itest: add macaroon auth to client conn

lightninglabs · Sep 11, 2020 · 699d359 · 699d359
1 parent 0ff7cd0
commit 699d359
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 4 deletions.
diff --git a/itest/rpc.go b/itest/rpc.go
@@ -2,10 +2,13 @@ package itest
 
 import (
 	"fmt"
+	"io/ioutil"
 
 	"github.com/btcsuite/btcd/rpcclient"
+	"github.com/lightningnetwork/lnd/macaroons"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
+	"gopkg.in/macaroon.v2"
 
 	"github.com/lightninglabs/faraday/frdrpc"
 )
@@ -26,17 +29,24 @@ func getBitcoindClient() (*rpcclient.Client, error) {
 
 // getFaradayClient returns an rpc client connection to the running faraday
 // instance.
-func getFaradayClient(address, tlsCertPath string) (frdrpc.FaradayServerClient,
-	error) {
+func getFaradayClient(address, tlsCertPath,
+	macaroonPath string) (frdrpc.FaradayServerClient, error) {
 
 	tlsCredentials, err := credentials.NewClientTLSFromFile(tlsCertPath, "")
 	if err != nil {
 		return nil, fmt.Errorf("unable to load TLS cert %s: %v",
 			tlsCertPath, err)
 	}
 
+	macaroonOptions, err := readMacaroon(macaroonPath)
+	if err != nil {
+		return nil, fmt.Errorf("unable to load macaroon %s: %v",
+			macaroonPath, err)
+	}
+
 	opts := []grpc.DialOption{
 		grpc.WithTransportCredentials(tlsCredentials),
+		macaroonOptions,
 	}
 
 	conn, err := grpc.Dial(address, opts...)
@@ -47,3 +57,22 @@ func getFaradayClient(address, tlsCertPath string) (frdrpc.FaradayServerClient,
 
 	return frdrpc.NewFaradayServerClient(conn), nil
 }
+
+// readMacaroon tries to read the macaroon file at the specified path and create
+// gRPC dial options from it.
+func readMacaroon(macaroonPath string) (grpc.DialOption, error) {
+	// Load the specified macaroon file.
+	macBytes, err := ioutil.ReadFile(macaroonPath)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read macaroon path : %v", err)
+	}
+
+	mac := &macaroon.Macaroon{}
+	if err = mac.UnmarshalBinary(macBytes); err != nil {
+		return nil, fmt.Errorf("unable to decode macaroon: %v", err)
+	}
+
+	// Now we append the macaroon credentials to the dial options.
+	cred := macaroons.NewMacaroonCredential(mac)
+	return grpc.WithPerRPCCredentials(cred), nil
+}
diff --git a/itest/test_context.go b/itest/test_context.go
@@ -32,7 +32,8 @@ var (
 
 	faradayCmd = "./faraday"
 
-	faradayCertPath = "/root/.faraday/regtest/tls.cert"
+	faradayCertPath     = "/root/.faraday/regtest/tls.cert"
+	faradayMacaroonPath = "/root/.faraday/regtest/faraday.macaroon"
 
 	faradayArgs = []string{
 		"--rpclisten=localhost:8465",
@@ -521,7 +522,7 @@ func (c *testContext) startFaraday() {
 	var err error
 	c.eventuallyf(func() bool {
 		c.faradayClient, err = getFaradayClient(
-			"localhost:8465", faradayCertPath,
+			"localhost:8465", faradayCertPath, faradayMacaroonPath,
 		)
 		return err == nil
 	}, "could not connect to faraday process: %v", err)