The current issue is that the governance canister has neither commit permission nor manage permissions permission, and it is not the controller of the asset canister either. The controller has the same authority as manage permissions.
So, it is necessary to first deregister the asset canister from the SNS, grant commit and manage permissions to the governance canister, and then return the canister to the SNS.
@Severin is this another docs lacking process 
Here’s how you can give governance Commit via an upgrade proposal:
Hi @Severin,
So I have a single proposal to do this:
#!/bin/bash
echo begin
# Set current directory to the scripts root
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")
cd $SCRIPT_DIR
TITLE="Update Frontend Canister Permissions."
SUMMARY="Update the frontend canister permissions, adding commit permissions for the governance canister."
URL="https://openfpl.xyz"
CANISTER_NAME=OpenFPL_frontend
NETWORK="ic"
# Get the target canister id
TARGET_CANISTER_ID=$(dfx -qq canister --network $NETWORK id $CANISTER_NAME)
# Build the canister-upgrade-arg
UPGRADE_ARG="(record { set_permissions = opt record { prepare = vec {principal \"detjl-sqaaa-aaaaq-aacqa-cai\"}; commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }; manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; } })"
dfx identity use ic_admin
OWNER_IDENTITY=$(dfx identity whoami)
PEM_FILE="$(readlink -f "$HOME/.config/dfx/identity/${OWNER_IDENTITY}/identity.pem")"
PROPOSER_NEURON_ID=d2ccf59abe1741c21c35da7e3863d5d14c97d9b82b36045f4a8d4c336864f6dc
# Make the proposal using quill
quill sns --canister-ids-file ./sns_canister_ids.json --pem-file $PEM_FILE make-upgrade-canister-proposal --canister-upgrade-arg "$UPGRADE_ARG" --title "$TITLE" --url "$URL" --summary "$SUMMARY" --target-canister-id $TARGET_CANISTER_ID $PROPOSER_NEURON_ID > msg.json
quill send msg.json
rm -f msg.json
But this upgrade proposal was for upgrading my frontend wasm… it’s this line I need help with:
quill sns --canister-ids-file ./sns_canister_ids.json --pem-file $PEM_FILE make-upgrade-canister-proposal --canister-upgrade-arg "$UPGRADE_ARG" --title "$TITLE" --url "$URL" --summary "$SUMMARY" --target-canister-id $TARGET_CANISTER_ID $PROPOSER_NEURON_ID > msg.json
If I can call a call to make-upgrade-canister-proposal I guess I can call these too:
Just wondering what the command is to add the permission.
Hi @Severin,
So I’m trying to use make-proposal
#!/bin/bash
echo begin
# Set current directory to the scripts root
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")
cd $SCRIPT_DIR
TITLE="Update Frontend Canister Permissions."
SUMMARY="Update the frontend canister permissions, adding commit permissions for the governance canister."
URL="https://openfpl.xyz"
CANISTER_NAME=OpenFPL_frontend
NETWORK="ic"
# Get the target canister id
TARGET_CANISTER_ID=$(dfx -qq canister --network $NETWORK id $CANISTER_NAME)
dfx identity use ic_admin
OWNER_IDENTITY=$(dfx identity whoami)
PEM_FILE="$(readlink -f "$HOME/.config/dfx/identity/${OWNER_IDENTITY}/identity.pem")"
PROPOSER_NEURON_ID=d2ccf59abe1741c21c35da7e3863d5d14c97d9b82b36045f4a8d4c336864f6dc
PROPOSAL="(record
{
title=\"$TITLE\";
url=\"$URL\";
summary=\"$SUMMARY\";
action=opt variant
{
NervousSystemFunction = record
{
set_permissions = opt record
{
prepare = vec {principal \"detjl-sqaaa-aaaaq-aacqa-cai\"};
commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; };
manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }
}
}
}
}
)"
echo $PROPOSAL
# Make the proposal using quill
quill sns --canister-ids-file ../utils/sns_canister_ids.json --pem-file $PEM_FILE make-proposal $PROPOSER_NEURON_ID --proposal "$PROPOSAL" > msg.json
quill send msg.json
rm -f msg.json
But I get the following errors:
Error: variant field NervousSystemFunction not found
Error: Invalid JSON content
Here is a log of the proposal:
(record { title="Update Frontend Canister Permissions."; url="https://openfpl.xyz"; summary="Update the frontend canister permissions, adding commit permissions for the governance canister."; action=opt variant { NervousSystemFunction = record { set_permissions = opt record { prepare = vec {principal "detjl-sqaaa-aaaaq-aacqa-cai"}; commit = vec { principal "detjl-sqaaa-aaaaq-aacqa-cai"; }; manage_permissions = vec { principal "detjl-sqaaa-aaaaq-aacqa-cai"; } } } } } )
You probably want to give yourself Prepare as well, otherwise you can’t dfx deploy --by-proposal to propose a frontend change batch
Looks fine. What doesn’t work?
Where did you get that variant name? If you look at your governance’s did file there is no variant in Action with that name. You would want to use UpgradeSnsControlledCanister, and then it’s easier to use that directly with quill sns make-upgrade-canister-proposal
I was looking at Kinic’s proposal
When I run:
#!/bin/bash
echo begin
# Set current directory to the scripts root
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")
cd $SCRIPT_DIR
TITLE="Update Frontend Canister Permissions."
SUMMARY="Update the frontend canister permissions, adding commit permissions for the governance canister."
URL="https://openfpl.xyz"
CANISTER_NAME=OpenFPL_frontend
NETWORK="ic"
# Get the target canister id
TARGET_CANISTER_ID=$(dfx -qq canister --network $NETWORK id $CANISTER_NAME)
dfx identity use ic_admin
OWNER_IDENTITY=$(dfx identity whoami)
PEM_FILE="$(readlink -f "$HOME/.config/dfx/identity/${OWNER_IDENTITY}/identity.pem")"
PROPOSER_NEURON_ID=d2ccf59abe1741c21c35da7e3863d5d14c97d9b82b36045f4a8d4c336864f6dc
PROPOSAL="(record
{
title=\"$TITLE\";
url=\"$URL\";
summary=\"$SUMMARY\";
action=opt variant
{
ExecuteGenericNervousSystemFunction = record
{
function_id = (1004:nat64);
set_permissions = opt record
{
prepare = vec {principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; principal \"4jijx-ekel7-4t2kx-32cyf-wzo3t-i4tas-qsq4k-ujnug-oxke7-o5aci-eae\"};
commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; };
manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }
}
}
}
}
)"
echo $PROPOSAL
# Make the proposal using quill
quill sns --canister-ids-file ../../utils/sns_canister_ids.json --pem-file $PEM_FILE make-proposal $PROPOSER_NEURON_ID --proposal "$PROPOSAL" > msg.json
quill send msg.json
rm -f msg.json
I get
I just don’t know what to put for the action
action=opt variant
{
ExecuteGenericNervousSystemFunction = record
{
function_id = (1004:nat64);
set_permissions = opt record
{
prepare = vec {principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; principal \"4jijx-ekel7-4t2kx-32cyf-wzo3t-i4tas-qsq4k-ujnug-oxke7-o5aci-eae\"};
commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; };
manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }
}
}
}
To summarize the situation, one way to grant permissions to the governance canister is by passing the governance canister ID as an argument when upgrading the asset canister.
Therefore, what you need to do is use quill sns make-upgrade-canister-proposal to upgrade the asset canister.
At that time, you need to pass the candid as an argument.
record
{
function_id = (1004:nat64);
set_permissions = opt record
{
prepare = vec {principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; principal \"4jijx-ekel7-4t2kx-32cyf-wzo3t-i4tas-qsq4k-ujnug-oxke7-o5aci-eae\"};
commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; };
manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }
}
}
What you are trying to do is to execute a custom function, which is incorrect.
quill sns \
--canister-ids-file ./sns_canister_ids.json \
--pem-file $PEM_FILE \
make-upgrade-canister-proposal \
--canister-upgrade-arg "$UPGRADE_ARG" \
--title "$TITLE" \
--url "$URL" \
--summary "$SUMMARY" \
--target-canister-id $TARGET_CANISTER_ID \
$PROPOSER_NEURON_ID
I feel this is good
Yeah sorry, it’s right. and also it needs --mode option
@Severin Where can we get the latest asset canister wasm binary?
Either here (use the branch for the dfx version you want to use), or in .dfx/<network name>/canisters/<frontend canister> after you dfx deploy
Ok so currently trying:
#!/bin/bash
echo begin
# Set current directory to the scripts root
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")
cd $SCRIPT_DIR
TITLE="Update Frontend Canister Permissions."
SUMMARY="Update the frontend canister permissions, adding commit permissions for the governance canister."
URL="https://openfpl.xyz"
CANISTER_NAME=OpenFPL_frontend
NETWORK="ic"
# Get the target canister id
TARGET_CANISTER_ID=$(dfx -qq canister --network $NETWORK id $CANISTER_NAME)
dfx identity use ic_admin
OWNER_IDENTITY=$(dfx identity whoami)
PEM_FILE="$(readlink -f "$HOME/.config/dfx/identity/${OWNER_IDENTITY}/identity.pem")"
PROPOSER_NEURON_ID=d2ccf59abe1741c21c35da7e3863d5d14c97d9b82b36045f4a8d4c336864f6dc
PROPOSAL="(record
{
title=\"$TITLE\";
url=\"$URL\";
summary=\"$SUMMARY\";
action=opt variant
{
UpgradeSnsControlledCanister = record
{
function_id = (1004:nat64);
set_permissions = opt record
{
prepare = vec {principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; principal \"4jijx-ekel7-4t2kx-32cyf-wzo3t-i4tas-qsq4k-ujnug-oxke7-o5aci-eae\"};
commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; };
manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }
}
}
}
}
)"
echo $PROPOSAL
# Make the proposal using quill
quill sns \
--canister-ids-file ../../utils/sns_canister_ids.json \
--pem-file $PEM_FILE \
make-upgrade-canister-proposal \
--canister-upgrade-arg "$UPGRADE_ARG" \
--title "$TITLE" \
--url "$URL" \
--summary "$SUMMARY" \
$PROPOSER_NEURON_ID \
--target-canister-id $TARGET_CANISTER_ID \
--wasm-path '../../../.dfx/ic/canisters/OpenFPL_frontend/assetstorage.wasm.gz'
> msg.json
quill send msg.json
rm -f msg.json
Pathed correctly but says it expects a “(”
the proposal that I echo looks well formed:
Where is the UPGRADE_ARG in your script?
Yeah that shouldn’t have been there
So the final proposal i ran to add the permission was:
#!/bin/bash
echo begin
# Set current directory to the scripts root
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")
cd $SCRIPT_DIR
TITLE="Update Frontend Canister Permissions."
SUMMARY="Update the frontend canister permissions, adding commit permissions for the governance canister."
URL="https://openfpl.xyz"
CANISTER_NAME=OpenFPL_frontend
NETWORK="ic"
# Get the target canister id
TARGET_CANISTER_ID=$(dfx -qq canister --network $NETWORK id $CANISTER_NAME)
dfx identity use ic_admin
OWNER_IDENTITY=$(dfx identity whoami)
PEM_FILE="$(readlink -f "$HOME/.config/dfx/identity/${OWNER_IDENTITY}/identity.pem")"
PROPOSER_NEURON_ID=d2ccf59abe1741c21c35da7e3863d5d14c97d9b82b36045f4a8d4c336864f6dc
PROPOSAL="(record
{
title=\"$TITLE\";
url=\"$URL\";
summary=\"$SUMMARY\";
action=opt variant
{
UpgradeSnsControlledCanister = record
{
function_id = (1004:nat64);
set_permissions = opt record
{
prepare = vec {
principal \"detjl-sqaaa-aaaaq-aacqa-cai\";
principal \"4jijx-ekel7-4t2kx-32cyf-wzo3t-i4tas-qsq4k-ujnug-oxke7-o5aci-eae\"
};
commit = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; };
manage_permissions = vec { principal \"detjl-sqaaa-aaaaq-aacqa-cai\"; }
}
}
}
)"
echo $PROPOSAL
# Make the proposal using quill
quill sns --canister-ids-file ../../utils/sns_canister_ids.json --pem-file $PEM_FILE make-upgrade-canister-proposal --title "$TITLE" --url "$URL" --summary "$SUMMARY" $PROPOSER_NEURON_ID --target-canister-id $TARGET_CANISTER_ID --wasm-path '../../../.dfx/ic/canisters/OpenFPL_frontend/assetstorage.wasm.gz' > msg.json
quill send msg.json
rm -f msg.json
Thanks @KinicDevContributor and @Severin
Hi @severin,
So it now tells me batch not found, I think that’s maybe because I submit the other one and it failed:
So I tried redoing it now I should have prepare permission:
but for some reason I’m now getting this error:
Like it’s trying to do the batch locally now… I don’t pass network into any of these functions but I don’t with the backend upgrade and quill seems to do that correctly…
Ok if I have the local built it lets me submit for ic but again I don’t have permission.
Investigating but I thought it would have been granted when I was given prepare permission.
