lncli: add command to create new macaroon #1160
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This one actually conflicts with #1147 Would it make sense to make this into one common PR? Or merge one, then rebase/fix conflicts after that? |
|
If either of the two PRs is merged, I'll rebase the other one. The functionality should not conflict, both commands have their usefulness IMO, even if there is overlap in some of the command arguments. |
guggero
force-pushed
the
new-macaroon
branch
6 times, most recently
from
898a08e
to
de4c7ca
Compare
guggero
force-pushed
the
new-macaroon
branch
3 times, most recently
from
4e4cca6
to
0cd3c8a
Compare
guggero
force-pushed
the
new-macaroon
branch
2 times, most recently
from
140edb9
to
2d79147
Compare
guggero
force-pushed
the
new-macaroon
branch
2 times, most recently
from
5c0a41f
to
798db9c
Compare
guggero
force-pushed
the
new-macaroon
branch
3 times, most recently
from
f829b7e
to
b04419a
Compare
guggero
force-pushed
the
new-macaroon
branch
2 times, most recently
from
850f64b
to
6fbc5b7
Compare
guggero
force-pushed
the
new-macaroon
branch
2 times, most recently
from
ca7c476
to
e17108b
Compare
Roasbeef
added
P3
joostjager
reviewed
Oct 23, 2019
joostjager
reviewed
Oct 23, 2019
joostjager
reviewed
Oct 23, 2019
joostjager
reviewed
Oct 23, 2019
wpaulino
approved these changes
Oct 23, 2019
wpaulino
suggested changes
Oct 23, 2019
|
@Roasbeef asked me to rename the service to |
joostjager
approved these changes
Oct 24, 2019
wpaulino
approved these changes
Oct 24, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed in #1147 there is a need to create macaroons with custom permissions set since the three existing macaroon files
admin.macaroon,invoice.macaroonandreadonly.macaroonaren't fine-grained enough.A new gRPC method named
NewMacaroonis added:macaroon(could be used for macaroon based RPCs mentioned in Add support for accounting-based macaroons #291 too).writeaccess to the entity macaroon is necessary to call the method NewMacaroon.admin.macaroongetswriteaccess to the entitymacaroon.newmacaroonthat calls this gRPC method.NewMacaroonmethod a list of entity/action pairs for the allowed operations can be passed.Example:
lncli newmacaroon --permission=invoices/write --permission=invoices/read --save_to=~/.lnd/custom-invoice.macaroon --timeout=10Creates a macaroon that is valid for reading and writing invoices during the next 10 seconds.
Closes #283, #1147, #3516.
NOTE for release notes: Users will need to delete or move their
admin.macaroon,readonly.macaroonandinvoices.macaroonbefore starting0.9, otherwise they won't get regenerated macaroons that have the required permission (macaroon:generate) to mint custom macaroons.