rfq: add macaroon option for price oracle authentication

[jtobin]

Resolves #1370.

Adds support to tapd for macaroon authentication with a price oracle. This is based on (and requires) #1775, and simply adds the requisite plumbing in the appropriate places.

[gemini-code-assist]

Summary of Changes

Hello @jtobin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly upgrades the security and flexibility of how the tapd daemon connects to external price oracles for its Request-for-Quote (RFQ) functionality. It introduces a robust macaroon-based authentication mechanism, allowing for delegated and conditional access to oracle services. Complementing this, the PR provides comprehensive configuration options for TLS, enabling users to fine-tune security parameters like certificate verification and custom CAs. The underlying connection establishment code has been refactored to support these new features in a clean and maintainable way, ensuring secure and reliable communication with price oracles.

Highlights

• Macaroon Authentication for Price Oracles: Introduced support for macaroon-based authentication when connecting to price oracles, enhancing security for RFQ (Request-for-Quote) operations. A new configuration option, experimental.rfq.priceoraclemacaroonpath, allows specifying the path to the macaroon file.
• Refactored Price Oracle Connection Logic: The internal logic for establishing connections to price oracles has been significantly refactored to centralize and streamline the handling of TLS and macaroon authentication. This includes new dedicated modules (rfq/tls.go and rfq/macaroon.go) for modularity and testability.
• Enhanced TLS Configuration Options: Added granular control over TLS settings for price oracle connections, including options to disable TLS, skip certificate verification, disable system root CAs, and specify custom certificate paths. These are exposed via new experimental.rfq.priceoracle* configuration flags.
• Configuration Validation: Implemented validation to ensure that macaroon authentication is only enabled when TLS is also active, preventing insecure configurations.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docs/release-notes/release-notes-0.8.0.md
  • Added release notes detailing the new price oracle TLS verification (PR#1775) and macaroon authentication (PR#1978) features.
  • Updated a configuration option name in the breaking changes section for clarity.
• itest/tapd_harness.go
  • Modified integration test harness to explicitly disable TLS certificate verification (PriceOracleTLSInsecure = true) when an oracle server address is provided, simplifying test setup.
• rfq/cli.go
  • Introduced new CLI configuration options for price oracle TLS settings: PriceOracleTLSDisable, PriceOracleTLSInsecure, PriceOracleTLSNoSystemCAs, and PriceOracleTLSCertPath.
  • Added PriceOracleMacaroonPath CLI option to specify the path to a macaroon file for authentication.
  • Implemented validation logic to ensure that PriceOracleMacaroonPath cannot be used if PriceOracleTLSDisable is set, as macaroons require transport security.
• rfq/macaroon.go
  • New file: Implemented NewMacaroonDialOption function to read a macaroon from disk and create a gRPC DialOption for per-RPC credentials.
• rfq/macaroon_test.go
  • New file: Added unit tests for the NewMacaroonDialOption function, covering valid, nonexistent, and invalid macaroon file scenarios.
• rfq/oracle.go
  • Refactored the NewRpcPriceOracle function to accept a TLSConfig struct and an optional grpc.DialOption for macaroons, centralizing the connection setup logic.
  • Removed deprecated helper functions for TLS dial options (serverDialOpts, insecureServerDialOpts).
  • Integrated gRPC keepalive parameters directly into NewRpcPriceOracle for consistent connection health probing.
• rfq/oracle_test.go
  • Updated calls to NewRpcPriceOracle in tests to conform to the new function signature, utilizing a new insecureTLS() helper for test configurations.
• rfq/tls.go
  • New file: Defined TLSConfig struct to encapsulate all TLS configuration options for oracle connections.
  • Implemented configureTransportCredentials function to create gRPC TransportCredentials based on the provided TLSConfig.
  • Provided constructCertPool helper for managing system and custom root CA certificates.
• rfq/tls_test.go
  • New file: Added comprehensive unit tests for the configureTransportCredentials function, covering various TLS configurations.
• sample-tapd.conf
  • Updated the sample configuration file with documentation and examples for the newly introduced experimental.rfq.priceoracle* TLS and macaroon options.
• tapcfg/config.go
  • Added new default constants for price oracle TLS configuration options.
  • Modified ExperimentalConfig.CleanAndValidate to expand file paths for PriceOracleTLSCertPath and PriceOracleMacaroonPath.
  • Updated DefaultConfig to initialize the new price oracle TLS options with their default values.
  • Introduced getPriceOracleTLSConfig and getPriceOracleMacaroonOpt functions to parse and prepare TLS and macaroon configurations from the rfq.CliConfig.
• tapcfg/server.go
  • Updated genServerConfig to utilize the new getPriceOracleTLSConfig and getPriceOracleMacaroonOpt functions when initializing the RpcPriceOracle instance.

Activity

• The pull request introduces macaroon authentication for price oracles, building upon recent TLS enhancements to secure communication.
• It involves a significant refactoring of the price oracle connection setup, centralizing TLS and authentication logic into new, dedicated modules.
• New command-line interface (CLI) options have been added to tapd for users to configure detailed TLS settings and specify macaroon paths.
• Comprehensive unit tests have been added for both the new macaroon handling and the refactored TLS configuration.
• Release notes and the sample configuration file have been updated to reflect these new features and options.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully adds support for macaroon authentication with the price oracle. The changes are well-structured, with new functionality for handling macaroons and TLS configuration neatly encapsulated in their own files (rfq/macaroon.go, rfq/tls.go). The addition of validation to ensure macaroons are only used with TLS enabled is a good security measure. The test coverage for the new components is thorough. The refactoring of rfq.NewRpcPriceOracle to accept TLS and macaroon options makes the code cleaner and more modular. Overall, this is a high-quality contribution. I have one minor suggestion regarding a comment in the sample configuration file for improved clarity.

[coveralls]

Pull Request Test Coverage Report for Build 21947686123

Details

• 28 of 46 (60.87%) changed or added relevant lines in 5 files are covered.
• 97 unchanged lines in 18 files lost coverage.
• Overall coverage decreased (-0.05%) to 56.463%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
rfq/oracle.go	3	5	60.0%
rfq/cli.go	1	4	25.0%
rfq/macaroon.go	14	17	82.35%
tapcfg/server.go	3	6	50.0%
tapcfg/config.go	7	14	50.0%

Files with Coverage Reduction	New Missed Lines	%
commitment/tap.go	1	85.65%
fn/context_guard.go	1	91.94%
address/mock.go	2	96.2%
fn/iter.go	2	62.07%
rfqmsg/records.go	2	71.29%
tapdb/mssmt.go	2	90.45%
tapdb/universe_federation.go	2	88.55%
mssmt/compacted_tree.go	4	77.65%
tapdb/sqlc/transfers.sql.go	4	82.65%
tapdb/universe.go	4	80.58%

Totals
Change from base Build 21944920645:	-0.05%
Covered Lines:	67244
Relevant Lines:	119093

---

💛 - Coveralls

[jtobin]

(Note that the lit itest failure in CI is fixed by lightninglabs/lightning-terminal#1190.)

[darioAnongba]

Only need to address the Gemini comment.