feat: allow the engine controller to call update_subnet#10433
feat: allow the engine controller to call update_subnet#10433pietrodimarco-dfinity wants to merge 2 commits into
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
This pull request changes code owned by the Governance team. Therefore, make sure that
you have considered the following (for Governance-owned code):
-
Update
unreleased_changelog.md(if there are behavior changes, even if they are
non-breaking). -
Are there BREAKING changes?
-
Is a data migration needed?
-
Security review?
How to Satisfy This Automatic Review
-
Go to the bottom of the pull request page.
-
Look for where it says this bot is requesting changes.
-
Click the three dots to the right.
-
Select "Dismiss review".
-
In the text entry box, respond to each of the numbered items in the previous
section, declare one of the following:
-
Done.
-
$REASON_WHY_NO_NEED. E.g. for
unreleased_changelog.md, "No
canister behavior changes.", or for item 2, "Existing APIs
behave as before.".
Brief Guide to "Externally Visible" Changes
"Externally visible behavior change" is very often due to some NEW canister API.
Changes to EXISTING APIs are more likely to be "breaking".
If these changes are breaking, make sure that clients know how to migrate, how to
maintain their continuity of operations.
If your changes are behind a feature flag, then, do NOT add entrie(s) to
unreleased_changelog.md in this PR! But rather, add entrie(s) later, in the PR
that enables these changes in production.
Reference(s)
For a more comprehensive checklist, see here.
GOVERNANCE_CHECKLIST_REMINDER_DEDUP
Relax `update_subnet`'s authorization from governance-only to governance-or-engine-controller (the same gate already used by `create_subnet` / `delete_subnet`), so the engine controller canister can update the subnets it manages -- e.g. to halt or resume them -- by calling `update_subnet` directly, without an NNS proposal.
pietrodimarco-dfinity
force-pushed
the
pdm/registry-halt-subnet
branch
from
283cee4 to
c439f7d
Compare
pietrodimarco-dfinity
changed the title
Add PocketIC-based authorization tests mirroring the existing create_subnet / delete_subnet coverage: both governance and the engine controller can call update_subnet and the change takes effect, while an otherwise-unauthorized principal is rejected.
1 participant
What
Relax
update_subnet's authorization in the registry canister from governance-only to governance-or-engine-controller (the same gate already used bycreate_subnet/delete_subnet), so the engine controller canister can update the subnets it manages — e.g. to halt or resume them — by callingupdate_subnetdirectly, without an NNS proposal.Diff
One line in
rs/registry/canister/canister/canister.rs:Tests
update_subnetauthorization tests still hold: anonymous callers and non-authorized canisters are rejected, governance is accepted — the gate is only widened to also allow the engine controller.update_subnetpath is covered by the PocketIC integration test in the stacked engine-controller PR (feat: let the engine controller update subnets via update_subnet #10434), which passed locally along with the candid test.