Integration tests, unit tests, key import, github workflow - all-in-one changeset

[aakselrod]

Vault package cleanup

The first commit adds exported error variables to the vault package and uses them to replace ad-hoc error messages.

The next commit breaks up the paths function into multiple functions that can be used for unit tests in future commits.

The following commit removes redundant CreateOperation entries from the paths.

Backend tests

The next commit adds initial tests to the vault plugin backend, bringing the test coverage of the package over 50%. It doesn't exercise everything as it's difficult without deterministic test support, which will be enabled by key import in a later commit.

Key import

The following commit changes the seed length from 32 to 16 to match LND in preparation for key import support.

The commit after that moves definitions from paths.go to keys.go and backend.go, where they are used.

The next commit factors out a new function, newNode(), from createNode(). The function will be used in a later commit to import a node.

The following commit implements key import. The following is added:

• import of seedphrase with optional passphrase from existing LND node backup
• backend tests ensuring that import works correctly
• deterministic tests that use imported keys to test signing and ECDH, bringing test coverage over 80%

This fixes https://github.com/bottlepay/lndsigner/issues/3.

Keyring tests

The following commit refactors the keyring package by adding some logging statements and changing ad-hoc errors to exported error variables in preparation for tests added in a later commit.

The next commit adds unit tests to the keyring package and brings test coverage over 70% for the package. I've added #17 to follow up on additional improvements that can be made here.

Integration tests

The commit after that fixes a minor typo in a string displayed on startup.

The final commit adds integration tests. They demonstrate end-to-end functioning of the system, including:

• the vault plugin running in a dev vault
• lndsignerd instances backed by the vault
• a real lightning network of real watch-only lnd nodes running against a real regtest bitcoind, using the signers to send money on-chain and off-chain
• a new job in the github workflow to run integration and unit tests with every PR push or merge to master (can we change this branch name to main?)
• Coverage measurement for unit tests (integration test coverage to come after golang 1.20 release)
• Dockerized tests to make it easy to install binary dependencies for integration tests

I hope that this changeset gets us close to deploying in a testnet infrastructure with blind signing support. I've created the following issues to follow up on this PR: #12, #13, #14, #15, #16, #17, #18, and #19.

[joostjager]

A lot of awesome additions in this PR, great work. Commit structure has room for improvement.

[aakselrod]

I'm still working on addressing the comments but have improved commit structure in a couple of cases.

[aakselrod]

More progress, but not all there yet.

[aakselrod]

Almost there now, just need to dockerize the itests, create a docker build (#12), and add linters (#18).

[aakselrod]

Integration tests are dockerized, and I think I'm going to need @Jawshua's help to build an image and store it in a registry. I'll work on linting (#18) and unix sockets (#19) tomorrow.

[joostjager]

This is again really good. You've picked up all the remarks so well, I am impressed.

Commit structure is nice and clean now too. I don't think there is much to be done on this PR.

[joostjager]

Do you really need this mutex for anything other than the initial creation? It seems that test parallelization happens mostly after lnds has already been accessed, and also lnds is static at that point?

[aakselrod]

The tests still give me a race condition because these accesses happen from different goroutines without being gated by a mutex, even if it's technically not possible that it happens at the same time.

[aakselrod]

I've fixed this and eliminated the mutex. I'm gating API calls with a channel after watching the log file, and managing the whole command lifecycle in a separate goroutine inside waitProc.

[aakselrod]

Looks like passing t into waitProc is a bad idea. Will fix.

[aakselrod]

So the error was caused by calling t.Logf with a saved t all along. Fixed in https://github.com/bottlepay/lndsigner/compare/b1998d79e511c3bf6ceecdf829d711b6323fe512..b03297c3e6a00d67a20495218d804f98dc721d86 by replacing zap's test logger with a development logger that doesn't rely on a *testing.T.

However, this is a good sign to stop lnd and bitcoind via RPC instead of OS signal.

[aakselrod]

I've replaced the OS interrupt signal to lnd and bitcoind with a lncli stop and bitcoin-cli stop, which still ends up with the processes being killed as the main test exits, and blurting out a warning. I silenced it on signal: killed errors now, so if the daemons are too slow to shut down after the tests, we don't need to hear about it.

[joostjager]

So the error was caused by calling t.Logf with a saved t all along.

What was the root cause of this failing? t being used in a goroutine? I think that should be possible.

[joostjager]

You can un-request review and re-request when ready ready 😄

[aakselrod]

OK, now really ready for review. It was ready before, but I thought I'd try to sneak in a fix for the Unix socket issue (#19) before you got to it, and ran into a new security check that git does when building in the container, so had to fix the Dockerfile too just when you were taking a look. Sorry about that!

[jwelsh-nydig]

nitpick: we could generate TLS and macroons dynamically

[aakselrod]

I've added TLS key/cert generation in e2b734c. If you're good with this, I'll squash it into the previous commit (adding integration tests). Now I'm going to look at generating a dummy macaroon without using the macaroon libraries.

[aakselrod]

OK, I've also added dynamic macaroon generation using just manual byte slice ops in b9af6b2. If you're good with this, I'll squash it into the main integration test commit as well.

[jwelsh-nydig]

LGTM

[joostjager]

LGTM. I must say that I didn't do another full pass because of the size of the change set. For the future, I think that smaller PRs that only do a single thing are better for review efficiency. Also things like refactorings can be spun out pretty quickly, and get reviewed and merged.

[joostjager]

Maybe this todo list can be a link to the repo issues with a filter by label?

[aakselrod]

Opened #25 to do this in a separate PR so as not to delay this one any longer.

[joostjager]

make docker-test-all still fails for me at b9af6b2

go: downloading github.com/decred/dcrd/crypto/blake256 v1.0.0
go: downloading github.com/mitchellh/reflectwalk v1.0.0
go: downloading github.com/hashicorp/go-immutable-radix v1.3.1
go: downloading golang.org/x/text v0.3.7
error obtaining VCS status: exit status 128
	Use -buildvcs=false to disable VCS stamping.
error obtaining VCS status: exit status 128
	Use -buildvcs=false to disable VCS stamping.
make: *** [Makefile:50: test-all] Error 1

[joostjager]

I think you can squash the itest commits to a single one.

[aakselrod]

Done. ✔️

[aakselrod]

@joostjager @jwelsh-nydig Thank you for the reviews! Can one of you please give me an approval to merge?

[joostjager]

@aakselrod it's not very important, but still interested in #11 (comment)