From 1285943cca9cebd008484400e83bbe1baa35902a Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Sat, 27 Jul 2024 14:02:50 +0000 Subject: [PATCH 01/18] add log_visibility allowlist --- spec/_attachments/ic.did | 1 + spec/index.md | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/spec/_attachments/ic.did b/spec/_attachments/ic.did index 702b7ef4..190c1062 100644 --- a/spec/_attachments/ic.did +++ b/spec/_attachments/ic.did @@ -3,6 +3,7 @@ type wasm_module = blob; type log_visibility = variant { controllers; + allowlist : opt vec principal; public; }; diff --git a/spec/index.md b/spec/index.md index 21655d68..cb4d2b35 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2603,7 +2603,12 @@ The canister logs are *not* collected in canister methods running in non-replica The total size of all returned logs does not exceed 4KiB. If new logs are added resulting in exceeding the maximum total log size of 4KiB, the oldest logs will be removed. Logs persist across canister upgrades and they are deleted if the canister is reinstalled or uninstalled. -The log visibility is defined in the `log_visibility` field of `canister_settings`: logs can be either public (visible to everyone) or only visible to the canister's controllers (by default). + +The log visibility is defined in the `log_visibility` field of `canister_settings` and it can be: + +- `controllers`: only visible to the canister's controllers (by default) +- `allowlist`: visible to the provided list of principals +- `public`: visible to everyone A single log is a record with the following fields: From 916639b5da9d028aeb7d87cfd923bf9be8e15ca6 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Sat, 27 Jul 2024 14:11:53 +0000 Subject: [PATCH 02/18] . --- spec/index.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index cb4d2b35..519cf7c5 100644 --- a/spec/index.md +++ b/spec/index.md @@ -3247,6 +3247,7 @@ CanisterHistory = { } CanisterLogVisibility = Controllers + | AllowList | Public CanisterLog = { idx : Nat; @@ -3282,6 +3283,7 @@ S = { certified_data: CanisterId ↦ Blob; canister_history: CanisterId ↦ CanisterHistory; canister_log_visibility: CanisterId ↦ CanisterLogVisibility; + canister_log_allowlist: CanisterId ↦ Set Principal; canister_logs: CanisterId ↦ [CanisterLog]; query_stats: CanisterId ↦ [QueryStats]; system_time : Timestamp @@ -3359,6 +3361,7 @@ The initial state of the IC is certified_data = (); canister_history = (); canister_log_visibility = (); + canister_log_allowlist = (); canister_logs = (); query_stats = (); system_time = T; @@ -4208,6 +4211,8 @@ New_canister_history = { if A.settings.log_visibility is not null: New_canister_log_visibility = A.settings.log_visibility + if New_canister_log_visibility is AllowList: + New_canister_log_allowlist = A.settings.log_visibility ?? how to get allowlist? else: New_canister_log_visibility = Controllers @@ -4234,6 +4239,7 @@ S with query_stats[Canister_id] = [] canister_history[Canister_id] = New_canister_history canister_log_visibility[Canister_id] = New_canister_log_visibility + canister_log_allowlist[Canister_id] = New_canister_log_allowlist canister_logs[Canister_id] = [] messages = Older_messages · Younger_messages · ResponseMessage { @@ -4365,6 +4371,7 @@ S with canister_version[A.canister_id] = S.canister_version[A.canister_id] + 1 if A.settings.log_visibility is not null: canister_log_visibility[A.canister_id] = A.settings.log_visibility + // TODO: update canister_log_allowlist messages = Older_messages · Younger_messages · ResponseMessage { origin = M.origin @@ -5256,6 +5263,7 @@ S with certified_data[A.canister_id] = (deleted) canister_history[A.canister_id] = (deleted) canister_log_visibility[A.canister_id] = (deleted) + canister_log_allowlist[A.canister_id] = (deleted) canister_logs[A.canister_id] = (deleted) query_stats[A.canister_id] = (deleted) messages = Older_messages · Younger_messages · @@ -5450,6 +5458,7 @@ New_canister_history { if A.settings.log_visibility is not null: New_canister_log_visibility = A.settings.log_visibility + // TODO: update New_canister_log_allowlist else: New_canister_log_visibility = Controllers @@ -5474,6 +5483,7 @@ S with certified_data[Canister_id] = "" canister_history[Canister_id] = New_canister_history canister_log_visibility[Canister_id] = New_canister_log_visibility + canister_log_allowlist[Canister_id] = New_canister_log_allowlist canister_logs[Canister_id] = [] query_stats[CanisterId] = [] messages = Older_messages · Younger_messages · @@ -5883,7 +5893,7 @@ Q.canister_id = ic_principal Q.method_name = 'fetch_canister_logs' Q.arg = candid(A) A.canister_id = effective_canister_id -S[A.canister_id].canister_log_visibility = Public or Q.sender in S[A.canister_id].controllers +S[A.canister_id].canister_log_visibility = Public or Q.sender in S[A.canister_id].controllers or Q.sender in S[A.canister_id].canister_log_allowlist ``` From 600666445ccd3dc70686df1610a75b5aecd045f3 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Sat, 27 Jul 2024 14:13:49 +0000 Subject: [PATCH 03/18] add limit --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 519cf7c5..09423500 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2607,7 +2607,7 @@ Logs persist across canister upgrades and they are deleted if the canister is re The log visibility is defined in the `log_visibility` field of `canister_settings` and it can be: - `controllers`: only visible to the canister's controllers (by default) -- `allowlist`: visible to the provided list of principals +- `allowlist`: visible to the provided list of principals, max number is limited by 10 - `public`: visible to everyone A single log is a record with the following fields: From 45ebb5df84f94b73c7f7c655c2fee61c7f37fcde Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 06:18:36 +0000 Subject: [PATCH 04/18] wording --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 09423500..19fb1dcc 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2607,7 +2607,7 @@ Logs persist across canister upgrades and they are deleted if the canister is re The log visibility is defined in the `log_visibility` field of `canister_settings` and it can be: - `controllers`: only visible to the canister's controllers (by default) -- `allowlist`: visible to the provided list of principals, max number is limited by 10 +- `allowlist`: visible to the provided list of principals, the maximum length of the list is 10 - `public`: visible to everyone A single log is a record with the following fields: From 1c475ff638a45b37e3aff4e02051fcc6e1217b24 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 06:19:34 +0000 Subject: [PATCH 05/18] no opt --- spec/_attachments/ic.did | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/_attachments/ic.did b/spec/_attachments/ic.did index 190c1062..16d8d04a 100644 --- a/spec/_attachments/ic.did +++ b/spec/_attachments/ic.did @@ -3,7 +3,7 @@ type wasm_module = blob; type log_visibility = variant { controllers; - allowlist : opt vec principal; + allowlist : vec principal; public; }; From 87f503faa83f1201f5b42b8f9fda5972a8d8f0f6 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:21:12 +0000 Subject: [PATCH 06/18] allowed_viewers --- spec/_attachments/ic.did | 2 +- spec/index.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/_attachments/ic.did b/spec/_attachments/ic.did index 16d8d04a..d5a64271 100644 --- a/spec/_attachments/ic.did +++ b/spec/_attachments/ic.did @@ -3,7 +3,7 @@ type wasm_module = blob; type log_visibility = variant { controllers; - allowlist : vec principal; + allowed_viewers : vec principal; public; }; diff --git a/spec/index.md b/spec/index.md index 19fb1dcc..3a9fdbca 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2604,11 +2604,11 @@ The total size of all returned logs does not exceed 4KiB. If new logs are added resulting in exceeding the maximum total log size of 4KiB, the oldest logs will be removed. Logs persist across canister upgrades and they are deleted if the canister is reinstalled or uninstalled. -The log visibility is defined in the `log_visibility` field of `canister_settings` and it can be: +The log visibility is defined in the `log_visibility` field of `canister_settings`: -- `controllers`: only visible to the canister's controllers (by default) -- `allowlist`: visible to the provided list of principals, the maximum length of the list is 10 -- `public`: visible to everyone +- `controllers`: only canister's controllers can fetch logs (by default) +- `allowed_viewers`: only provided list of principals can fetch logs, the maximum length of the list is 10 +- `public`: everyone can fetch logs A single log is a record with the following fields: From 44d73af3a8b8a15a8590d9772c99d8cf2dd1923f Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:23:31 +0000 Subject: [PATCH 07/18] rm canister_log_allowlist --- spec/index.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/spec/index.md b/spec/index.md index 3a9fdbca..8339acf2 100644 --- a/spec/index.md +++ b/spec/index.md @@ -3283,7 +3283,6 @@ S = { certified_data: CanisterId ↦ Blob; canister_history: CanisterId ↦ CanisterHistory; canister_log_visibility: CanisterId ↦ CanisterLogVisibility; - canister_log_allowlist: CanisterId ↦ Set Principal; canister_logs: CanisterId ↦ [CanisterLog]; query_stats: CanisterId ↦ [QueryStats]; system_time : Timestamp @@ -3361,7 +3360,6 @@ The initial state of the IC is certified_data = (); canister_history = (); canister_log_visibility = (); - canister_log_allowlist = (); canister_logs = (); query_stats = (); system_time = T; @@ -4211,8 +4209,6 @@ New_canister_history = { if A.settings.log_visibility is not null: New_canister_log_visibility = A.settings.log_visibility - if New_canister_log_visibility is AllowList: - New_canister_log_allowlist = A.settings.log_visibility ?? how to get allowlist? else: New_canister_log_visibility = Controllers @@ -4239,7 +4235,6 @@ S with query_stats[Canister_id] = [] canister_history[Canister_id] = New_canister_history canister_log_visibility[Canister_id] = New_canister_log_visibility - canister_log_allowlist[Canister_id] = New_canister_log_allowlist canister_logs[Canister_id] = [] messages = Older_messages · Younger_messages · ResponseMessage { @@ -4371,7 +4366,6 @@ S with canister_version[A.canister_id] = S.canister_version[A.canister_id] + 1 if A.settings.log_visibility is not null: canister_log_visibility[A.canister_id] = A.settings.log_visibility - // TODO: update canister_log_allowlist messages = Older_messages · Younger_messages · ResponseMessage { origin = M.origin From 798aea7318f6a81745b4aec66d5aa65865b9c507 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:25:48 +0000 Subject: [PATCH 08/18] AllowedViewers --- spec/index.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/spec/index.md b/spec/index.md index 8339acf2..1ff5f3fa 100644 --- a/spec/index.md +++ b/spec/index.md @@ -5257,7 +5257,6 @@ S with certified_data[A.canister_id] = (deleted) canister_history[A.canister_id] = (deleted) canister_log_visibility[A.canister_id] = (deleted) - canister_log_allowlist[A.canister_id] = (deleted) canister_logs[A.canister_id] = (deleted) query_stats[A.canister_id] = (deleted) messages = Older_messages · Younger_messages · @@ -5452,7 +5451,6 @@ New_canister_history { if A.settings.log_visibility is not null: New_canister_log_visibility = A.settings.log_visibility - // TODO: update New_canister_log_allowlist else: New_canister_log_visibility = Controllers @@ -5477,7 +5475,6 @@ S with certified_data[Canister_id] = "" canister_history[Canister_id] = New_canister_history canister_log_visibility[Canister_id] = New_canister_log_visibility - canister_log_allowlist[Canister_id] = New_canister_log_allowlist canister_logs[Canister_id] = [] query_stats[CanisterId] = [] messages = Older_messages · Younger_messages · @@ -5887,7 +5884,7 @@ Q.canister_id = ic_principal Q.method_name = 'fetch_canister_logs' Q.arg = candid(A) A.canister_id = effective_canister_id -S[A.canister_id].canister_log_visibility = Public or Q.sender in S[A.canister_id].controllers or Q.sender in S[A.canister_id].canister_log_allowlist +S[A.canister_id].canister_log_visibility = Public or (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) or Q.sender in S[A.canister_id].controllers ``` From abd80e1b9fb7ace402cd04b2e9dd6269ad166f88 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:26:13 +0000 Subject: [PATCH 09/18] AllowedViewers --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 1ff5f3fa..66caea73 100644 --- a/spec/index.md +++ b/spec/index.md @@ -3247,7 +3247,7 @@ CanisterHistory = { } CanisterLogVisibility = Controllers - | AllowList + | AllowedViewers | Public CanisterLog = { idx : Nat; From d54ed5c6465eb4964b412f1621f909ae099b0c5d Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:31:25 +0000 Subject: [PATCH 10/18] . --- spec/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/index.md b/spec/index.md index 66caea73..59e252fd 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2604,10 +2604,10 @@ The total size of all returned logs does not exceed 4KiB. If new logs are added resulting in exceeding the maximum total log size of 4KiB, the oldest logs will be removed. Logs persist across canister upgrades and they are deleted if the canister is reinstalled or uninstalled. -The log visibility is defined in the `log_visibility` field of `canister_settings`: +The log visibility is defined in the `log_visibility` field of `canister_settings` and can be one of the following variants: - `controllers`: only canister's controllers can fetch logs (by default) -- `allowed_viewers`: only provided list of principals can fetch logs, the maximum length of the list is 10 +- `allowed_viewers` (`vec principal`): only provided list of principals can fetch logs, the maximum length of the list is 10 - `public`: everyone can fetch logs A single log is a record with the following fields: From 342770a11b6404a1c998a7352f44e14e9e0bd416 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:33:59 +0000 Subject: [PATCH 11/18] . --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 59e252fd..735902e4 100644 --- a/spec/index.md +++ b/spec/index.md @@ -3247,7 +3247,7 @@ CanisterHistory = { } CanisterLogVisibility = Controllers - | AllowedViewers + | AllowedViewers [Principal] | Public CanisterLog = { idx : Nat; From a399df4f84bc0fa5085007aa6f184c76db1cd4f9 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:34:58 +0000 Subject: [PATCH 12/18] wording --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 735902e4..2a391df3 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2607,7 +2607,7 @@ Logs persist across canister upgrades and they are deleted if the canister is re The log visibility is defined in the `log_visibility` field of `canister_settings` and can be one of the following variants: - `controllers`: only canister's controllers can fetch logs (by default) -- `allowed_viewers` (`vec principal`): only provided list of principals can fetch logs, the maximum length of the list is 10 +- `allowed_viewers` (`vec principal`): only the provided list of principals can fetch logs, the maximum length of the list is 10 - `public`: everyone can fetch logs A single log is a record with the following fields: From 1d2c1d17ca93205b09452d8637ef63b903181570 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Mon, 29 Jul 2024 09:40:04 +0000 Subject: [PATCH 13/18] canister_log_visibility = --- spec/index.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 2a391df3..170daa3d 100644 --- a/spec/index.md +++ b/spec/index.md @@ -5884,7 +5884,12 @@ Q.canister_id = ic_principal Q.method_name = 'fetch_canister_logs' Q.arg = candid(A) A.canister_id = effective_canister_id -S[A.canister_id].canister_log_visibility = Public or (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) or Q.sender in S[A.canister_id].controllers +S[A.canister_id].canister_log_visibility = + Public + or + (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) + or + (S[A.canister_id].canister_log_visibility = Controllers and Q.sender in S[A.canister_id].controllers) ``` From 08dbefe2ab12e2c298ee6c325d7f97ebee423ca3 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Tue, 30 Jul 2024 05:55:47 +0000 Subject: [PATCH 14/18] formatting --- spec/index.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/spec/index.md b/spec/index.md index 170daa3d..8bbfa6a5 100644 --- a/spec/index.md +++ b/spec/index.md @@ -5884,8 +5884,7 @@ Q.canister_id = ic_principal Q.method_name = 'fetch_canister_logs' Q.arg = candid(A) A.canister_id = effective_canister_id -S[A.canister_id].canister_log_visibility = - Public +(S[A.canister_id].canister_log_visibility = Public) or (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) or From ce6d08c8c0bf7d662611481895b488b5650afab0 Mon Sep 17 00:00:00 2001 From: Maksym Arutyunyan Date: Tue, 30 Jul 2024 08:53:45 +0000 Subject: [PATCH 15/18] change variants order --- spec/_attachments/ic.did | 2 +- spec/index.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/_attachments/ic.did b/spec/_attachments/ic.did index d5a64271..be17ef10 100644 --- a/spec/_attachments/ic.did +++ b/spec/_attachments/ic.did @@ -3,8 +3,8 @@ type wasm_module = blob; type log_visibility = variant { controllers; - allowed_viewers : vec principal; public; + allowed_viewers : vec principal; }; type canister_settings = record { diff --git a/spec/index.md b/spec/index.md index 8bbfa6a5..1a565746 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2607,8 +2607,8 @@ Logs persist across canister upgrades and they are deleted if the canister is re The log visibility is defined in the `log_visibility` field of `canister_settings` and can be one of the following variants: - `controllers`: only canister's controllers can fetch logs (by default) -- `allowed_viewers` (`vec principal`): only the provided list of principals can fetch logs, the maximum length of the list is 10 - `public`: everyone can fetch logs +- `allowed_viewers` (`vec principal`): only the provided list of principals can fetch logs, the maximum length of the list is 10 A single log is a record with the following fields: @@ -3247,8 +3247,8 @@ CanisterHistory = { } CanisterLogVisibility = Controllers - | AllowedViewers [Principal] | Public + | AllowedViewers [Principal] CanisterLog = { idx : Nat; timestamp_nanos : Nat; @@ -5885,10 +5885,10 @@ Q.method_name = 'fetch_canister_logs' Q.arg = candid(A) A.canister_id = effective_canister_id (S[A.canister_id].canister_log_visibility = Public) - or - (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) or (S[A.canister_id].canister_log_visibility = Controllers and Q.sender in S[A.canister_id].controllers) + or + (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) ``` From 8dd4edb8edf2bac6acea1404dbb42b62a98500ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Tackmann?= <54846571+Dfinity-Bjoern@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:29:56 +0200 Subject: [PATCH 16/18] Update spec/index.md Co-authored-by: mraszyk <31483726+mraszyk@users.noreply.github.com> --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 1a565746..243bf5bf 100644 --- a/spec/index.md +++ b/spec/index.md @@ -5888,7 +5888,7 @@ A.canister_id = effective_canister_id or (S[A.canister_id].canister_log_visibility = Controllers and Q.sender in S[A.canister_id].controllers) or - (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and Q.sender in Principals) + (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and (Q.sender in S[A.canister_id].controllers or Q.sender in Principals)) ``` From 95c04c1a03054db644666fcda2d47f4d35a094b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Tackmann?= <54846571+Dfinity-Bjoern@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:30:10 +0200 Subject: [PATCH 17/18] Update spec/index.md --- spec/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.md b/spec/index.md index 243bf5bf..2d1ad3e2 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2608,7 +2608,7 @@ The log visibility is defined in the `log_visibility` field of `canister_setting - `controllers`: only canister's controllers can fetch logs (by default) - `public`: everyone can fetch logs -- `allowed_viewers` (`vec principal`): only the provided list of principals can fetch logs, the maximum length of the list is 10 +- `allowed_viewers` (`vec principal`): only the provided list of principals and the canister's controllers can fetch logs, the maximum length of the list is 10 A single log is a record with the following fields: From f80e9c179eaded75ffaf16c8dab5f1721d4ec89e Mon Sep 17 00:00:00 2001 From: Martin Raszyk Date: Wed, 28 Aug 2024 19:56:32 +0200 Subject: [PATCH 18/18] wording --- spec/index.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/spec/index.md b/spec/index.md index 053a43fd..cd11ca5a 100644 --- a/spec/index.md +++ b/spec/index.md @@ -2506,9 +2506,15 @@ Logs persist across canister upgrades and they are deleted if the canister is re The log visibility is defined in the `log_visibility` field of `canister_settings` and can be one of the following variants: -- `controllers`: only canister's controllers can fetch logs (by default) -- `public`: everyone can fetch logs -- `allowed_viewers` (`vec principal`): only principals in the provided list and the canister's controllers can fetch logs, the maximum length of the list is 10 +- `controllers`: only the canister's controllers can fetch logs (default); +- `public`: everyone can fetch logs; +- `allowed_viewers` (`vec principal`): only principals in the provided list and the canister's controllers can fetch logs, the maximum length of the list is 10. + +A single log is a record with the following fields: + +- `idx` (`nat64`): the unique sequence number of the log for this particular canister; +- `timestamp_nanos` (`nat64`): the timestamp as nanoseconds since 1970-01-01 at which the log was recorded; +- `content` (`blob`): the actual content of the log; :::warning @@ -5903,9 +5909,9 @@ Q.method_name = 'fetch_canister_logs' Q.arg = candid(A) A.canister_id = effective_canister_id (S[A.canister_id].canister_log_visibility = Public) - or + or (S[A.canister_id].canister_log_visibility = Controllers and Q.sender in S[A.canister_id].controllers) - or + or (S[A.canister_id].canister_log_visibility = AllowedViewers Principals and (Q.sender in S[A.canister_id].controllers or Q.sender in Principals)) ```