Skip to content

feat: Add types for canister snapshot visibility settings #9158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gregorydemay merged 21 commits into from
Mar 11, 2026
+260 −12
Merged

feat: Add types for canister snapshot visibility settings #9158

Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
2bc9b2f
DEFI-2677: General VisibilitySettings
gregorydemay Mar 3, 2026
5c7072f
DEFI-2677: Snapshot visibility settings
gregorydemay Mar 3, 2026
938314a
DEFI-2677: fix Pocket IC
gregorydemay Mar 4, 2026
7c4f84e
DEFI-2677: fix registry admin
gregorydemay Mar 4, 2026
507e627
DEFI-2677: fix state_layout
gregorydemay Mar 4, 2026
469bdd8
DEFI-2677: fix governance
gregorydemay Mar 4, 2026
33efe61
DEFI-2677: fix SNS
gregorydemay Mar 4, 2026
5409fde
DEFI-2677: fix NNS
gregorydemay Mar 4, 2026
198f0a8
DEFI-2677: fix replica_tests
gregorydemay Mar 4, 2026
1cc4d3e
DEFI-2677: fix tests
gregorydemay Mar 6, 2026
3dc83f3
DEFI-2677: fix `governance-canister.wasm.gz_size_check`. Current size…
gregorydemay Mar 6, 2026
83b3d28
DEFI-2667: Fix cmc candid API
gregorydemay Mar 9, 2026
ebe819b
DEFI-2667: remove governance-team owned files from this PR
gregorydemay Mar 9, 2026
623da59
DEFI-2667: remove unwanted changes with base 421a68ce250d9149e462800a…
gregorydemay Mar 9, 2026
51daf0c
DEFI-2667: undo changes in `rs/registry/admin/bin/main.rs`
gregorydemay Mar 9, 2026
d83cab0
DEFI-2667: add snapshot visibility settings to CMC to fix `//rs/nns/c…
gregorydemay Mar 9, 2026
d968442
Merge branch 'master' into gdemay/DEFI-2667-snapshot-visibility-settings
gregorydemay Mar 9, 2026
6ad58ab
Update CMC unreleased_changelog.md.
gregorydemay Mar 9, 2026
668e59e
DEFI-2667:: Remove unnecessary clone.
gregorydemay Mar 10, 2026
06a02e9
Automatically fixing code for linting and formatting issues
Mar 10, 2026
234a6b9
Merge branch 'master' into gdemay/DEFI-2667-snapshot-visibility-settings
gregorydemay Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion rs/cycles_account_manager/src/cycles_account_manager.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ const DAY: Duration = Duration::from_secs(SECONDS_PER_DAY as u64);

/// Maximum payload size of a management call to update_settings
/// overriding the canister's freezing threshold.
const MAX_DELAYED_INGRESS_COST_PAYLOAD_SIZE: usize = 324;
const MAX_DELAYED_INGRESS_COST_PAYLOAD_SIZE: usize = 338;

/// Handles any operation related to cycles accounting, such as charging (due to
/// using system resources) or refunding unused cycles.
Expand Down
6 changes: 6 additions & 0 deletions rs/execution_environment/src/canister_manager.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,7 @@ impl CanisterManager {
settings.reserved_cycles_limit(),
reservation_cycles,
settings.log_visibility().cloned(),
settings.snapshot_visibility().cloned(),
log_memory_limit,
settings.wasm_memory_limit(),
settings.environment_variables().cloned(),
Expand Down Expand Up @@ -589,6 +590,9 @@ impl CanisterManager {
if let Some(log_visibility) = settings.log_visibility() {
canister.system_state.log_visibility = log_visibility.clone();
}
if let Some(snapshot_visibility) = settings.snapshot_visibility() {
canister.system_state.snapshot_visibility = snapshot_visibility.clone();
}
if let Some(log_memory_limit) = settings.log_memory_limit() {
canister
.system_state
Expand Down Expand Up @@ -1164,6 +1168,7 @@ impl CanisterManager {
let freeze_threshold = canister.system_state.freeze_threshold;
let reserved_cycles_limit = canister.system_state.reserved_balance_limit();
let log_visibility = canister.system_state.log_visibility.clone();
let snapshot_visibility = canister.system_state.snapshot_visibility.clone();
let log_memory_limit = canister.log_memory_limit().get();
let wasm_memory_limit = canister.system_state.wasm_memory_limit;
let wasm_memory_threshold = canister.system_state.wasm_memory_threshold;
Expand Down Expand Up @@ -1194,6 +1199,7 @@ impl CanisterManager {
freeze_threshold.get(),
reserved_cycles_limit.map(|x| x.get()),
log_visibility,
snapshot_visibility,
log_memory_limit,
self.cycles_account_manager
.idle_cycles_burned_rate(
Expand Down
37 changes: 36 additions & 1 deletion rs/execution_environment/src/canister_settings.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use ic_base_types::{EnvironmentVariables, NumBytes, NumSeconds};
use ic_error_types::{ErrorCode, UserError};
use ic_management_canister_types_private::{
BoundedAllowedViewers, CanisterSettingsArgs, LogVisibilityV2,
BoundedAllowedViewers, CanisterSettingsArgs, LogVisibilityV2, SnapshotVisibility,
};
use ic_types::{
ComputeAllocation, Cycles, InvalidComputeAllocationError, MemoryAllocation, PrincipalId,
Expand All @@ -27,6 +27,7 @@ pub(crate) struct CanisterSettings {
pub(crate) freezing_threshold: Option<NumSeconds>,
pub(crate) reserved_cycles_limit: Option<Cycles>,
pub(crate) log_visibility: Option<LogVisibilityV2>,
pub(crate) snapshot_visibility: Option<SnapshotVisibility>,
pub(crate) log_memory_limit: Option<NumBytes>,
pub(crate) wasm_memory_limit: Option<NumBytes>,
pub(crate) environment_variables: Option<EnvironmentVariables>,
Expand All @@ -41,6 +42,7 @@ impl CanisterSettings {
freezing_threshold: Option<NumSeconds>,
reserved_cycles_limit: Option<Cycles>,
log_visibility: Option<LogVisibilityV2>,
snapshot_visibility: Option<SnapshotVisibility>,
log_memory_limit: Option<NumBytes>,
wasm_memory_limit: Option<NumBytes>,
environment_variables: Option<EnvironmentVariables>,
Expand All @@ -53,6 +55,7 @@ impl CanisterSettings {
freezing_threshold,
reserved_cycles_limit,
log_visibility,
snapshot_visibility,
log_memory_limit,
wasm_memory_limit,
environment_variables,
Expand Down Expand Up @@ -87,6 +90,10 @@ impl CanisterSettings {
self.log_visibility.as_ref()
}

pub fn snapshot_visibility(&self) -> Option<&SnapshotVisibility> {
self.snapshot_visibility.as_ref()
}

pub fn log_memory_limit(&self) -> Option<NumBytes> {
self.log_memory_limit
}
Expand Down Expand Up @@ -193,6 +200,7 @@ impl TryFrom<CanisterSettingsArgs> for CanisterSettings {
freezing_threshold,
reserved_cycles_limit,
input.log_visibility,
input.snapshot_visibility,
log_memory_limit,
wasm_memory_limit,
environment_variables,
Expand All @@ -219,6 +227,7 @@ pub(crate) struct CanisterSettingsBuilder {
freezing_threshold: Option<NumSeconds>,
reserved_cycles_limit: Option<Cycles>,
log_visibility: Option<LogVisibilityV2>,
snapshot_visibility: Option<SnapshotVisibility>,
log_memory_limit: Option<NumBytes>,
wasm_memory_limit: Option<NumBytes>,
environment_variables: Option<EnvironmentVariables>,
Expand All @@ -235,6 +244,7 @@ impl CanisterSettingsBuilder {
freezing_threshold: None,
reserved_cycles_limit: None,
log_visibility: None,
snapshot_visibility: None,
log_memory_limit: None,
wasm_memory_limit: None,
environment_variables: None,
Expand All @@ -250,6 +260,7 @@ impl CanisterSettingsBuilder {
freezing_threshold: self.freezing_threshold,
reserved_cycles_limit: self.reserved_cycles_limit,
log_visibility: self.log_visibility,
snapshot_visibility: self.snapshot_visibility,
log_memory_limit: self.log_memory_limit,
wasm_memory_limit: self.wasm_memory_limit,
environment_variables: self.environment_variables,
Expand Down Expand Up @@ -305,6 +316,13 @@ impl CanisterSettingsBuilder {
}
}

pub fn with_snapshot_visibility(self, snapshot_visibility: SnapshotVisibility) -> Self {
Self {
snapshot_visibility: Some(snapshot_visibility),
..self
}
}

pub fn with_log_memory_limit(self, log_memory_limit: NumBytes) -> Self {
Self {
log_memory_limit: Some(log_memory_limit),
Expand Down Expand Up @@ -407,6 +425,7 @@ pub(crate) struct ValidatedCanisterSettings {
reserved_cycles_limit: Option<Cycles>,
reservation_cycles: Cycles,
log_visibility: Option<LogVisibilityV2>,
snapshot_visibility: Option<SnapshotVisibility>,
log_memory_limit: Option<NumBytes>,
wasm_memory_limit: Option<NumBytes>,
environment_variables: Option<EnvironmentVariables>,
Expand All @@ -422,6 +441,7 @@ impl ValidatedCanisterSettings {
reserved_cycles_limit: Option<Cycles>,
reservation_cycles: Cycles,
log_visibility: Option<LogVisibilityV2>,
snapshot_visibility: Option<SnapshotVisibility>,
log_memory_limit: Option<NumBytes>,
wasm_memory_limit: Option<NumBytes>,
environment_variables: Option<EnvironmentVariables>,
Expand All @@ -435,6 +455,7 @@ impl ValidatedCanisterSettings {
reserved_cycles_limit,
reservation_cycles,
log_visibility,
snapshot_visibility,
log_memory_limit,
wasm_memory_limit,
environment_variables,
Expand Down Expand Up @@ -473,6 +494,10 @@ impl ValidatedCanisterSettings {
self.log_visibility.as_ref()
}

pub fn snapshot_visibility(&self) -> Option<&SnapshotVisibility> {
self.snapshot_visibility.as_ref()
}

pub fn log_memory_limit(&self) -> Option<NumBytes> {
self.log_memory_limit
}
Expand Down Expand Up @@ -503,6 +528,16 @@ impl<'a> From<&'a LogVisibilityV2> for VisibilitySettings<'a> {
}
}

impl<'a> From<&'a SnapshotVisibility> for VisibilitySettings<'a> {
fn from(v: &'a SnapshotVisibility) -> Self {
match v {
SnapshotVisibility::Public => Self::Public,
SnapshotVisibility::Controllers => Self::Controllers,
SnapshotVisibility::AllowedViewers(principals) => Self::AllowedViewers(principals),
}
}
}

impl VisibilitySettings<'_> {
pub(crate) fn has_access(
&self,
Expand Down
10 changes: 8 additions & 2 deletions rs/nns/cmc/cmc.did
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,13 @@ type log_visibility = variant {
public;
allowed_viewers : vec principal;
};
type environment_variable = record {
name: text;
type snapshot_visibility = variant {
controllers;
public;
allowed_viewers : vec principal;
};
type environment_variable = record {
name: text;
value: text;
};
type CanisterSettings = record {
Expand All @@ -16,6 +21,7 @@ type CanisterSettings = record {
freezing_threshold : opt nat;
reserved_cycles_limit : opt nat;
log_visibility : opt log_visibility;
snapshot_visibility : opt snapshot_visibility;
wasm_memory_limit : opt nat;
wasm_memory_threshold : opt nat;
environment_variables : opt vec environment_variable;
Expand Down
17 changes: 16 additions & 1 deletion rs/pocket_ic_server/src/pocket_ic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ use ic_management_canister_types_private::{
CanisterSnapshotDataKind, CanisterSnapshotDataOffset, EcdsaCurve, EcdsaKeyId, LogVisibilityV2,
MasterPublicKeyId, Method as Ic00Method, ProvisionalCreateCanisterWithCyclesArgs,
ReadCanisterSnapshotDataArgs, ReadCanisterSnapshotMetadataArgs,
ReadCanisterSnapshotMetadataResponse, SchnorrAlgorithm, SchnorrKeyId,
ReadCanisterSnapshotMetadataResponse, SchnorrAlgorithm, SchnorrKeyId, SnapshotVisibility,
UploadCanisterSnapshotDataArgs, UploadCanisterSnapshotMetadataArgs, VetKdCurve, VetKdKeyId,
};
use ic_metrics::MetricsRegistry;
Expand Down Expand Up @@ -1146,6 +1146,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(REGISTRY_CANISTER_ID.get()),
Expand Down Expand Up @@ -1229,6 +1230,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(CYCLES_MINTING_CANISTER_ID.get()),
Expand Down Expand Up @@ -1399,6 +1401,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(LEDGER_CANISTER_ID.get()),
Expand Down Expand Up @@ -1480,6 +1483,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(LEDGER_INDEX_CANISTER_ID.get()),
Expand Down Expand Up @@ -1559,6 +1563,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = ii_subnet.state_machine.create_canister_with_cycles(
Some(CYCLES_LEDGER_CANISTER_ID.get()),
Expand Down Expand Up @@ -1623,6 +1628,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = ii_subnet.state_machine.create_canister_with_cycles(
Some(CYCLES_LEDGER_INDEX_CANISTER_ID.get()),
Expand Down Expand Up @@ -1693,6 +1699,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(4_294_967_296_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(GOVERNANCE_CANISTER_ID.get()),
Expand Down Expand Up @@ -1770,6 +1777,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(ROOT_CANISTER_ID.get()),
Expand Down Expand Up @@ -1837,6 +1845,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(SNS_WASM_CANISTER_ID.get()),
Expand Down Expand Up @@ -1935,6 +1944,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = sns_subnet.state_machine.create_canister_with_cycles(
Some(SNS_AGGREGATOR_CANISTER_ID.get()),
Expand Down Expand Up @@ -2008,6 +2018,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = ii_subnet.state_machine.create_canister_with_cycles(
Some(IDENTITY_CANISTER_ID.get()),
Expand Down Expand Up @@ -2188,6 +2199,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(NNS_UI_CANISTER_ID.get()),
Expand Down Expand Up @@ -2285,6 +2297,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(2_000_000_000_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = btc_subnet.state_machine.create_canister_with_cycles(
Some(BITCOIN_TESTNET_CANISTER_ID.get()),
Expand Down Expand Up @@ -2359,6 +2372,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = btc_subnet.state_machine.create_canister_with_cycles(
Some(DOGECOIN_CANISTER_ID.get()),
Expand Down Expand Up @@ -2425,6 +2439,7 @@ impl PocketIcSubnets {
wasm_memory_limit: Some(3_221_225_472_u64.into()),
wasm_memory_threshold: Some(0_u64.into()),
environment_variables: None,
snapshot_visibility: Some(SnapshotVisibility::Controllers),
};
let canister_id = nns_subnet.state_machine.create_canister_with_cycles(
Some(MIGRATION_CANISTER_ID.get()),
Expand Down
16 changes: 15 additions & 1 deletion rs/protobuf/def/state/canister_state_bits/v1/canister_state_bits.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,18 @@ message LogVisibilityV2 {
}
}

message SnapshotVisibilityAllowedViewers {
repeated types.v1.PrincipalId principals = 1;
}

message SnapshotVisibility {
oneof snapshot_visibility {
int32 controllers = 1;
int32 public = 2;
SnapshotVisibilityAllowedViewers allowed_viewers = 3;
}
}

message CanisterLogRecord {
uint64 idx = 1;
uint64 timestamp_nanos = 2;
Expand Down Expand Up @@ -410,7 +422,7 @@ message TaskQueue {
repeated ExecutionTask queue = 3;
}

// Next ID: 64
// Next ID: 65
message CanisterStateBits {
reserved 1, 3, 6, 9, 10, 14, 16, 17, 24, 30, 35, 42, 47, 53;

Expand Down Expand Up @@ -491,4 +503,6 @@ message CanisterStateBits {
TaskQueue tasks = 54;
// A map of environment variable names to their values
map<string, string> environment_variables = 55;
// Snapshot visibility for the canister.
SnapshotVisibility snapshot_visibility = 64;
}
Loading
Loading