Skip to content

feat: add log_visibility to canister settings manifest #312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marc0olo merged 6 commits into from
Jan 30, 2026
Merged

feat: add log_visibility to canister settings manifest #312

marc0olo merged 6 commits into from
Jan 30, 2026

Conversation

@marc0olo
Copy link
Member

@marc0olo marc0olo commented Jan 27, 2026
edited
Loading

Summary

Add support for configuring log_visibility in icp.yaml and canister.yaml manifest files. This allows users to control who can read canister logs directly in their project configuration:

settings:
  log_visibility: public  # or "controllers"

Previously, log_visibility could only be changed via the CLI command icp canister settings update --log-visibility.

Changes

Core functionality

  • Add LogVisibility enum to icp::canister module with JsonSchema support for manifest validation
  • Add log_visibility field to Settings struct
  • Update canister settings sync to apply log_visibility during deployment
  • Pass log_visibility to cycles ledger during canister create and deploy
  • Regenerate JSON schemas

Files changed

  • crates/icp/src/canister/mod.rs - Add LogVisibility enum and conversions
  • crates/icp-canister-interfaces/src/cycles_ledger.rs - Add LogVisibility to CanisterSettingsArg
  • crates/icp-cli/src/commands/canister/create.rs - Pass log_visibility during creation
  • crates/icp-cli/src/operations/settings.rs - Apply log_visibility during sync
  • docs/schemas/*.json - Updated JSON schemas

Testing

Added comprehensive tests:

  • canister_create_with_settings - Tests manifest log_visibility with create + sync workflow
  • canister_settings_sync_log_visibility - Tests syncing log_visibility from manifest after deploy

Note on PocketIC limitation

The test environment (PocketIC) uses a fake-cmc that doesn't support log_visibility during canister creation. The real cycles ledger on mainnet does support it. The tests work around this by syncing settings after creation, which uses the management canister directly and works correctly.

@marc0olo marc0olo requested a review from a team as a code owner January 27, 2026 16:45
@marc0olo marc0olo marked this pull request as draft January 27, 2026 16:45
@marc0olo marc0olo marked this pull request as ready for review January 28, 2026 00:25
@marc0olo marc0olo enabled auto-merge (squash) January 28, 2026 00:26
raymondk
raymondk reviewed Jan 28, 2026
View reviewed changes
crates/icp-cli/src/operations/settings.rs Outdated
if compute_allocation.is_none_or(|s| s == current_settings.compute_allocation)
if log_visibility_setting
.as_ref()
.is_none_or(|s| *s == current_settings.log_visibility)
Copy link
Contributor

@raymondk raymondk Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this going to work when the settings are for allowed principals and the array is not in the same order or do we not care?

Copy link
Member Author

@marc0olo marc0olo Jan 28, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually is was not possible to set allowed viewers via config yet. I just added this, too.

the updated code now also checks if the values for allowed_viewers (log_visibility) and environment_variables have changed so that we avoid unnecessary update calls.

or do we want to always trigger an update call, also if just the order is changed? 🤔

marc0olo and others added 3 commits January 28, 2026 13:13
@marc0olo @claude
feat: add log_visibility to canister settings manifest
9501b0c 
Add support for configuring log_visibility in icp.yaml and canister.yaml
files. This allows users to set who can read canister logs directly in
their project configuration:

```yaml
settings:
  log_visibility: public  # or "controllers"
```

Previously, log_visibility could only be changed via the CLI command
`icp canister settings update --log-visibility`, not in manifest files.

Changes:
- Add LogVisibility enum to icp::canister module with JsonSchema support
- Add log_visibility field to Settings struct
- Update settings sync to apply log_visibility during deployment
- Regenerate JSON schemas

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@marc0olo
fix: pass log_visibility to cycles ledger during canister creation an…
eb300d3 
…d fix test for PocketIC limitation
@marc0olo
feat: add allowed_viewers to manifest and fix order-insensitive setti…
2583a8a 
…ngs comparison
@marc0olo marc0olo force-pushed the marc0olo/fix-log-visibility-settings branch from e549c20 to 2583a8a Compare January 28, 2026 12:34
adamspofford-dfinity
adamspofford-dfinity reviewed Jan 28, 2026
View reviewed changes
crates/icp/src/canister/mod.rs
#[serde(rename_all = "lowercase")]
#[derive(Clone, Debug, Default, PartialEq, Serialize)]
#[serde(rename_all = "snake_case")]
pub enum LogVisibility {
Copy link
Contributor

@adamspofford-dfinity adamspofford-dfinity Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Serialization, deserialization, and the schema shouldn't have three different structures. If there's multiple ways it can look, it should use multiple serde entities.

crates/icp-cli/src/operations/settings.rs
if compute_allocation.is_none_or(|s| s == current_settings.compute_allocation)
if log_visibility_setting
.as_ref()
.is_none_or(|s| log_visibility_eq(s, &current_settings.log_visibility))
Copy link
Contributor

@adamspofford-dfinity adamspofford-dfinity Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also update icp canister settings update to warn for this field like the others.

crates/icp-cli/tests/canister_settings_tests.rs
}

#[tokio::test]
async fn canister_settings_sync_log_visibility() {
Copy link
Contributor

@adamspofford-dfinity adamspofford-dfinity Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a test case for allowed_principals?

@marc0olo
Copy link
Member Author

marc0olo commented Jan 29, 2026

@adamspofford-dfinity your feedback should be addressed now. here the summary of the recent follow-up commit:

  • Refactor LogVisibility serialization/deserialization to use shared helper
    types (LogVisibilityDef, LogVisibilitySimple) instead of three separate
    structures, while maintaining custom error messages via Visitor pattern
  • Add warning when updating log_visibility via CLI if already configured
    in icp.yaml, consistent with other settings warnings
  • Add integration test for allowed_viewers variant in manifest sync workflow

The refactored implementation reduces duplication by having Serialize and
Deserialize share the same helper types, improving maintainability while
preserving user-friendly error messages for invalid inputs.

@marc0olo marc0olo merged commit bf15a1e into main Jan 30, 2026
76 checks passed
@marc0olo marc0olo deleted the marc0olo/fix-log-visibility-settings branch January 30, 2026 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raymondk raymondk raymondk left review comments

@adamspofford-dfinity adamspofford-dfinity adamspofford-dfinity approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marc0olo @raymondk @adamspofford-dfinity