[tests] Use cookie auth instead of rpcuser and rpcpassword #10533
Conversation
There was a problem hiding this comment.
can be written as os.path.join(datadir, "regtest", ".cookie") (and elsewhere)
achow101
force-pushed
the
tests-use-cookie-auth
branch
2 times, most recently
from
01e186b to
5d26d02
Compare
test/functional/p2p-segwit.py
Outdated
There was a problem hiding this comment.
Would a node = self.nodes[node_id] work as well?
There was a problem hiding this comment.
It would, but I don't see why that would be any better.
|
Agree on doing this by default. I do think we should keep one regression test around for rpcuser/rpcpasswd as long as that functionality is still supported, though. |
achow101
force-pushed
the
tests-use-cookie-auth
branch
from
5d26d02 to
aec5644
Compare
|
I added a test for rpcuser and rpcpassword. |
|
utACK; the first two commits should probably be squashed together |
|
Concept ACK, though the pruning.py test fails for me -- I assume it needs an update similar to p2p-segwit.py. |
jnewbery
left a comment
jnewbery
left a comment
There was a problem hiding this comment.
Concept ACK. It definitely makes sense to have our test framework use the mainline expected authentication method (and have a regression test for username/password as before).
However, I'd very much prefer if this happens after #10082. That introduces a TestNode class that will encapsulate all the properties and state for a node under test. I think that makes the test framework a lot clearer and prevents having to pass variables into functions in utils.py.
I've added a few review comments inline.
There was a problem hiding this comment.
This should be a debug log (logger.debug())
There was a problem hiding this comment.
that's a mistake from my earlier debugging. removed.
There was a problem hiding this comment.
Perhaps assert if there are multiple "rpcuser=" lines? Same for "rpcpassword=" lines
test/functional/multi_rpc.py
Outdated
There was a problem hiding this comment.
It'd be better to assert directly on the status, ie:
assert_equal(resp.status, 200)
test/functional/multi_rpc.py
Outdated
There was a problem hiding this comment.
Better to assert directly on the status, ie:
assert_equal(resp.status, 401)
This will cause the received status to be written out in the assert if the assert fails.
test/functional/multi_rpc.py
Outdated
There was a problem hiding this comment.
Recommend that you add some unicode characters to the username/password to test that we don't regress unicode support at some point.
There was a problem hiding this comment.
Yes, this was the reason why we use the funny unicode characters in the rpcuser/pass in the current code. It needs to be tested at some point.
Since rpcuser and rpcpassword are now deprecated, replace them with cookie auth. Fix test failures with cookie auth
achow101
force-pushed
the
tests-use-cookie-auth
branch
5 times, most recently
from
3e5840a to
9d3b314
Compare
achow101
force-pushed
the
tests-use-cookie-auth
branch
from
9d3b314 to
3ec5ad8
Compare
|
utACK 3ec5ad8 |
| def rpc_url(i, rpchost=None): | ||
| rpc_u, rpc_p = rpc_auth_pair(i) | ||
| def get_auth_cookie(datadir, n): | ||
| if os.path.isfile(os.path.join(datadir, "regtest", ".cookie")): |
There was a problem hiding this comment.
I think you can not check for the cookie file first. This file is always created and thus, the code in the else block is dead code.
You might want to check for rpcuser first?
| if line.startswith("rpcpassword="): | ||
| assert password is None # Ensure that there is only one rpcpassword line | ||
| password = line.split("=")[1].strip("\n") | ||
| if user is None and password is None: |
test/functional/p2p-segwit.py
Outdated
| self.test_non_standard_witness() | ||
| sync_blocks(self.nodes) | ||
| self.test_upgrade_after_activation(self.nodes[2], 2) | ||
| self.test_upgrade_after_activation(2) |
There was a problem hiding this comment.
Please name primitive types. If you don't want to clutter the scope with variable names, you could always just use named args.
Better to check that rpcuser and rpcpassword exist then to check for the cookie in the test framework. Name an argument for consistency in p2p-segwit.py
|
Addressed @MarcoFalke's comments |
| password = split_userpass[1] | ||
| if user is None or password is None: | ||
| raise ValueError("No RPC credentials") | ||
| return user, password |
There was a problem hiding this comment.
I still don't understand how this could pass travis. As mentioned earlier, the .cookie file is always created, even when rpcuser, rpcpassword is in the bitcoin.conf. Thus, the current function should always "fall through" to read the cookie file (even if the rpcuser and rpcpassword was read). Maybe travis has just slow IO and the cookie is not yet created, but we shouldn't rely on this hardware detail for the test to pass.
I'd suggest you move the return statement into each body of the if blocks.
Specifically,
with open('conf'):
for line in f:
# Read user and password ...
if user is None or password is None:
raise ValueError("No RPC credentials")
return user, password
# ...
with open('cookie'):
# Read and split
return split_userpass[0], split_userpass[1]There was a problem hiding this comment.
The .cookie file is never created if rpcuser and rpcpassword are specified in the .conf file. You can check the behavior yourself. All of the tests pass locally for me too.
There was a problem hiding this comment.
Guess you are right. I must have messed up something locally when testing this. Let me check ...
There was a problem hiding this comment.
Sorry, I thought that only specifying rpcuser in the conf is enough for authentication, when in fact only specifying rpcpassword is enough. Cf.
Line 226 in 1ad3d4e
So your previous code is right.
|
Please squash after addressing my feedback. |
|
Tested ACK 3ec5ad8 (not current HEAD) |
279fde5 Check for rpcuser/rpcpassword first then for cookie (Andrew Chow) 3ec5ad8 Add test for rpcuser/rpcpassword (Andrew Chow) c53c983 Replace cookie auth in tests (Andrew Chow) Tree-SHA512: 21efb84c87080a895cac8a7fe4766738c34eebe9686c7d10af1bf91ed4ae422e2d5dbbebffd00d34744eb6bb2d0195ea3aca86deebf085bbdeeb1d8b474241ed
…pcpassword 279fde5 Check for rpcuser/rpcpassword first then for cookie (Andrew Chow) 3ec5ad8 Add test for rpcuser/rpcpassword (Andrew Chow) c53c983 Replace cookie auth in tests (Andrew Chow) Tree-SHA512: 21efb84c87080a895cac8a7fe4766738c34eebe9686c7d10af1bf91ed4ae422e2d5dbbebffd00d34744eb6bb2d0195ea3aca86deebf085bbdeeb1d8b474241ed
8817d76 Add config changes to release notes (random-zebra) 988d428 [tests] Unit tests for -testnet/-regtest in [test]/[regtest] sections (Anthony Towns) 7b72630 ArgsManager: special handling for -regtest and -testnet (Anthony Towns) 51c4aa1 [tests] Unit tests for network-specific config entries (Anthony Towns) 30f3bab ArgsManager: Warn when ignoring network-specific config setting (Anthony Towns) 1bddffe ArgsManager: limit some options to only apply on mainnet when in default section (Anthony Towns) ef505ea [Tests] Fix and re-activate rpc_users.py functional test (random-zebra) 0eacce7 [RPC] Add rpcauth startup flag for multiple RPC users (random-zebra) e79ff3c [Tests] Fix and re-activate feature_config_args functional test (random-zebra) 3fcaaa4 Replace cookie auth in tests (random-zebra) b907f33 rpc: Generate auth cookie in hex instead of base64 (random-zebra) bf443a9 [tests] Use regtest section in functional tests configs (Anthony Towns) 7857bcd [tests] Unit tests for config file sections (Anthony Towns) 4cf2ee6 ArgsManager: support config file sections (Anthony Towns) 2658771 ArgsManager: drop m_negated_args (Anthony Towns) 4ee69b5 ArgsManager: keep command line and config file arguments separate (random-zebra) 4f416b8 [tests] Add additional unit tests for -nofoo edge cases (Anthony Towns) 5d1200b [tests] Check GetChainName works with config entries (Anthony Towns) 157da7c [tests] Add unit tests for ReadConfigStream (Anthony Towns) 23a4633 ReadConfigStream: assume the stream is good (Anthony Towns) 56ea59e Separate out ReadConfigStream from ReadConfigFile (Anthony Towns) a3438a2 Test datadir in conf file exists (MeshCollider) 459c4ad [tests] Add unit tests for GetChainName (Anthony Towns) 0ab3e99 Move ChainNameFromCommandLine into ArgsManager, rename to GetChainName (Anthony Towns) 1ea7ce6 Globals: Decouple GetConfigFile and ReadConfigFile from global mapArgs (random-zebra) Pull request description: It is now possible for a single configuration file to set different options for different networks. This is done by using sections or by prefixing the option with the network, such as: ``` main.uacomment=pivx test.uacomment=pivx-testnet regtest.uacomment=regtest [main] mempoolsize=300 [test] mempoolsize=100 [regtest] mempoolsize=20 ``` The `addnode=`, `connect=`, `port=`, `bind=`, `rpcport=`, `rpcbind=`, and `wallet=` options will only apply to mainnet when specified in the configuration file, unless a network is specified. Also - fix cookie-based authentication for the functional tests, and re-enable `feature_config_args.py` - add `-rpcauth` startup flag, for multiple RPC users, and re-enable `rpc_users.py`. Backports relevant commits from: - bitcoin#8856 Globals: Decouple GetConfigFile and ReadConfigFile from global mapArgs - bitcoin#11829 Test datadir specified in conf file exists - bitcoin#12878 Config handling refactoring in preparation for network-specific sections - bitcoin#11862 Network specific conf sections - bitcoin#10533 [tests] Use cookie auth instead of rpcuser and rpcpassword - bitcoin#8858 Generate auth cookie in hex instead of base64 ACKs for top commit: Fuzzbawls: Tested ACK 8817d76 furszy: utACK 8817d76 Tree-SHA512: 0d23dbf3d254b186a5378576601cf43f8322abe036b0b135a39b22e13ffa2e299cb1323160d87c7d8284e6aaa229c47f54c8a3a3ebf07cc298e644fb8bd69dc0
6 participants
Since rpcuser and rpcpassword are now deprecated, replace them with cookie auth.