Ic-state-machine-tests has a lot of outdated dependencies

saikatdas0790 · January 11, 2023, 6:44am

Can we update the ic-state-machine-tests library dependencies to ones that aren’t outdated and don’t have security vulnerabilities? Here a list:

They are flagged by cargo for every package/canister that gets built.

They:

fill up the entire terminal with long lines of dependency tree text that makes it infeasible to check out earlier terminal output
are flagged by dependabot as security vulnerabilities in our Github repo

image980×336 29.9 KB
overall a security vulnerability even though they are limited to testing environments only.

Thoughts?
@roman-kashitsyn

P.S. I’m on a new-ish version of ic-state-machine-tests. Specifically from this commit.

frederikrothenberger · January 11, 2023, 3:01pm

Hi @saikatdas0790

I’m in the process of open sourcing a new library that can run the state-machine-test infrastructure as a pre-built binary.

Switching to that library will decouple your project from the IC repo completely, which will not only resolve the warnings but also speed up compile time a lot.

I’ll report back once the library is available via crates.io.

frederikrothenberger · January 12, 2023, 4:27pm

Hi @saikatdas0790

The library is now available on crates.io. For inspiration on how to use it, you can take a look at the integration tests in the Internet Identity repository.

Be aware, that it takes a while for a new IC commit to have the pre-built binary available. So if it does not work for the latest commit on master, maybe try a few older commits.

Lastly, the client library is incomplete. I.e. it has not all the features of the test-state-machine yet, but the client library repository is open to contributions.

I hope this resolves your issues. Let me know if you run into problems.

saikatdas0790 · January 13, 2023, 4:33am

Thank you so much for this. I’ll give it a try.

Here’s a friendly suggestion. It would be really helpful if we could list the missing features of the library compared to ic-state-machine-tests in the readme and mark them as done as more get implemented.

Otherwise, looks good.

I’ll come back with issues/feedback once I’ve tried it out on a large repo that uses ic-state-machine-tests right now. Give me a couple of days

Maxfinity · January 13, 2023, 11:46pm

Any plans to make the ic-state-machines-test work with http requests/ ecdsa signing? This would be very useful for many teams working in Rust.

frederikrothenberger · January 16, 2023, 8:50am

Hi @Maxfinity

Calling the http_request query on a canister is already supported. There are no plans to include an actual HTTP gateway to that infrastructure. If you require that, it would need to be added externally.

I’m not sure about ECDSA support. I’ll ask internally.

saikatdas0790 · January 31, 2023, 2:25pm

Hi @frederikrothenberger,

I’ve been working on migrating some of our tests over to this new binary and am stuck on this:

When provisioning a new canister, how does one specify the controllers of that canister? Specifically, I’m looking at this function.

Earlier, I was using these 2 functions to accomplish the same. They take an optional setting parameter which let us define the controllers.

Thoughts?

frederikrothenberger · February 1, 2023, 8:53am

Hi @saikatdas0790

You caught me being a bit lazy on the wrapper, sorry about that. There are two options here:

Expand the wrapper (i.e. create a PR) to provide an easy to use function to pass in the CanisterSettings similar to this function.
Manually issue a call to the ManagementCanister: I.e. you can send an UpdateCall to the ManagementCanister according to the interface spec here. I.e. do this:

let CanisterIdRecord { canister_id } = call_candid(
            self,
            Principal::management_canister(),
            "create_canister",
            (CreateCanisterArgument { settings: None },),
        )
        .map(|(x,)| x)
        .unwrap();

in your test and modify the settings to your liking.

If you have the time to spare, I would appreciate the PR to make the wrapper more convenient.

frederikrothenberger · February 1, 2023, 8:55am

Quick update on this matter:

I’m not sure about ECDSA support. I’ll ask internally.

Both HTTP outcalls and ECDSA signing would be possible to support, however there is no urgent need internally, so the priority is rather low unfortunately.

saikatdas0790 · February 1, 2023, 10:02am

Okay. I’ll send you a PR

saikatdas0790 · February 1, 2023, 5:07pm

Hi @frederikrothenberger,

I sent you a pull request here. Let me know if you have any feedback.

Otherwise feel free to merge and publish a new version. Thank you

frederikrothenberger · February 3, 2023, 11:20am

Hi @saikatdas0790

Thanks for your contribution!

Version 1.1.0 of the ic-test-state-machine-client crate has been published.

saikatdas0790 · February 21, 2023, 9:33am

Hi @frederikrothenberger

I’m looking at the integration tests in the II canister here:

github.com

dfinity/internet-identity/blob/main/src/canister_tests/src/framework.rs#L125-L151


      
          pub static STATE_MACHINE_BINARY: &str = "../../ic-test-state-machine";
          
          
pub fn env() -> StateMachine {
              let path = match env::var_os("STATE_MACHINE_BINARY") {
                  None => STATE_MACHINE_BINARY.to_string(),
                  Some(path) => path
                      .clone()
                      .into_string()
                      .unwrap_or_else(|_| panic!("Invalid string path for {path:?}")),
              };
          
          
    if !Path::new(&path).exists() {
                  println!("
                  Could not find state machine binary to run canister integration tests.
          
          
        I looked for it at {:?}. You can specify another path with the environment variable STATE_MACHINE_BINARY (note that I run from {:?}).
          
          
        Run the following command to get the binary:
                      curl -sLO https://download.dfinity.systems/ic/$commit/binaries/$platform/ic-test-state-machine.gz
                      gzip -d ic-test-state-machine.gz

This file has been truncated. show original

and they reference a binary that I’m not sure where to obtain from. Thoughts?

saikatdas0790 · February 24, 2023, 3:13am

Hi @frederikrothenberger

Any thoughts on the above?

frederikrothenberger · February 27, 2023, 9:27am

Hi @saikatdas0790

Are you talking about the STATE_MACHINE_BINARY? This is the file downloaded from https://download.dfinity.systems/ic/$commit/binaries/$platform/ic-test-state-machine.gz as later explained in the error message of this function
(which is the same as mentioned in the Readme here).

saikatdas0790 · March 8, 2023, 3:57am

Hi @frederikrothenberger

I managed to get the binary from the URL as instructed. However, the binary runs into the following error when I try to execute it.

I’m on Linux, btw

Thoughts?

Also, on a side note, is it not possible to ship the binary along with the library to crates.io to eliminate this confusing manual intermediate step?

saikatdas0790 · March 13, 2023, 6:56am

Hi @frederikrothenberger

Any updates on this? Is it possible to bundle the binary along with the Rust libary so that it just works? Let me know how to proceed.

Also, please provide inputs here if there’s something that can help.

Thank you

frederikrothenberger · March 13, 2023, 1:46pm

Hi @saikatdas0790

I’m really not sure, why this would not work for you. We have our CI running on Ubuntu, and it executes those exact commands. See here: internet-identity/canister-tests.yml at main · dfinity/internet-identity · GitHub

Could it be that you are running some other platform than x86_64?

As for bundling the binary into the lib: The binary is built from the IC repository using bazel, see here: ic/BUILD.bazel at master · dfinity/ic · GitHub

Given that the whole point of the binary is to decouple the client lib from the IC repository (and the bazel build process), I’d rather not reintroduce the dependency. Also, cargo is not really suited to distribute prebuilt binaries.

If you could try building the binary yourself directly from the IC repo, maybe you can get a version that runs on your machine?

saikatdas0790 · March 13, 2023, 2:08pm

@PaulLiu Are there any specific steps I need to take or configure to make the binary work on NixOS?

Any inputs you have would be helpful

PaulLiu · March 13, 2023, 11:12pm

The binaries downloaded from https://download.dfinity.systems are dynamically linked, and they have hardcoded library paths that may not exist on NixOS. Usually this can be fixed either by using patchelf on the downloaded binary itself, or by setting LD_LIBRARY_PATH. See Packaging/Binaries - NixOS Wiki for more explanation.

Topic		Replies	Views
Request: Publish `ic_state_machine_tests` as a separate package and provide documentation/guidance on how to use it Rust	4	613	October 24, 2022
IC-Kit v0.5 Developer Preview Rust	1	563	August 11, 2022
Best practices for integration tests of Rust canisters Developers	6	420	September 27, 2023
Please consider turning these stable structures into importable packages Rust	9	757	September 29, 2022
Feature Request: Mechanism to `use` ic-repl as a library from our Rust codebase and call as part of cargo test Rust	4	567	September 26, 2022

Ic-state-machine-tests has a lot of outdated dependencies

Related topics