Switch to new sigs-based auth in VSS integration tests

When we added the trivial sigs-based authentication scheme in VSS,
we made it the default if no other authentication scheme was
configured and default features are enabled.

This broke our integration tests as we were expecting no
authentication to be required in such a case.

Here we fix this by switching to the new sigs-based auth scheme,
removing `store_id`s to demonstrate client isolation while we're at
it.

Sadly, because we don't currently have a test framework for
LNURL-auth-based VSS, and because VSS no longer defaults to
no-auth, the upgrade-from-0.6 test has to be moved to a separate
CI job which runs VSS server with the noop auth.

Author: TheBlueMatt

.github/workflows/vss-no-auth-integration.yml

@@ -0,0 +1,47 @@
+name: CI Checks - VSS No-Auth Integration Tests
+
+on: [push, pull_request]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:latest
+        ports:
+          - 5432:5432
+        env:
+          POSTGRES_DB: postgres
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          path: ldk-node
+      - name: Checkout VSS
+        uses: actions/checkout@v3
+        with:
+          repository: lightningdevkit/vss-server
+          path: vss-server
+
+      - name: Build and Deploy VSS Server
+        run: |
+          cd vss-server/rust
+          RUSTFLAGS=--cfg=noop_authorizer cargo run --no-default-features server/vss-server-config.toml&
+      - name: Run VSS Integration tests
+        run: |
+          cd ldk-node
+          export TEST_VSS_BASE_URL="http://localhost:8080/vss"
+          RUSTFLAGS="--cfg vss_test --cfg cycle_tests" cargo test --test integration_tests_vss_no_auth

src/builder.rs

@@ -591,7 +591,7 @@ impl NodeBuilder {
 	///
 	/// Uses a simple authentication scheme proving knowledge of a secret key.
 	///
-	/// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server.
+	/// `fixed_headers` are included as it is in all the requests made to VSS.
 	///
 	/// **Caution**: VSS support is in **alpha** and is considered experimental.
 	/// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are

src/io/vss_store.rs

@@ -1016,7 +1016,6 @@ mod tests {
 
 	use rand::distr::Alphanumeric;
 	use rand::{rng, Rng, RngCore};
-	use vss_client::headers::FixedHeaders;
 
 	use super::*;
 	use crate::io::test_utils::do_read_write_remove_list_persist;
@@ -1026,11 +1025,13 @@ mod tests {
 		let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
 		let mut rng = rng();
 		let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
-		let mut vss_seed = [0u8; 32];
-		rng.fill_bytes(&mut vss_seed);
-		let header_provider = Arc::new(FixedHeaders::new(HashMap::new()));
+		let mut node_seed = [0u8; 64];
+		rng.fill_bytes(&mut node_seed);
+		let entropy = NodeEntropy::from_seed_bytes(node_seed);
 		let vss_store =
-			VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap();
+			VssStoreBuilder::new(entropy, vss_base_url, rand_store_id, Network::Testnet)
+				.build_with_sigs_auth(HashMap::new())
+				.unwrap();
 		do_read_write_remove_list_persist(&vss_store);
 	}
 
@@ -1039,11 +1040,13 @@ mod tests {
 		let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
 		let mut rng = rng();
 		let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
-		let mut vss_seed = [0u8; 32];
-		rng.fill_bytes(&mut vss_seed);
-		let header_provider = Arc::new(FixedHeaders::new(HashMap::new()));
+		let mut node_seed = [0u8; 64];
+		rng.fill_bytes(&mut node_seed);
+		let entropy = NodeEntropy::from_seed_bytes(node_seed);
 		let vss_store =
-			VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap();
+			VssStoreBuilder::new(entropy, vss_base_url, rand_store_id, Network::Testnet)
+				.build_with_sigs_auth(HashMap::new())
+				.unwrap();
 
 		do_read_write_remove_list_persist(&vss_store);
 		drop(vss_store)

tests/integration_tests_vss.rs

@@ -13,7 +13,7 @@ use std::collections::HashMap;
 
 use ldk_node::entropy::NodeEntropy;
 use ldk_node::Builder;
-use rand::{rng, Rng};
+use rand::RngCore;
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn channel_full_cycle_with_vss_store() {
@@ -25,10 +25,10 @@ async fn channel_full_cycle_with_vss_store() {
 	builder_a.set_chain_source_esplora(esplora_url.clone(), None);
 	let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
 	let node_a = builder_a
-		.build_with_vss_store_and_fixed_headers(
+		.build_with_vss_store(
 			config_a.node_entropy,
 			vss_base_url.clone(),
-			"node_1_store".to_string(),
+			"".to_owned(),
 			HashMap::new(),
 		)
 		.unwrap();
@@ -39,12 +39,7 @@ async fn channel_full_cycle_with_vss_store() {
 	let mut builder_b = Builder::from_config(config_b.node_config);
 	builder_b.set_chain_source_esplora(esplora_url.clone(), None);
 	let node_b = builder_b
-		.build_with_vss_store_and_fixed_headers(
-			config_b.node_entropy,
-			vss_base_url,
-			"node_2_store".to_string(),
-			HashMap::new(),
-		)
+		.build_with_vss_store(config_b.node_entropy, vss_base_url, "".to_owned(), HashMap::new())
 		.unwrap();
 	node_b.start().unwrap();
 
@@ -60,96 +55,15 @@ async fn channel_full_cycle_with_vss_store() {
 	.await;
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 1)]
-async fn vss_v0_schema_backwards_compatibility() {
-	let (bitcoind, electrsd) = common::setup_bitcoind_and_electrsd();
-	let esplora_url = format!("http://{}", electrsd.esplora_url.as_ref().unwrap());
-	let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
-
-	let rand_suffix: String =
-		(0..7).map(|_| rng().sample(rand::distr::Alphanumeric) as char).collect();
-	let store_id = format!("v0_compat_test_{}", rand_suffix);
-	let storage_path = common::random_storage_path().to_str().unwrap().to_owned();
-	let seed_bytes = [42u8; 64];
-	let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes);
-
-	// Setup a v0.6.2 `Node` persisted with the v0 scheme.
-	let (old_balance, old_node_id) = {
-		let mut builder_old = ldk_node_062::Builder::new();
-		builder_old.set_network(bitcoin::Network::Regtest);
-		builder_old.set_storage_dir_path(storage_path.clone());
-		builder_old.set_entropy_seed_bytes(seed_bytes);
-		builder_old.set_chain_source_esplora(esplora_url.clone(), None);
-		let node_old = builder_old
-			.build_with_vss_store_and_fixed_headers(
-				vss_base_url.clone(),
-				store_id.clone(),
-				HashMap::new(),
-			)
-			.unwrap();
-
-		node_old.start().unwrap();
-		let addr_old = node_old.onchain_payment().new_address().unwrap();
-		common::premine_and_distribute_funds(
-			&bitcoind.client,
-			&electrsd.client,
-			vec![addr_old],
-			bitcoin::Amount::from_sat(100_000),
-		)
-		.await;
-		node_old.sync_wallets().unwrap();
-
-		let balance = node_old.list_balances().spendable_onchain_balance_sats;
-		assert!(balance > 0);
-		let node_id = node_old.node_id();
-
-		// Workaround necessary as v0.6.2's VSS runtime wasn't dropsafe in a tokio context.
-		tokio::task::block_in_place(move || {
-			node_old.stop().unwrap();
-			drop(node_old);
-		});
-
-		(balance, node_id)
-	};
-
-	// Now ensure we can still reinit from the same backend.
-	let mut builder_new = Builder::new();
-	builder_new.set_network(bitcoin::Network::Regtest);
-	builder_new.set_storage_dir_path(storage_path);
-	builder_new.set_chain_source_esplora(esplora_url, None);
-
-	let node_new = builder_new
-		.build_with_vss_store_and_fixed_headers(
-			node_entropy,
-			vss_base_url,
-			store_id,
-			HashMap::new(),
-		)
-		.unwrap();
-
-	node_new.start().unwrap();
-	node_new.sync_wallets().unwrap();
-
-	let new_balance = node_new.list_balances().spendable_onchain_balance_sats;
-	let new_node_id = node_new.node_id();
-
-	assert_eq!(old_node_id, new_node_id);
-	assert_eq!(old_balance, new_balance);
-
-	node_new.stop().unwrap();
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn vss_node_restart() {
 	let (bitcoind, electrsd) = common::setup_bitcoind_and_electrsd();
 	let esplora_url = format!("http://{}", electrsd.esplora_url.as_ref().unwrap());
 	let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
 
-	let rand_suffix: String =
-		(0..7).map(|_| rng().sample(rand::distr::Alphanumeric) as char).collect();
-	let store_id = format!("restart_test_{}", rand_suffix);
 	let storage_path = common::random_storage_path().to_str().unwrap().to_owned();
-	let seed_bytes = [42u8; 64];
+	let mut seed_bytes = [42u8; 64];
+	rand::rng().fill_bytes(&mut seed_bytes);
 	let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes);
 
 	// Setup initial node and fund it.
@@ -159,12 +73,7 @@ async fn vss_node_restart() {
 		builder.set_storage_dir_path(storage_path.clone());
 		builder.set_chain_source_esplora(esplora_url.clone(), None);
 		let node = builder
-			.build_with_vss_store_and_fixed_headers(
-				node_entropy,
-				vss_base_url.clone(),
-				store_id.clone(),
-				HashMap::new(),
-			)
+			.build_with_vss_store(node_entropy, vss_base_url.clone(), "".to_owned(), HashMap::new())
 			.unwrap();
 
 		node.start().unwrap();
@@ -193,12 +102,7 @@ async fn vss_node_restart() {
 	builder.set_chain_source_esplora(esplora_url, None);
 
 	let node = builder
-		.build_with_vss_store_and_fixed_headers(
-			node_entropy,
-			vss_base_url,
-			store_id,
-			HashMap::new(),
-		)
+		.build_with_vss_store(node_entropy, vss_base_url, "".to_owned(), HashMap::new())
 		.unwrap();
 
 	node.start().unwrap();

tests/integration_tests_vss_no_auth.rs

@@ -0,0 +1,96 @@
+// This file is Copyright its original authors, visible in version control history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
+// http://opensource.org/licenses/MIT>, at your option. You may not use this file except in
+// accordance with one or both of these licenses.
+
+#![cfg(vss_test)]
+
+mod common;
+
+use std::collections::HashMap;
+
+use ldk_node::entropy::NodeEntropy;
+use ldk_node::Builder;
+use rand::{rng, Rng, RngCore};
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 1)]
+async fn vss_v0_schema_backwards_compatibility() {
+	let (bitcoind, electrsd) = common::setup_bitcoind_and_electrsd();
+	let esplora_url = format!("http://{}", electrsd.esplora_url.as_ref().unwrap());
+	let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
+
+	let rand_suffix: String =
+		(0..7).map(|_| rng().sample(rand::distr::Alphanumeric) as char).collect();
+	let store_id = format!("v0_compat_test_{}", rand_suffix);
+	let storage_path = common::random_storage_path().to_str().unwrap().to_owned();
+	let mut seed_bytes = [42u8; 64];
+	rand::thread_rng().fill_bytes(&mut seed_bytes);
+	let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes);
+
+	// Setup a v0.6.2 `Node` persisted with the v0 scheme.
+	let (old_balance, old_node_id) = {
+		let mut builder_old = ldk_node_062::Builder::new();
+		builder_old.set_network(bitcoin::Network::Regtest);
+		builder_old.set_storage_dir_path(storage_path.clone());
+		builder_old.set_entropy_seed_bytes(seed_bytes);
+		builder_old.set_chain_source_esplora(esplora_url.clone(), None);
+		let node_old = builder_old
+			.build_with_vss_store_and_fixed_headers(
+				vss_base_url.clone(),
+				store_id.clone(),
+				HashMap::new(),
+			)
+			.unwrap();
+
+		node_old.start().unwrap();
+		let addr_old = node_old.onchain_payment().new_address().unwrap();
+		common::premine_and_distribute_funds(
+			&bitcoind.client,
+			&electrsd.client,
+			vec![addr_old],
+			bitcoin::Amount::from_sat(100_000),
+		)
+		.await;
+		node_old.sync_wallets().unwrap();
+
+		let balance = node_old.list_balances().spendable_onchain_balance_sats;
+		assert!(balance > 0);
+		let node_id = node_old.node_id();
+
+		// Workaround necessary as v0.6.2's VSS runtime wasn't dropsafe in a tokio context.
+		tokio::task::block_in_place(move || {
+			node_old.stop().unwrap();
+			drop(node_old);
+		});
+
+		(balance, node_id)
+	};
+
+	// Now ensure we can still reinit from the same backend.
+	let mut builder_new = Builder::new();
+	builder_new.set_network(bitcoin::Network::Regtest);
+	builder_new.set_storage_dir_path(storage_path);
+	builder_new.set_chain_source_esplora(esplora_url, None);
+
+	let node_new = builder_new
+		.build_with_vss_store_and_fixed_headers(
+			node_entropy,
+			vss_base_url,
+			store_id,
+			HashMap::new(),
+		)
+		.unwrap();
+
+	node_new.start().unwrap();
+	node_new.sync_wallets().unwrap();
+
+	let new_balance = node_new.list_balances().spendable_onchain_balance_sats;
+	let new_node_id = node_new.node_id();
+
+	assert_eq!(old_node_id, new_node_id);
+	assert_eq!(old_balance, new_balance);
+
+	node_new.stop().unwrap();
+}