Help with DAML_AUTHORIZATION_ERROR in lookupByKey

Questions
1

Hello, I’m using a script to migrate some contracts to an updated version 2 (in this specific case the V1 and V2 contract templates are identical) where the newAdmin is the upgraded version of V1 admin; however, I’m getting an INVALID_ARGUMENT: DAML_AUTHORIZATION_ERROR in the lookupByKey of the V2 contract where it requires authorizers TreeSet(“participant”) for lookup by key, but it only has TreeSet(“platform”,“admin”) ((actual ids aren’t given for simplicity, and the log ends in the middle of the “admin” id so I’m not sure if there is a third authorizer without assuming)). How can I make sure that V2.Contacts.Contact is given the correct authorizers, any help would be much appreciated!

The script is:

submitMulti [issuer, newAdmin] [issuer, newAdmin] do exerciseByKeyCmd @UpgradeContactProposal(issuer) UpgradeContact with certId = cert._1, admin = newAdmin

with the Upgrade Proposal:

template UpgradeContactProposal
  with
    issuer : Party
  where
    signatory issuer

    key issuer : Party
    maintainer key

    nonconsuming choice UpgradeContact : ContractId V2.Contacts.Contact
      with
        certId : ContractId V1.Participants.Contact
        admin: Party
      controller issuer, admin
      do cert <- fetch certId
         assert (cert.platform == issuer)
         newContractOpt <- lookupByKey @V2.Contacts.Contact (cert.contact, cert.admin, admin)
         case newContractOpt of
            None -> do
              create V2.Contacts.Contact with
                contact = cert.contact
                platform = cert.platform
                admin = admin
                participant = cert.admin
            Some contractId -> do
                return contractId

and V2 Contract:

template Contact
  with
    contact: Party
    platform: Party
    admin: Party
    participant: Party
  where
    signatory platform, participant
    observer contact, admin

    key (contact, participant, admin): (Party, Party, Party)
    maintainer key._2
2

lookupByKey requires authorization from all maintainers of the contract key. In your example the maintainer of the key is the participant party. The consequences of exercising the UpgradeContact choice on the UpgradeContactProposal, which include the lookupByKey action, are authorized by the signatories of the UpgradeContactProposal contract and the controllers of the UpgradeContact choice. In your example they amount to the issuer and the admin parties. The authorization from the participant party required for the lookupByKey action is missing, hence the error.
One way to fix this is to replace the participant party as the maintainer of the key with issuer or admin party (or both). Another way is to add the participant party as either the signatory on the UpgradeContactProposal contract or the controller of the UpgradeContact choice. In this case you’d also need to include the participant party in the list of parties passed as the first argument to the submitMulti function in your test script.

3

I added the participant party as a controller to the UpgradeContact choice and it now works perfectly - thanks!