rpc: Validate -rpcauth arguments

[promag]

Invalid -rpcauth arguments are currently silently ignored. This make server initialization fail if any -rpcauth is invalid.

[laanwj]

Concept ACK

As it is a end-user affecting change it needs a brief (1 line) mention in the release notes.

[ryanofsky]

Code review ACK 9860537473b160dfabb033f598848d8a60a339dc. Nice to get this better error handling and test coverage!

[maflcko]

cr ACK 9860537473b160dfabb033f598848d8a60a339dc

[jonatack]

Concept ACK

[promag]

As it is a end-user affecting change it needs a brief (1 line) mention in the release notes.

done

[maflcko]

cr ACK 35838a191f0e7a91aeeb5cf3e95b2fac022fcb04

[jonatack]

ci (unrelated, I suppose, but noting it before it's restarted)

163/195 - p2p_fingerprint.py failed, Duration: 2 s
stdout:
2020-11-23T19:08:44.357000Z TestFramework (INFO): Initializing test directory /tmp/cirrus-ci-build/ci/scratch/test_runner/test_runner_₿_🏃_20201123_184330/p2p_fingerprint_29
2020-11-23T19:08:45.474000Z TestFramework (ERROR): Assertion failed
Traceback (most recent call last):
  File "/tmp/cirrus-ci-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/test/functional/test_framework/test_framework.py", line 126, in main
    self.run_test()
  File "/tmp/cirrus-ci-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/test/functional/p2p_fingerprint.py", line 110, in run_test
    assert "block" not in node0.last_message
AssertionError

[maflcko]

Please don't restart a build without filing a bug. Either leave the failure, so that it can be found when scraping the logs with automated tools/manually, or file a bug if this is an intermittent failure. See also

If this failure happened unexpectedly or intermittently, please file a bug and provide a link or upload of the combined log. ( https://cirrus-ci.com/task/5542990686978048?command=ci#L6034 )

[jonatack]

Approach ACK 35838a191f0e7a91aeeb5cf3e95b2fac022fcb04

[promag]

Addressed @jonatack review.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• rpc: Support -rpcauthfile argument #20407 (rpc: Support -rpcauthfile argument by promag)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[jonatack]

ACK 053b4fb

[jonatack]

"now cause" should be either "now causes" or "will now cause"

[luke-jr]

Concept NACK. Additional fields is not necessarily an error.

A debug log line sounds fine.

[maflcko]

review ACK 053b4fb

[promag]

Additional fields is not necessarily an error.

@luke-jr what do you suggest? Ignore the whole argument? Just use the the first 3 fields? Not sure about the debug log since it's a sensitive value.

[practicalswift]

Concept ACK: failing swiftly and loudly is better than failing silently

[luke-jr]

what do you suggest? Ignore the whole argument?

Yes, at this startup stage. It will still fail loudly when the user attempts to authenticate later. (Maybe it would make sense to have a special error message returned for users with unrecognised configurations?)

Just use the the first 3 fields?

No, this would potentially grant permissions not intended.

Not sure about the debug log since it's a sensitive value.

The username isn't (maybe the line number if it's a rpcauthfile).

[ryanofsky]

Code review ACK 053b4fb. Only changes since last review are moving a variable declaration and adding a comment, release notes, and a const.

I think this PR looks good in it's current form. It seems to me the changes Luke is asking for would make this PR slightly worse. They'd make code more complicated and configuration problems harder to detect because errors would happen at authorization time instead of startup time. They also wouldn't seem to enable useful behavior because unrecognized options would still be rejected, just at a later time. Maybe Luke you could give an example of when the behavior you're suggesting might be useful?

I think if it comes down to a choice between Luke's more limited error reporting or no error reporting at all Luke's approach would be better. But current PR seems best, as far as I can tell

[promag]

I think Luke case is to support same conf between knots and core?

[ryanofsky]

I think Luke case is to support same conf between knots and core?

I don't understand how. What's the example situation where you would want to use the same configuration for knots and core, but have knots authorize RPC requests which core rejects? What would the requests be? Who would the users be? I can't think of a situation connected to reality where this would be useful. Just an opinion, but I think it would be good to think about specific situations where this feature could be useful before implementing it.

[promag]

@ryanofsky right, I'm just guessing.

[luke-jr]

So users don't need to swap out their rpcauth config to downgrade. This basically means people using advanced rpcauth features couldn't run Core on their system anymore without annoying additional steps...

[ryanofsky]

So users don't need to swap out their rpcauth config to downgrade. This basically means people using advanced rpcauth features couldn't run Core on their system anymore without annoying additional steps...

Ok IIUC there is no specific situation which causes a problem, just general idea to avoid overly strict validation of config options for more flexibility. I don't disagree with that and do think this could be a warning instead of an error. This all just seemed like an unlikely point of friction, so I was confused if there was more to explain the change requests and concept nack. Any followup that keeps an early error or warning seems good to me!

[promag]

Might make sense to have a -strict option for those that wish to have and keep clean configurations.