itest: test custom permissions
This commit is contained in:
parent
decd2d975c
commit
295bd44fea
@ -145,6 +145,56 @@ func testMacaroonAuthentication(net *lntest.NetworkHarness, t *harnessTest) {
|
|||||||
require.NoError(t, err, "get new address")
|
require.NoError(t, err, "get new address")
|
||||||
assert.Contains(t, res.Address, "bcrt1")
|
assert.Contains(t, res.Address, "bcrt1")
|
||||||
},
|
},
|
||||||
|
}, {
|
||||||
|
// Seventh test: Bake a macaroon that can only access exactly
|
||||||
|
// two RPCs and make sure it works as expected.
|
||||||
|
name: "custom URI permissions",
|
||||||
|
run: func(ctxt context.Context, t *testing.T) {
|
||||||
|
entity := macaroons.PermissionEntityCustomURI
|
||||||
|
req := &lnrpc.BakeMacaroonRequest{
|
||||||
|
Permissions: []*lnrpc.MacaroonPermission{{
|
||||||
|
Entity: entity,
|
||||||
|
Action: "/lnrpc.Lightning/GetInfo",
|
||||||
|
}, {
|
||||||
|
Entity: entity,
|
||||||
|
Action: "/lnrpc.Lightning/List" +
|
||||||
|
"Permissions",
|
||||||
|
}},
|
||||||
|
}
|
||||||
|
bakeRes, err := testNode.BakeMacaroon(ctxt, req)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
// Create a connection that uses the custom macaroon.
|
||||||
|
customMacBytes, err := hex.DecodeString(
|
||||||
|
bakeRes.Macaroon,
|
||||||
|
)
|
||||||
|
require.NoError(t, err)
|
||||||
|
customMac := &macaroon.Macaroon{}
|
||||||
|
err = customMac.UnmarshalBinary(customMacBytes)
|
||||||
|
require.NoError(t, err)
|
||||||
|
cleanup, client := macaroonClient(
|
||||||
|
t, testNode, customMac,
|
||||||
|
)
|
||||||
|
defer cleanup()
|
||||||
|
|
||||||
|
// Call GetInfo which should succeed.
|
||||||
|
_, err = client.GetInfo(ctxt, infoReq)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
// Call ListPermissions which should also succeed.
|
||||||
|
permReq := &lnrpc.ListPermissionsRequest{}
|
||||||
|
permRes, err := client.ListPermissions(ctxt, permReq)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Greater(
|
||||||
|
t, len(permRes.MethodPermissions), 10,
|
||||||
|
"permissions",
|
||||||
|
)
|
||||||
|
|
||||||
|
// Try NewAddress which should be denied.
|
||||||
|
_, err = client.NewAddress(ctxt, newAddrReq)
|
||||||
|
require.Error(t, err)
|
||||||
|
require.Contains(t, err.Error(), "permission denied")
|
||||||
|
},
|
||||||
}}
|
}}
|
||||||
|
|
||||||
for _, tc := range testCases {
|
for _, tc := range testCases {
|
||||||
|
@ -208,7 +208,7 @@
|
|||||||
<time> [ERR] RPCS: WS: error closing upgraded conn: write tcp4 <ip>-><ip>: write: connection reset by peer
|
<time> [ERR] RPCS: WS: error closing upgraded conn: write tcp4 <ip>-><ip>: write: connection reset by peer
|
||||||
<time> [ERR] NTFN: chain notifier shutting down
|
<time> [ERR] NTFN: chain notifier shutting down
|
||||||
<time> [ERR] NTFN: Failed getting UTXO: get utxo request cancelled
|
<time> [ERR] NTFN: Failed getting UTXO: get utxo request cancelled
|
||||||
<time> [ERR] RPCS: [/lnrpc.Lightning/BakeMacaroon]: invalid permission action. supported actions are [read write generate], supported entities are [onchain offchain address message peers info invoices signer macaroon]
|
<time> [ERR] RPCS: [/lnrpc.Lightning/BakeMacaroon]: invalid permission action. supported actions are [read write generate], supported entities are [onchain offchain address message peers info invoices signer macaroon uri]
|
||||||
<time> [ERR] RPCS: [/lnrpc.Lightning/BakeMacaroon]: invalid permission entity. supported actions are [read write generate], supported entities are [onchain offchain address message peers info invoices signer macaroon]
|
<time> [ERR] RPCS: [/lnrpc.Lightning/BakeMacaroon]: invalid permission entity. supported actions are [read write generate], supported entities are [onchain offchain address message peers info invoices signer macaroon uri]
|
||||||
<time> [ERR] RPCS: [/lnrpc.Lightning/BakeMacaroon]: permission list cannot be empty. specify at least one action/entity pair. supported actions are [read write generate], supported entities are [onchain offchain address message peers info invoices signer macaroon]
|
<time> [ERR] RPCS: [/lnrpc.Lightning/BakeMacaroon]: permission list cannot be empty. specify at least one action/entity pair. supported actions are [read write generate], supported entities are [onchain offchain address message peers info invoices signer macaroon uri]
|
||||||
<time> [ERR] RPCS: [/lnrpc.Lightning/DeleteMacaroonID]: the specified ID cannot be deleted
|
<time> [ERR] RPCS: [/lnrpc.Lightning/DeleteMacaroonID]: the specified ID cannot be deleted
|
||||||
|
Loading…
Reference in New Issue
Block a user