Daml sandbox v2.0: fixing namespace

kctam · March 31, 2022, 8:21am

Hi team,

It is understood that daml sandbox v2.0 comes with a canton participant node, with the namespace changing every time we start it.

Is it possible to fix that namespace? Or at least give an option to do so? Reasons

(1) We have a CI environment built prior to 2.0, in which we are using hardcoded Party ID (fixed) as input for some contract creation. This breaks when we move to sandbox 2.0 as the Party we input needs to have the latest namespace.

(2) It makes sense to have this namespace for identity in a typical canton setup (multiple participant nodes), but the sandbox is just a one participant node + one domain. For dev/test purpose, there is no much need on the identity in a sandbox.

Or kindly advice if there is any workaround to address this challenge.

Many thanks in advance.

kc

Ratko_Veprek · March 31, 2022, 9:28am

Generally, if you assume static identities in your development setup, then it will start to fall apart once you try to deploy it to production, where the cryptographic keys are used to generate identities. Therefore, I’d recommend that you really fix your development setup.

However, if you want to preserve identities between deployments, you can export the private keys and use them to manually re-initialise the node. I’ve described this previously here:

cocreature · March 31, 2022, 9:29am

You might also want to read our blogpost on how you can work with the dynamic party ids in 2.0.

kctam · April 1, 2022, 8:35am

Thanks @Ratko_Veprek .

I tried to use daml sandbox and did something like key download/upload. Here are some findings.

Download/upload is not seen in the daml canton-console.

@ sandbox.keys.secret.
discard                   generate_signing_key      list
generate_encryption_key   help

I suspect it is because the daml canton-console is using remote-participants. I have tested this with canton examples/01-simple-topology and I see both upload and download.

@ participant1.keys.secret.
delete                    generate_encryption_key   list
discard                   generate_signing_key      upload
download                  help

Kindly advise if it is the case. If so, it seems I cannot download/upload key in the sandbox.

Many thanks.
kc

(PS: I have tested the recovery of namespace in a canton 2.0.0 setup. Thanks a lot for your post!)

Ratko_Veprek · April 1, 2022, 12:47pm

Download / Upload are only available for local nodes, not remote ones. I think you should be able to use a bootstrap script with the sandbox, so you could place these commands in the script.

kctam · April 1, 2022, 2:26pm

Great hints!

I have create a conf with canton.participants.sandbox.init.auto-init = false and a bootstrap file to run this

sandbox.keys.secret.upload("secret.key",Some("idm key"))
val namespace = "1220ac408737588147dab3091b3596b18b58a739b8341d7cbb0078af11857f336ebe"
sandbox.topology.namespace_delegations.authorize(TopologyChangeOp.Add, namespace, namespace, true)
sandbox.topology.init_id("sandbox", namespace)
val enc = sandbox.keys.secret.generate_encryption_key()
val sig = sandbox.keys.secret.generate_signing_key()
sandbox.topology.owner_to_key_mappings.authorize(TopologyChangeOp.Add, sandbox.id, enc.fingerprint, enc.purpose)
sandbox.topology.owner_to_key_mappings.authorize(TopologyChangeOp.Add, sandbox.id, sig.fingerprint, sig.purpose)
sandbox.domains.connect_local(local)

and successfully keep the namespace. Thanks a lot!

cheers,
kc

Topic		Replies	Views
Can the namespace be configurable by Admin in Canton? Questions canton	1	164	March 4, 2022
Canton offline key for static participant ID Questions canton	13	823	October 6, 2022
Daml 2.0 - How to change the sandbox ledger id? Questions daml , canton	4	248	March 7, 2022
Host party on multiple nodes using participants.json Questions daml-script	1	410	April 22, 2022
Uploaded a dar compiled with a 1.dev target Features & Bugs sdk , canton	2	382	October 3, 2022

Daml sandbox v2.0: fixing namespace

Related topics