diff --git a/core/station/api/spec.did b/core/station/api/spec.did index bd3a1a9ce..52364e5be 100644 --- a/core/station/api/spec.did +++ b/core/station/api/spec.did @@ -49,7 +49,6 @@ type RequestSpecifier = variant { SetDisasterRecovery; ChangeExternalCanister : ExternalCanisterId; FundExternalCanister : ExternalCanisterId; - MonitorExternalCanister : ExternalCanisterId; CreateExternalCanister; CallExternalCanister : CallExternalCanisterResourceTarget; EditPermission : ResourceSpecifier; @@ -1968,7 +1967,6 @@ type ExternalCanisterResourceAction = variant { Change : ExternalCanisterId; Read : ExternalCanisterId; Fund : ExternalCanisterId; - Monitor : ExternalCanisterId; Call : CallExternalCanisterResourceTarget; }; @@ -2590,8 +2588,6 @@ type ExternalCanisterCallerPrivileges = record { can_change : bool; // Whether or not the caller can fund the external canister. can_fund : bool; - // Whether or not the caller can monitor the external canister. - can_monitor : bool; // The list of methods that the caller can call on the external canister. can_call : vec ExternalCanisterCallerMethodsPrivileges; }; diff --git a/core/station/api/src/external_canister.rs b/core/station/api/src/external_canister.rs index 95dfc44e2..d3c0e38ff 100644 --- a/core/station/api/src/external_canister.rs +++ b/core/station/api/src/external_canister.rs @@ -306,7 +306,6 @@ pub struct ExternalCanisterCallerPrivilegesDTO { pub canister_id: Principal, pub can_change: bool, pub can_fund: bool, - pub can_monitor: bool, pub can_call: Vec, } diff --git a/core/station/api/src/request_policy.rs b/core/station/api/src/request_policy.rs index 1a49b533b..98001c18f 100644 --- a/core/station/api/src/request_policy.rs +++ b/core/station/api/src/request_policy.rs @@ -18,7 +18,6 @@ pub enum RequestSpecifierDTO { SetDisasterRecovery, ChangeExternalCanister(ExternalCanisterIdDTO), FundExternalCanister(ExternalCanisterIdDTO), - MonitorExternalCanister(ExternalCanisterIdDTO), CreateExternalCanister, CallExternalCanister(CallExternalCanisterResourceTargetDTO), EditPermission(ResourceSpecifierDTO), diff --git a/core/station/api/src/resource.rs b/core/station/api/src/resource.rs index 8362e216c..f13be8774 100644 --- a/core/station/api/src/resource.rs +++ b/core/station/api/src/resource.rs @@ -79,7 +79,6 @@ pub enum ExternalCanisterResourceActionDTO { Create, Read(ExternalCanisterIdDTO), Fund(ExternalCanisterIdDTO), - Monitor(ExternalCanisterIdDTO), Change(ExternalCanisterIdDTO), Call(CallExternalCanisterResourceTargetDTO), } diff --git a/core/station/impl/src/mappers/authorization.rs b/core/station/impl/src/mappers/authorization.rs index b6f13cb8a..06ba2ea75 100644 --- a/core/station/impl/src/mappers/authorization.rs +++ b/core/station/impl/src/mappers/authorization.rs @@ -250,8 +250,9 @@ impl From<&station_api::CreateRequestInput> for Resource { ExternalCanisterId::Canister(input.canister_id), )) } + // Monitoring of external canisters share the same `Fund` action privilege RequestOperationInput::MonitorExternalCanister(input) => { - Resource::ExternalCanister(ExternalCanisterResourceAction::Monitor( + Resource::ExternalCanister(ExternalCanisterResourceAction::Fund( ExternalCanisterId::Canister(input.canister_id), )) } diff --git a/core/station/impl/src/mappers/external_canister.rs b/core/station/impl/src/mappers/external_canister.rs index e4167d939..a7d170a45 100644 --- a/core/station/impl/src/mappers/external_canister.rs +++ b/core/station/impl/src/mappers/external_canister.rs @@ -116,7 +116,6 @@ impl From for station_api::ExternalCanisterCal canister_id: privileges.canister_id, can_change: privileges.can_change, can_fund: privileges.can_fund, - can_monitor: privileges.can_monitor, can_call: privileges.can_call.into_iter().map(Into::into).collect(), } } diff --git a/core/station/impl/src/mappers/request_operation.rs b/core/station/impl/src/mappers/request_operation.rs index de9effffc..b6bb8055a 100644 --- a/core/station/impl/src/mappers/request_operation.rs +++ b/core/station/impl/src/mappers/request_operation.rs @@ -1746,10 +1746,10 @@ impl RequestOperation { .. }) => { vec![ - Resource::ExternalCanister(ExternalCanisterResourceAction::Monitor( + Resource::ExternalCanister(ExternalCanisterResourceAction::Fund( ExternalCanisterId::Any, )), - Resource::ExternalCanister(ExternalCanisterResourceAction::Monitor( + Resource::ExternalCanister(ExternalCanisterResourceAction::Fund( ExternalCanisterId::Canister(*canister_id), )), ] diff --git a/core/station/impl/src/mappers/request_policy.rs b/core/station/impl/src/mappers/request_policy.rs index f1b8d9bf4..9fd8ba598 100644 --- a/core/station/impl/src/mappers/request_policy.rs +++ b/core/station/impl/src/mappers/request_policy.rs @@ -254,9 +254,6 @@ impl From for station_api::RequestSpecifierDTO { RequestSpecifier::FundExternalCanister(target) => { station_api::RequestSpecifierDTO::FundExternalCanister(target.into()) } - RequestSpecifier::MonitorExternalCanister(target) => { - station_api::RequestSpecifierDTO::MonitorExternalCanister(target.into()) - } RequestSpecifier::CreateExternalCanister => { station_api::RequestSpecifierDTO::CreateExternalCanister } @@ -322,9 +319,6 @@ impl From for RequestSpecifier { station_api::RequestSpecifierDTO::FundExternalCanister(target) => { RequestSpecifier::FundExternalCanister(target.into()) } - station_api::RequestSpecifierDTO::MonitorExternalCanister(target) => { - RequestSpecifier::MonitorExternalCanister(target.into()) - } station_api::RequestSpecifierDTO::CreateExternalCanister => { RequestSpecifier::CreateExternalCanister } @@ -444,11 +438,6 @@ impl RequestSpecifier { ExternalCanisterResourceAction::Fund(target.clone()), )] } - RequestSpecifier::MonitorExternalCanister(target) => { - vec![Resource::ExternalCanister( - ExternalCanisterResourceAction::Monitor(target.clone()), - )] - } RequestSpecifier::CreateExternalCanister => { vec![Resource::ExternalCanister( ExternalCanisterResourceAction::Create, diff --git a/core/station/impl/src/mappers/resource.rs b/core/station/impl/src/mappers/resource.rs index 71ee12106..acb91cb54 100644 --- a/core/station/impl/src/mappers/resource.rs +++ b/core/station/impl/src/mappers/resource.rs @@ -244,9 +244,6 @@ impl From for ExternalCanisterRe station_api::ExternalCanisterResourceActionDTO::Fund(target) => { ExternalCanisterResourceAction::Fund(target.into()) } - station_api::ExternalCanisterResourceActionDTO::Monitor(target) => { - ExternalCanisterResourceAction::Monitor(target.into()) - } station_api::ExternalCanisterResourceActionDTO::Call(target) => { ExternalCanisterResourceAction::Call(target.into()) } @@ -269,9 +266,6 @@ impl From for station_api::ExternalCanisterResou ExternalCanisterResourceAction::Fund(target) => { station_api::ExternalCanisterResourceActionDTO::Fund(target.into()) } - ExternalCanisterResourceAction::Monitor(target) => { - station_api::ExternalCanisterResourceActionDTO::Monitor(target.into()) - } ExternalCanisterResourceAction::Change(target) => { station_api::ExternalCanisterResourceActionDTO::Change(target.into()) } diff --git a/core/station/impl/src/migration.rs b/core/station/impl/src/migration.rs index 0ddfbe837..a75522362 100644 --- a/core/station/impl/src/migration.rs +++ b/core/station/impl/src/migration.rs @@ -300,7 +300,7 @@ impl<'de> Deserialize<'de> for RequestSpecifier { const REMOVED_VARIANTS: [&str; 1] = ["ChangeCanister"]; // IMPORTANT: The size of the array must be hardcoded, to make sure it can be checked at compile-time. - static EXPECTED_VARIANTS: [&str; 24] = { + static EXPECTED_VARIANTS: [&str; 23] = { let variants: [&str; CURRENT_VARIANTS.len() + REMOVED_VARIANTS.len()] = concat_str_arrays!(CURRENT_VARIANTS, REMOVED_VARIANTS); @@ -403,10 +403,6 @@ impl<'de> Deserialize<'de> for RequestSpecifier { let value = variant_access.newtype_variant()?; Ok(RequestSpecifier::FundExternalCanister(value)) } - "MonitorExternalCanister" => { - let value = variant_access.newtype_variant()?; - Ok(RequestSpecifier::MonitorExternalCanister(value)) - } _ => Err(de::Error::unknown_variant(&variant, &EXPECTED_VARIANTS)), } } diff --git a/core/station/impl/src/models/external_canister.rs b/core/station/impl/src/models/external_canister.rs index f1e98c0af..43051ae91 100644 --- a/core/station/impl/src/models/external_canister.rs +++ b/core/station/impl/src/models/external_canister.rs @@ -118,7 +118,6 @@ pub struct ExternalCanisterCallerPrivileges { pub canister_id: Principal, pub can_change: bool, pub can_fund: bool, - pub can_monitor: bool, pub can_call: Vec, } diff --git a/core/station/impl/src/models/request_specifier.rs b/core/station/impl/src/models/request_specifier.rs index 1b6af47d4..646520bca 100644 --- a/core/station/impl/src/models/request_specifier.rs +++ b/core/station/impl/src/models/request_specifier.rs @@ -67,7 +67,6 @@ pub enum RequestSpecifier { ChangeExternalCanister(ExternalCanisterId), CallExternalCanister(CallExternalCanisterResourceTarget), FundExternalCanister(ExternalCanisterId), - MonitorExternalCanister(ExternalCanisterId), EditPermission(ResourceSpecifier), AddRequestPolicy, EditRequestPolicy(ResourceIds), @@ -88,7 +87,6 @@ impl ModelValidator for RequestSpecifier { | RequestSpecifier::SystemUpgrade | RequestSpecifier::ChangeExternalCanister(_) | RequestSpecifier::FundExternalCanister(_) - | RequestSpecifier::MonitorExternalCanister(_) | RequestSpecifier::CreateExternalCanister | RequestSpecifier::AddRequestPolicy | RequestSpecifier::ManageSystemInfo @@ -151,9 +149,6 @@ impl From<&RequestSpecifier> for RequestOperationType { } RequestSpecifier::CallExternalCanister(_) => RequestOperationType::CallExternalCanister, RequestSpecifier::FundExternalCanister(_) => RequestOperationType::FundExternalCanister, - RequestSpecifier::MonitorExternalCanister(_) => { - RequestOperationType::MonitorExternalCanister - } RequestSpecifier::AddRequestPolicy => RequestOperationType::AddRequestPolicy, RequestSpecifier::EditRequestPolicy(_) => RequestOperationType::EditRequestPolicy, RequestSpecifier::RemoveRequestPolicy(_) => RequestOperationType::RemoveRequestPolicy, diff --git a/core/station/impl/src/models/resource.rs b/core/station/impl/src/models/resource.rs index 751fae52d..0b44df7dc 100644 --- a/core/station/impl/src/models/resource.rs +++ b/core/station/impl/src/models/resource.rs @@ -16,7 +16,7 @@ use crate::{ models::CanisterMethod, }; -/// The deserile implementation is available in the migration module for the `Resource` enum, this is +/// The deserialize implementation is available in the migration module for the `Resource` enum, this is /// because the enum had a backward incompatible change in the past and the migration module is handling /// the deserialization of the old data. #[storable(skip_deserialize = true)] @@ -63,7 +63,6 @@ impl ModelValidator for Resource { | ExternalCanisterResourceAction::Create | ExternalCanisterResourceAction::Change(_) | ExternalCanisterResourceAction::Fund(_) - | ExternalCanisterResourceAction::Monitor(_) | ExternalCanisterResourceAction::Read(_) => (), ExternalCanisterResourceAction::Call(target) => target.validate()?, }, @@ -172,7 +171,6 @@ pub enum ExternalCanisterResourceAction { Change(ExternalCanisterId), Read(ExternalCanisterId), Fund(ExternalCanisterId), - Monitor(ExternalCanisterId), Call(CallExternalCanisterResourceTarget), } @@ -404,34 +402,6 @@ impl Resource { associated_resources } - ExternalCanisterResourceAction::Monitor(ExternalCanisterId::Any) => { - vec![ - Resource::ExternalCanister(ExternalCanisterResourceAction::Monitor( - ExternalCanisterId::Any, - )), - // The following additional resources also enable the user to perform the `Monitor` action. - Resource::ExternalCanister(ExternalCanisterResourceAction::Change( - ExternalCanisterId::Any, - )), - ] - } - ExternalCanisterResourceAction::Monitor(ExternalCanisterId::Canister(id)) => { - let mut associated_resources = Resource::ExternalCanister( - ExternalCanisterResourceAction::Monitor(ExternalCanisterId::Any), - ) - .to_expanded_list(); - - associated_resources.push(Resource::ExternalCanister( - ExternalCanisterResourceAction::Monitor(ExternalCanisterId::Canister(*id)), - )); - - // The following additional resources also enable the user to perform the `Monitor` action. - associated_resources.push(Resource::ExternalCanister( - ExternalCanisterResourceAction::Change(ExternalCanisterId::Canister(*id)), - )); - - associated_resources - } ExternalCanisterResourceAction::Change(ExternalCanisterId::Any) => { vec![Resource::ExternalCanister( ExternalCanisterResourceAction::Change(ExternalCanisterId::Any), @@ -722,9 +692,6 @@ impl Display for ExternalCanisterResourceAction { ExternalCanisterResourceAction::Fund(target) => { write!(f, "Fund({})", target) } - ExternalCanisterResourceAction::Monitor(target) => { - write!(f, "Monitor({})", target) - } ExternalCanisterResourceAction::Call(target) => { write!(f, "Call({})", target) } diff --git a/core/station/impl/src/services/external_canister.rs b/core/station/impl/src/services/external_canister.rs index 84a21865b..c5f1a5070 100644 --- a/core/station/impl/src/services/external_canister.rs +++ b/core/station/impl/src/services/external_canister.rs @@ -280,12 +280,6 @@ impl ExternalCanisterService { ExternalCanisterId::Canister(*canister_id), )), ), - can_monitor: Authorization::is_allowed( - ctx, - &Resource::ExternalCanister(ExternalCanisterResourceAction::Monitor( - ExternalCanisterId::Canister(*canister_id), - )), - ), can_call: self .find_external_canister_call_permissions(canister_id) .iter() @@ -1078,13 +1072,6 @@ impl ExternalCanisterService { )), )); - self.permission_service - .remove_permission(&Resource::ExternalCanister( - ExternalCanisterResourceAction::Monitor(ExternalCanisterId::Canister( - external_canister.canister_id, - )), - )); - // Remove all permissions related to the external canister. self.permission_repository .find_external_canister_call_permissions(&external_canister.canister_id)