Management Canister install_code method returns {"err":{"Unauthorized":null}}

brady · January 5, 2023, 3:35pm

Hey devs. I’m trying to get my Motoko canister to dynamically create a canister and then install wasm code in the same function to the newly generated canister (via the IC management canister). But when I call the methods install_code and uninstall_code in particular, I always get a {"err":{"Unauthorized":null}} response.

I have made sure that when creating the canister, both the parent canister and the caller are set as controllers, but it doesn’t seem to matter:

let create_canister = await managementCanister.create_canister({
            settings = ?{
                freezing_threshold = null;
                controllers = ?[Principal.fromActor(this), caller];
                memory_allocation = null;
                compute_allocation = null;
            }
        });

Strangely enough methods like stop_canister and delete_canister are working completely fine.
Here is the snippet where I call install_code :

let install_wasm = await managementCanister.install_code({
            arg = [];
            wasm_module = wasm;
            mode = #install;
            canister_id = create_canister.canister_id;
        });

I’ve tested both on my local network and on the IC with the same error. I can’t find the public source code for the management canister to troubleshoot what logic might be throwing the error. What am I doing wrong?

Severin · January 5, 2023, 4:04pm

I do not see the error. Here’s some code that I have deployed live that’s working that does the same thing, maybe you can try copy/pasting it in?

        let IC0 : Management = actor ("aaaaa-aa");
        let this = Principal.fromActor(self);
        var cycle_to_add = coupon.cycle;
        let canister_id = switch (Queue.popFront(canisters_reserve)) {
          case (?canister_id) { canister_id };
          case null {
            Cycles.add(cycle_to_add);
            cycle_to_add := 0;
            (await IC0.create_canister({ settings = ?{ controllers = ?[this] } })).canister_id;
          };
        };
        await IC0.install_code({
          mode = #install;
          canister_id = canister_id;
          wasm_module = binary;
          arg = Blob.fromArray([]);
        });

brady · January 5, 2023, 4:32pm

What is the description of your type Management @Severin ?

In my interface description, create_canister takes in 4 parameters in the settings object and the install_code.arg parameter is type [Nat8] not Blob. Even then, I don’t see what the error code “Unauthorized” has to do with any of this

peterparker · January 5, 2023, 5:43pm

If it could help I do following - creating canister, updating settings and then install

private func initNewStorageBucket(manager : Principal, user : UserId) : async (Principal) {
    Cycles.add(1_000_000_000_000);

    let {canister_id} = await ic.create_canister({settings = null});

    await canisterUtils.updateSettings(canister_id, manager);

    let arg : Blob = to_candid (user);

    await ic.install_code({
      arg;
      wasm_module = Blob.fromArray(storageWasm);
      mode = #install;
      canister_id;
    });

    return canister_id;
  };

...

public func updateSettings(canisterId : Principal, manager : Principal) : async () {
      let controllers : ?[Principal] = ?[canisterId, manager];

      await ic.update_settings(({
        canister_id = canisterId;
        settings = {
          controllers = controllers;
          freezing_threshold = null;
          memory_allocation = null;
          compute_allocation = null;
        };
      }));
    };

Beside settings, do you notice something different?

Do you call install_code from the same parent canister as the one you set as controller Principal.fromActor(this)?

Severin · January 5, 2023, 6:00pm

  type Management = actor {
    create_canister : ({ settings : ?CanisterSettings }) -> async ({
      canister_id : CanisterId;
    });
    install_code : ({
      mode : { #install; #reinstall; #upgrade };
      canister_id : CanisterId;
      wasm_module : Blob;
      arg : Blob;
    }) -> async ();
    update_settings : ({ canister_id : CanisterId; settings : CanisterSettings }) -> async ();
    deposit_cycles : ({ canister_id : Principal }) -> async ();
  };

I also don’t see how the error could be related…

skilesare · January 5, 2023, 6:29pm

I’m looking all over for documentation and examples on the motoko sugar discussed here: motoko/Changelog.md at master · dfinity/motoko · GitHub and https://github.com/dfinity/motoko/pull/3386

Does anyone have a playground example or article on this?

claudio · January 6, 2023, 11:43am

The documentation is very terse at the moment, with no separate tutorial style page yet:

Our tests, which could form the basis of worked examples, are here:

Simple uses:

github.com

dfinity/motoko/blob/master/test/run-drun/actor-class-mgmt.mo

import Prim "mo:⛔";
import Cycles = "cycles/cycles";
import Cs "actor-class-mgmt/C";

actor a {

  let ic00 = actor "aaaaa-aa" :
    actor {
      create_canister : {
        settings : ? {
          controllers : ?[Principal];
          compute_allocation: ?Nat;
          memory_allocation: ?Nat;
        freezing_threshold: ?Nat;
       }
     } -> async { canister_id : Principal };
   };

  let default_settings = { settings = null };
  // same as default but explicit

This file has been truncated. show original

More involved: a basic distributed map, upgrading its bucket actors using a protocol after upgrade.

Note these are not polished, but maybe you’ll still find them useful.

Part of the reason this is not yet described in an accessible tutorial is that it is still unsafe -
I had plans to add some more safety checks, trapping an upgrade if the upgrade is incompatible by doing a dynamic check.

claudio · January 6, 2023, 12:32pm

Could you maybe share a GH repo with the code and script that fails? That probably the easiest way to track it down.

Also, are you supplying cycles when you create the canister?

claudio · January 6, 2023, 12:41pm

Stupid question, but are the calls that are failing actually Motoko calls, or dfx calls? I don’t think you can call the management canister from dfx directly.

chenyan · January 6, 2023, 5:54pm

Can you try create_canister with a null setting, e.g. await managementCanister.create_canister({ settings = null });. This ensures the parent canister to be the controller of the child canister.

Regarding the type of create_canister, [Nat8] and Blob has the same Candid type, but Blob is more efficient and recommended.

brady · January 9, 2023, 5:20pm

Thank you for the troubleshooting everyone. I figured out the error was completely something I overlooked in my code. I was in fact calling my method from an unauthorized canister/principal which after the fact sounds really stupid to have to admit on the forum.

But I will now try to look into motoko sugar syntax pointed out by @skilesare to see if it is a possible alternative to calling the management canister:

github.com

dfinity/motoko/blob/master/Changelog.md#070-2022-08-25

# Motoko compiler changelog

## 0.7.5 (2022-12-23)

* motoko (`moc`)

  * Add new primitives for a default timer mechanism (#3542). These are
    ``` Motoko
    setTimer : (delayNanos : Nat64, recurring : Bool, job : () -> async ()) -> (id : Nat)
    cancelTimer : (id : Nat) -> ()
    ```
    By defining a `system func timer` the default mechanism can now be overridden by a custom
    implementation. Additionally by supplying the command-line flag `-no-timer` all aspects
    of timers can be suppressed, e.g. for space- or security-sensitive purposes, thus effectively
    reverting canisters to the pre-timers era.

  * bugfix: silence bogus cascading errors in stable compatibility check (#3645).

## 0.7.4 (2022-12-07)

This file has been truncated. show original

Once again, thank you for the troubleshooting!

Severin · January 10, 2023, 7:52am

As they say: Shit happens. To everyone.

Thanks for reporting back with the resolution!

Topic		Replies	Views
Trouble with wasm in install_code : Management Canister Developers Functional-Programming	4	720	May 26, 2022
Need help implementing install_code() canister method Developers	3	383	February 2, 2023
Install_code actor class leads to error "empty input" and "too few arguments" Developers	6	1161	January 24, 2022
Install_code() - Easiest way to convert a .wasm module to [Nat8]? Language Support	6	615	March 18, 2023
Dynamically creating new canisters: how to not hardcode WASM code? Motoko	2	113	April 16, 2024

Management Canister install_code method returns {"err":{"Unauthorized":null}}

Related Topics