11954082915

Committed 21 Nov 2024 01:20PM UTC coverage: 59.327% (+0.6%) from 58.776%

Build # 11954082915

Build Type

Pull #8754

github

Committed by

ViktorTigerstrom

Commit Message

itest: wrap deriveCustomScopeAccounts at 80 chars

This commit fixes that word wrapping for the deriveCustomScopeAccounts
function docs, and ensures that it wraps at 80 characters or less.

Pull Request Pull Request #8754: Add `Outbound` Remote Signer implementation

Run Details

1940 of 2984 new or added lines in 44 files covered. (65.01%)

226 existing lines in 37 files now uncovered.

135234 of 227947 relevant lines covered (59.33%)

19316.75 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

26.58

/lncfg/remotesigner.go

package lncfg

import (
        "fmt"
        "time"
)

const (
        // DefaultRemoteSignerRPCTimeout is the default connection timeout
        // that is used when connecting to the remote signer or watch-only node
        // through RPC.
        DefaultRemoteSignerRPCTimeout = 5 * time.Second

        // DefaultRequestTimeout is the default timeout used for requests to and
        // from the remote signer.
        DefaultRequestTimeout = 5 * time.Second

        // DefaultStartupTimeout is the default startup timeout used when the
        // watch-only node with signerrole 'watchonly-outbound' waits for the
        // remote signer to connect.
        DefaultStartupTimeout = 5 * time.Minute

        // DefaultInboundWatchOnlyRole is the default signer role used when
        // enabling a remote signer on the watch-only node. It indicates that
        // the remote signer node allows inbound connections from the watch-only
        // node.
        DefaultInboundWatchOnlyRole = "watchonly-inbound"

        // OutboundWatchOnlyRole is a type of signer role used when enabling a
        // remote signer on the watch-only node. It indicates that the remote
        // signer node will make an outbound connection to the watch-only node
        // to connect the nodes.
        OutboundWatchOnlyRole = "watchonly-outbound"

        // OutboundSignerRole indicates that the lnd instance will act as an
        // outbound remote signer, connecting to a watch-only node that has the
        // 'watchonly-outbound' signer role set.
        OutboundSignerRole = "signer-outbound"
)

// RemoteSigner holds the configuration options for a remote RPC signer.
//
//nolint:lll
type RemoteSigner struct {
        Enable           bool          `long:"enable" description:"Use a remote signer for signing any on-chain related transactions or messages. Only recommended if local wallet is initialized as watch-only. Remote signer must use the same seed/root key as the local watch-only wallet but must have private keys. This param should not be set to true when signerrole is set to 'signer-outbound'"`
        SignerRole       string        `long:"signerrole" description:"Sets the type of remote signer to use, or signals that the node will act as a remote signer. Can be set to either 'watchonly-inbound' (default), 'watchonly-outbound' or 'signer-outbound'. 'watchonly-inbound' means that a remote signer that allows inbound connections from the watch-only node is used. 'watchonly-outbound' means that a remote signer node that makes an outbound connection to the watch-only node is used. 'signer-outbound' means the lnd instance will act as a remote signer, making an outbound connection to a watch-only node with the 'watchonly-outbound' signerrole set" choice:"watchonly-inbound" choice:"watchonly-outbound" choice:"signer-outbound"`
        RPCHost          string        `long:"rpchost" description:"The remote signer's or watch-only node's RPC host:port. For nodes which have the signerrole set to 'watchonly-inbound', this should be set to the remote signer node's RPC host:port. For nodes which have the signerrole set to 'signer-outbound', this should be set to the watch-only node's RPC host:port. This param should not be set when signerrole is set to 'watchonly-outbound'"`
        MacaroonPath     string        `long:"macaroonpath" description:"The macaroon to use for authenticating with the remote signer or the watch-only node. For nodes which have the signerrole set to 'watchonly-inbound', this should be set to the remote signer node's macaroon. For nodes which have the signerrole set to 'signer-outbound', this should be set to the watch-only node's macaroon. This param should not be set when signerrole is set to 'watchonly-outbound'"`
        TLSCertPath      string        `long:"tlscertpath" description:"The TLS certificate to use for establishing the remote signer's or watch-only node's identity. For nodes which have the signerrole set to 'watchonly-inbound', this should be set to the remote signer node's TLS certificate. For nodes which have the signerrole set to 'signer-outbound', this should be set to the watch-only node's TLS certificate. This param should not be set when signerrole is set to 'watchonly-outbound'"`
        Timeout          time.Duration `long:"timeout" description:"The timeout for making the connection to the remote signer or watch-only node, depending on whether the node acts as a watch-only node or a signer. Valid time units are {s, m, h}"`
        RequestTimeout   time.Duration `long:"requesttimeout" description:"The time we will wait when making requests to the remote signer or watch-only node, depending on whether the node acts as a watch-only node or a signer. This parameter will have no effect if signerrole is set to 'watchonly-inbound'. Valid time units are {s, m, h}."`
        StartupTimeout   time.Duration `long:"startuptimeout" description:"The time a watch-only node (with signerrole set to 'watchonly-outbound') will wait for the remote signer to connect during startup. If the timeout expires before the remote signer connects, the watch-only node will shut down. This parameter has no effect if 'signerrole' is not set to 'watchonly-outbound'. Valid time units are {s, m, h}."`
        MigrateWatchOnly bool          `long:"migrate-wallet-to-watch-only" description:"If a wallet with private key material already exists, migrate it into a watch-only wallet on first startup. WARNING: This cannot be undone! Make sure you have backed up your seed before you use this flag! All private keys will be purged from the wallet after first unlock with this flag!"`
}

// Validate checks the values configured for our remote RPC signer.
func (r *RemoteSigner) Validate() error {
        if r.Timeout < time.Millisecond {
                return fmt.Errorf("remote signer: timeout of %v is invalid, "+
                        "cannot be smaller than %v", r.Timeout,
                        time.Millisecond)
        }

        if r.RequestTimeout < time.Second {
                return fmt.Errorf("remote signer: requesttimeout of %v is "+
                        "invalid, cannot be smaller than %v",
                        r.Timeout, time.Second)
        }

        if r.StartupTimeout < time.Second {
                return fmt.Errorf("remote signer: startuptimeout of %v is "+
                        "invalid, cannot be smaller than %v",
                        r.Timeout, time.Second)
        }

        if r.MigrateWatchOnly && !r.Enable {
                return fmt.Errorf("remote signer: cannot turn on wallet " +
                        "migration to watch-only if remote signing is not " +
                        "enabled")
        }

        if r.SignerRole == OutboundSignerRole && r.Enable {
                return fmt.Errorf("remote signer: do not set " +
                        "remotesigner.enable when signerrole is set to " +
                        "'signer-outbound'")
        }

        if r.SignerRole == OutboundSignerRole && r.RPCHost == "" {
                return fmt.Errorf("remote signer: the rpchost for the " +
                        "watch-only node must be set when the node acts as " +
                        "an outbound remote signer")
        }

        if r.SignerRole == OutboundSignerRole && r.MacaroonPath == "" {
                return fmt.Errorf("remote signer: the macaroonpath for the " +
                        "watch-only node must be set when the node acts as " +
                        "an outbound remote signer")
        }

        if r.SignerRole == OutboundSignerRole && r.TLSCertPath == "" {
                return fmt.Errorf("remote signer: the tlscertpath for the " +
                        "watch-only node must be set when the node acts as " +
                        "an outbound remote signer")
        }

        if !r.Enable {
                return nil
        }

        if r.SignerRole == DefaultInboundWatchOnlyRole && r.RPCHost == "" {
                return fmt.Errorf("remote signer: the rpchost for the remote " +
                        "signer should be set when using an inbound remote " +
                        "signer")
        }

        if r.SignerRole == DefaultInboundWatchOnlyRole &&
                r.MacaroonPath == "" {

                return fmt.Errorf("remote signer: the macaroonpath for the " +
                        "remote signer should be set when using an inbound " +
                        "remote signer")
        }

        if r.SignerRole == DefaultInboundWatchOnlyRole &&
                r.TLSCertPath == "" {

                return fmt.Errorf("remote signer: the tlscertpath for the " +
                        "remote signer should be set when using an inbound " +
                        "remote signer")
        }

        if r.SignerRole == OutboundWatchOnlyRole && r.RPCHost != "" {
                return fmt.Errorf("remote signer: the rpchost for the remote " +
                        "signer should not be set if the signerrole is set " +
                        "to 'watchonly-outbound'")
        }

        if r.SignerRole == OutboundWatchOnlyRole && r.MacaroonPath != "" {
                return fmt.Errorf("remote signer: the macaroonpath for the " +
                        "remote signer should not be set if the signerrole " +
                        "is set to 'watchonly-outbound'")
        }

        if r.SignerRole == OutboundWatchOnlyRole && r.TLSCertPath != "" {
                return fmt.Errorf("remote signer: the tlscertpath for the " +
                        "remote signer not be set if the signerrole " +
                        "is set to 'watchonly-outbound'")
        }

        return nil
}

1	package lncfg
2
3	import (
4	"fmt"
5	"time"
6	)
7
8	const (
9	// DefaultRemoteSignerRPCTimeout is the default connection timeout
10	// that is used when connecting to the remote signer or watch-only node
11	// through RPC.
12	DefaultRemoteSignerRPCTimeout = 5 * time.Second
13
14	// DefaultRequestTimeout is the default timeout used for requests to and
15	// from the remote signer.
16	DefaultRequestTimeout = 5 * time.Second
17
18	// DefaultStartupTimeout is the default startup timeout used when the
19	// watch-only node with signerrole 'watchonly-outbound' waits for the
20	// remote signer to connect.
21	DefaultStartupTimeout = 5 * time.Minute
22
23	// DefaultInboundWatchOnlyRole is the default signer role used when
24	// enabling a remote signer on the watch-only node. It indicates that
25	// the remote signer node allows inbound connections from the watch-only
26	// node.
27	DefaultInboundWatchOnlyRole = "watchonly-inbound"
28
29	// OutboundWatchOnlyRole is a type of signer role used when enabling a
30	// remote signer on the watch-only node. It indicates that the remote
31	// signer node will make an outbound connection to the watch-only node
32	// to connect the nodes.
33	OutboundWatchOnlyRole = "watchonly-outbound"
34
35	// OutboundSignerRole indicates that the lnd instance will act as an
36	// outbound remote signer, connecting to a watch-only node that has the
37	// 'watchonly-outbound' signer role set.
38	OutboundSignerRole = "signer-outbound"
39	)
40
41	// RemoteSigner holds the configuration options for a remote RPC signer.
42	//
43	//nolint:lll
44	type RemoteSigner struct {
45	Enable bool `long:"enable" description:"Use a remote signer for signing any on-chain related transactions or messages. Only recommended if local wallet is initialized as watch-only. Remote signer must use the same seed/root key as the local watch-only wallet but must have private keys. This param should not be set to true when signerrole is set to 'signer-outbound'"`
46	SignerRole string `long:"signerrole" description:"Sets the type of remote signer to use, or signals that the node will act as a remote signer. Can be set to either 'watchonly-inbound' (default), 'watchonly-outbound' or 'signer-outbound'. 'watchonly-inbound' means that a remote signer that allows inbound connections from the watch-only node is used. 'watchonly-outbound' means that a remote signer node that makes an outbound connection to the watch-only node is used. 'signer-outbound' means the lnd instance will act as a remote signer, making an outbound connection to a watch-only node with the 'watchonly-outbound' signerrole set" choice:"watchonly-inbound" choice:"watchonly-outbound" choice:"signer-outbound"`
47	RPCHost string `long:"rpchost" description:"The remote signer's or watch-only node's RPC host:port. For nodes which have the signerrole set to 'watchonly-inbound', this should be set to the remote signer node's RPC host:port. For nodes which have the signerrole set to 'signer-outbound', this should be set to the watch-only node's RPC host:port. This param should not be set when signerrole is set to 'watchonly-outbound'"`
48	MacaroonPath string `long:"macaroonpath" description:"The macaroon to use for authenticating with the remote signer or the watch-only node. For nodes which have the signerrole set to 'watchonly-inbound', this should be set to the remote signer node's macaroon. For nodes which have the signerrole set to 'signer-outbound', this should be set to the watch-only node's macaroon. This param should not be set when signerrole is set to 'watchonly-outbound'"`
49	TLSCertPath string `long:"tlscertpath" description:"The TLS certificate to use for establishing the remote signer's or watch-only node's identity. For nodes which have the signerrole set to 'watchonly-inbound', this should be set to the remote signer node's TLS certificate. For nodes which have the signerrole set to 'signer-outbound', this should be set to the watch-only node's TLS certificate. This param should not be set when signerrole is set to 'watchonly-outbound'"`
50	Timeout time.Duration `long:"timeout" description:"The timeout for making the connection to the remote signer or watch-only node, depending on whether the node acts as a watch-only node or a signer. Valid time units are {s, m, h}"`
51	RequestTimeout time.Duration `long:"requesttimeout" description:"The time we will wait when making requests to the remote signer or watch-only node, depending on whether the node acts as a watch-only node or a signer. This parameter will have no effect if signerrole is set to 'watchonly-inbound'. Valid time units are {s, m, h}."`
52	StartupTimeout time.Duration `long:"startuptimeout" description:"The time a watch-only node (with signerrole set to 'watchonly-outbound') will wait for the remote signer to connect during startup. If the timeout expires before the remote signer connects, the watch-only node will shut down. This parameter has no effect if 'signerrole' is not set to 'watchonly-outbound'. Valid time units are {s, m, h}."`
53	MigrateWatchOnly bool `long:"migrate-wallet-to-watch-only" description:"If a wallet with private key material already exists, migrate it into a watch-only wallet on first startup. WARNING: This cannot be undone! Make sure you have backed up your seed before you use this flag! All private keys will be purged from the wallet after first unlock with this flag!"`
54	}
55
56	// Validate checks the values configured for our remote RPC signer.
57	func (r *RemoteSigner) Validate() error {	4✔
58	if r.Timeout < time.Millisecond {	4✔
UNCOV 59	return fmt.Errorf("remote signer: timeout of %v is invalid, "+	×
60	"cannot be smaller than %v", r.Timeout,	×
61	time.Millisecond)	×
62	}	×
63
64	if r.RequestTimeout < time.Second {	4✔
NEW 65	return fmt.Errorf("remote signer: requesttimeout of %v is "+	×
NEW 66	"invalid, cannot be smaller than %v",	×
NEW 67	r.Timeout, time.Second)	×
NEW 68	}	×
69
70	if r.StartupTimeout < time.Second {	4✔
NEW 71	return fmt.Errorf("remote signer: startuptimeout of %v is "+	×
NEW 72	"invalid, cannot be smaller than %v",	×
NEW 73	r.Timeout, time.Second)	×
NEW 74	}	×
75
76	if r.MigrateWatchOnly && !r.Enable {	4✔
77	return fmt.Errorf("remote signer: cannot turn on wallet " +	×
78	"migration to watch-only if remote signing is not " +	×
79	"enabled")	×
80	}	×
81
82	if r.SignerRole == OutboundSignerRole && r.Enable {	4✔
NEW 83	return fmt.Errorf("remote signer: do not set " +	×
NEW 84	"remotesigner.enable when signerrole is set to " +	×
NEW 85	"'signer-outbound'")	×
NEW 86	}	×
87
88	if r.SignerRole == OutboundSignerRole && r.RPCHost == "" {	4✔
NEW 89	return fmt.Errorf("remote signer: the rpchost for the " +	×
NEW 90	"watch-only node must be set when the node acts as " +	×
NEW 91	"an outbound remote signer")	×
NEW 92	}	×
93
94	if r.SignerRole == OutboundSignerRole && r.MacaroonPath == "" {	4✔
NEW 95	return fmt.Errorf("remote signer: the macaroonpath for the " +	×
NEW 96	"watch-only node must be set when the node acts as " +	×
NEW 97	"an outbound remote signer")	×
NEW 98	}	×
99
100	if r.SignerRole == OutboundSignerRole && r.TLSCertPath == "" {	4✔
NEW 101	return fmt.Errorf("remote signer: the tlscertpath for the " +	×
NEW 102	"watch-only node must be set when the node acts as " +	×
NEW 103	"an outbound remote signer")	×
NEW 104	}	×
105
106	if !r.Enable {	8✔
107	return nil	4✔
108	}	4✔
109
110	if r.SignerRole == DefaultInboundWatchOnlyRole && r.RPCHost == "" {	4✔
NEW 111	return fmt.Errorf("remote signer: the rpchost for the remote " +	×
NEW 112	"signer should be set when using an inbound remote " +	×
NEW 113	"signer")	×
NEW 114	}	×
115
116	if r.SignerRole == DefaultInboundWatchOnlyRole &&	4✔
117	r.MacaroonPath == "" {	4✔
NEW 118		×
NEW 119	return fmt.Errorf("remote signer: the macaroonpath for the " +	×
NEW 120	"remote signer should be set when using an inbound " +	×
NEW 121	"remote signer")	×
NEW 122	}	×
123
124	if r.SignerRole == DefaultInboundWatchOnlyRole &&	4✔
125	r.TLSCertPath == "" {	4✔
NEW 126		×
NEW 127	return fmt.Errorf("remote signer: the tlscertpath for the " +	×
NEW 128	"remote signer should be set when using an inbound " +	×
NEW 129	"remote signer")	×
NEW 130	}	×
131
132	if r.SignerRole == OutboundWatchOnlyRole && r.RPCHost != "" {	4✔
NEW 133	return fmt.Errorf("remote signer: the rpchost for the remote " +	×
NEW 134	"signer should not be set if the signerrole is set " +	×
NEW 135	"to 'watchonly-outbound'")	×
NEW 136	}	×
137
138	if r.SignerRole == OutboundWatchOnlyRole && r.MacaroonPath != "" {	4✔
NEW 139	return fmt.Errorf("remote signer: the macaroonpath for the " +	×
NEW 140	"remote signer should not be set if the signerrole " +	×
NEW 141	"is set to 'watchonly-outbound'")	×
NEW 142	}	×
143
144	if r.SignerRole == OutboundWatchOnlyRole && r.TLSCertPath != "" {	4✔
NEW 145	return fmt.Errorf("remote signer: the tlscertpath for the " +	×
NEW 146	"remote signer not be set if the signerrole " +	×
NEW 147	"is set to 'watchonly-outbound'")	×
NEW 148	}	×
149
150	return nil	4✔
151	}

lightningnetwork / lnd / 11954082915

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous