"${domain}/api/v2/").execute().getAccessToken()
   }
 
-  private def executeManagementApiRequest[T](req: com.auth0.net.Request[T]) =
+  private def executeManagementApiRequest[T](
+      req: com.auth0.net.Request[T]
+  )(implicit traceContext: TraceContext) =
     retry.retryAuth0CallsForTests {
       // Auth0 management API calls are rate limited, with limits much lower than
       // the rate limits for the auth API calls.
@@ -85,7 +92,7 @@ class Auth0Util(
 object Auth0Util {
 
   trait Auth0Retry {
-    def retryAuth0CallsForTests[T](f: => T): T
+    def retryAuth0CallsForTests[T](f: => T)(implicit traceContext: TraceContext): T
   }
 
   trait WithAuth0Support {
@@ -115,19 +122,22 @@ object Auth0Util {
         clientSecret,
         loggerFactory,
         new Auth0Retry {
-          def handleExceptions(e: Throwable): Nothing = e match {
-            case auth0Exception: Auth0Exception => {
-              logger.debug("Auth0 exception raised, triggering retry...")
-              fail(auth0Exception)
-            }
-            case ioException: java.io.IOException => {
-              logger.debug("IOException raised, triggering retry...")
-              fail(ioException)
+          def handleExceptions(e: Throwable)(implicit traceContext: TraceContext): Nothing =
+            e match {
+              case auth0Exception: Auth0Exception => {
+                logger.debug("Auth0 exception raised, triggering retry...", auth0Exception)
+                fail(auth0Exception)
+              }
+              case ioException: java.io.IOException => {
+                logger.debug("IOException raised, triggering retry...", ioException)
+                fail(ioException)
+              }
+              case ex: Throwable => throw ex // throw anything else
             }
-            case ex: Throwable => throw ex // throw anything else
-          }
 
-          override def retryAuth0CallsForTests[T](f: => T): T = {
+          override def retryAuth0CallsForTests[T](
+              f: => T
+          )(implicit traceContext: TraceContext): T = {
             eventually() {
               try {
                 f

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/util/FrontendLoginUtil.scala

@@ -83,7 +83,6 @@ trait FrontendLoginUtil extends WithAuth0Support { self: FrontendTestCommon =>
   )(implicit env: SpliceTests.SpliceTestConsoleEnvironment): A = {
     val auth0 = auth0UtilFromEnvVars("test")
     Using.resource(auth0.createUser()) { user =>
-      logger.debug(s"Created user ${user.email} with password ${user.password} (id: ${user.id})")
       if (!onboardThroughWalletUI) {
         aliceValidatorBackend.onboardUser(user.id)
       }

apps/common/frontend/src/config/schema/auth.ts

@@ -8,7 +8,7 @@ enum Algorithm {
 }
 
 const tokenRequestSchema = z.object({
-  token_audience: z.string().url(), // Request an access token from IAM provider with this audience
+  token_audience: z.string(), // Request an access token from IAM provider with this audience
   token_scope: z.string().optional(), // Request an access token from IAM provider with this scope
 });
 

apps/tools/src/main/scala/org/lfdecentralizedtrust/splice/Auth0TestUserCleaner.scala

@@ -71,7 +71,7 @@ object Auth0TestUserCleaner {
   }
 
   // Super simple retrier
-  def retryAuth0Calls[T](f: => T, retryCount: Int = 10): T = {
+  def retryAuth0Calls[T](f: => T, retryCount: Int = 10)(implicit traceContext: TraceContext): T = {
     if (retryCount <= 0) {
       throw new Error("Auth0 retry count exhausted")
     }
@@ -101,7 +101,8 @@ object Auth0TestUserCleaner {
       clientSecret,
       loggerFactory,
       new Auth0Util.Auth0Retry {
-        override def retryAuth0CallsForTests[T](f: => T): T = retryAuth0Calls(f)
+        override def retryAuth0CallsForTests[T](f: => T)(implicit tc: TraceContext): T =
+          retryAuth0Calls(f)
       },
     )
 

cluster/pulumi/infra/grafana-dashboards/canton-network/history-backfilling.json

@@ -641,14 +641,14 @@
           "type": "prometheus",
           "uid": "prometheus"
         },
-        "definition": "label_values(splice_history_backfilling_latest_record_time,namespace)",
+        "definition": "label_values(splice_history_backfilling_complete,namespace)",
         "includeAll": true,
         "multi": true,
         "name": "namespace",
         "options": [],
         "query": {
           "qryType": 1,
-          "query": "label_values(splice_history_backfilling_latest_record_time,namespace)",
+          "query": "label_values(splice_history_backfilling_complete,namespace)",
           "refId": "PrometheusVariableQueryEditor-VariableQuery"
         },
         "refresh": 1,
@@ -664,14 +664,14 @@
           "type": "prometheus",
           "uid": "prometheus"
         },
-        "definition": "label_values(splice_history_backfilling_transaction_count,migration)",
+        "definition": "label_values(splice_history_backfilling_complete,migration)",
         "includeAll": true,
         "multi": true,
         "name": "migration",
         "options": [],
         "query": {
           "qryType": 1,
-          "query": "label_values(splice_history_backfilling_transaction_count,migration)",
+          "query": "label_values(splice_history_backfilling_complete,migration)",
           "refId": "PrometheusVariableQueryEditor-VariableQuery"
         },
         "refresh": 1,

nix/shell.nix

@@ -86,6 +86,7 @@ in pkgs.mkShell {
     python3Packages.sphinx-autobuild
     python3Packages.waitress
     python3.pkgs.sphinx-reredirects
+    redocly
     ripgrep
     rsync
     sbt

project/ignore-patterns/canton_network_test_log.ignore.txt

@@ -15,10 +15,6 @@ LogReporter - Aborted test suite
 Trying to gather entropy from the underlying operating system to initialized the contract ID seeding, but the entropy pool seems empty.
 In CI environments environment consider using the "testing-weak" mode, that may produce insecure contract IDs but does not block on startup.
 
-# Ignore generic http 400/500 response errors as they are often benign.
-# TODO (#1734): consider implementing a more fine-granular ignore
-.*Http response at 400 or 500 level.*
-
 # We use self-signed ledger API tokens for tests
 HMAC256 JWT Validator is NOT recommended for production environments