multi: bake super macaroon during stateless init mode (V2) #858
Conversation
|
cc @ViktorTigerstrom for approach ACK here. Decided to open a new PR instead of pushing to the old PR since the approaches are completely different |
There was a problem hiding this comment.
Definitely prefer this approach compared to #844, as it's much cleaner and easier to use for users. Awesome job 🚀🔥!
There's one issue though that neither this or the other PR addresses unfortunately, that'll require some refactoring (potentially quite big, and I'm not quite sure we'll be able be able to address it easily😞):
Both of these PRs will require that the macaroonService has started. Now the reason why that's problematic is because that only happens in the startInternalSubServers, which is only executed after both lnd has been fully synced, and our internal sub-servers have been started. Now the reason that's problematic is that the feedback we've gotten from our users is that they wouldn't like to wait for lnd to be fully synced before macaroons can be generated.
I think we miiight potentially be able to make a bakesupermacaroon call in stateless_init mode work before lnd has been fully synced, as it only require a Basic Lnd Client (and it's the Full Lnd Client in setUpLNDClients that requires the chain sync). The perms for all sub-servers are also added in initSubServers which is executed way earlier, so the perms manager is aware of all different sub-servers permissions before the sub-servers are started.
If you do think that's a user requirement this PR/functionality shouldn't address, let me know, as I then prefer this approach over the other PR!
| // daemons. In all other cases we want default macaroons so we | ||
| // can use the CLI tools to interact with loop/pool/faraday. | ||
| macService := g.lndInterceptorChain.MacaroonService() | ||
| createDefaultMacaroons = !macService.StatelessInit |
There was a problem hiding this comment.
Noting that this happens after terminal.go setUpLNDClients has been executed.
|
Thanks for the feedback @ViktorTigerstrom - although, iiuc, This should not be an issue since we should not be hitting LiT's macaroon service for this call if an LND admin macaroon is passed in. We only hit that if there is an error validating the macaroon via or if the |
|
@ViktorTigerstrom - see latest commit |
|
Thank for the response and update @ellemouton!
Oh interesting, I hit the "the macaroon service has not started yet" when testing it locally during the review. I'll test again with your changes though, as I there may have been some issue on my side :) |
No i dont think there was a specific issue on your side - it makes sense that we would hit that error if the My main point is that it doesnt make sense to need to wait for LiTs macaroon service to be started for this since it is not required for what we are doing here. |
There was a problem hiding this comment.
tACK LGTM 🚀🎉, after fixing the release notes issue!
You were right Elle, I think I mistook that error due to the late assignment that's now fixed 🙂!
Really like that this functionally can handle any of lnd admin macs, previously baked macs, and also normal lit.macaroon:s 🔥
|
@guggero: review reminder |
|
will try get round to adding an itest this week. |
ellemouton
force-pushed
the
bakeSuperMacInStatelessV2
branch
3 times, most recently
from
1e4bd50 to
7a94f5a
Compare
|
Alrighty, itest added. pls see from commit |
So that it is easy to check elsewhere if we are in this mode.
In this commit, we special case the handling of BakeSuperMacaroon so as
to allow a user to make use of `litcli bakesupermacaroon` while LiT is
running in stateless init mode. The handling is as follows:
- if the call to _LiT's_ BakeSuperMacaroon is made while in stateless
init mode then we can assume that the macaroon provided is either:
1) an LND native macaroon which may or may not have the
necessary permissions for the _LND_
"/lnrpc.Lightning/BakeMacaroon" call.
2) a baked macaroon (possibly a super macaroon) which may or may
not have the permissions to the _LiT_
"/litrpc.Proxy/BakeSuperMacaroon" call.
For case 1: we check that the provided macaroon has the correct perms.
If it does, then we use LiT's existing connection to LND to bake the
super mac.
For case 2: we have a macaroon that doesnt have LND's bakemac call perms
directly but does have LiT's BakeSuperMac perms. So for this, we treat
the call as normal and verify using LiT's macaroon validator as normal.
So that it is set correctly by the time we potentially want to special case the handling of the bakesupermacaroon method. This is required in the case where the full LND connection takes long to create due to it blocking on LND being fully synced.
Use LiT's new(ish) BakeSuperMacaroon endpoint instead of redefining all the logic again.
This is so that we can use this Wait function to check the state of sub-servers even when LiT is running in stateless init mode. As currently, a macaroon is used to make a call to each sub-server which we wont have access to in stateless init mode. This commit also adds a new WaitForLNDWalletReady call which only waits for LND's wallet to be ready. We'll use this during the set-up of a stateless init node in an itest so that we can know when we are able to Create the wallet.
So that a node can be started without unlocking the wallet.
ellemouton
force-pushed
the
bakeSuperMacInStatelessV2
branch
from
7a94f5a to
44a7065
Compare
This will be used in our stateless init tests to initialise a LiT node in stateless init mode. This method handles the creation of the wallet and returns the LND admin macaroon that we can use.
Extract some of the tests used for the integrated and remote mode tests and re-use them in a new test that runs them against a node stareted in state-less init mode.
ellemouton
force-pushed
the
bakeSuperMacInStatelessV2
branch
from
44a7065 to
a38837d
Compare
| charlie, adminMac := net.NewNodeWithSeed( | ||
| t.t, "Charlie", nil, walletPassword, false, true, | ||
| ) |
There was a problem hiding this comment.
Should we maybe add test coverage for what the intended behaviour is when attempting to use a remote lnd node + stateless init mode, as we've had users who have attempted that? Else feel free to disable setting both of them to true in the NewNodeWithSeed function.
There was a problem hiding this comment.
what would such a test look like though? cause lit would just fail to connect to lnd cause there would be no macaroon to authenticate itself
There was a problem hiding this comment.
Else feel free to disable setting both of them to true in the NewNodeWithSeed function.
dont think we need to explicitly guard against the set-up though - the test will fail either way :)
There was a problem hiding this comment.
gonna merge this in the mean time & we can continue discussion offline with possible follow up 👍
4 participants
An alternative approach to #844
Looking for approach ACK here first (ie, ACK-ing this approach over #844) after which I'll work on an itest.
Replaces #844
In this commit, we special case the handling of BakeSuperMacaroon so as
to allow a user to make use of
litcli bakesupermacaroonwhile LiT isrunning in stateless init mode. The handling is as follows:
init mode then we can assume that the macaroon provided is either:
1) an LND native macaroon which may or may not have the
necessary permissions for the LND
"/lnrpc.Lightning/BakeMacaroon" call.
2) a baked macaroon (possibly a super macaroon) which may or may
not have the permissions to the LiT
"/litrpc.Proxy/BakeSuperMacaroon" call.
For case 1: we check that the provided macaroon has the correct perms.
If it does, then we use LiT's existing connection to LND to bake the
super mac.
For case 2: we have a macaroon that doesnt have LND's bakemac call perms
directly but does have LiT's BakeSuperMac perms. So for this, we treat
the call as normal and verify using LiT's macaroon validator as normal.
Fixes #736