Skip to content

aperture: always create admin macaroon on startup#227

Open
lightninglabs-deploy wants to merge 2 commits into
lightninglabs:masterfrom
lightninglabs-deploy:fix/always-create-admin-macaroon
Open

aperture: always create admin macaroon on startup#227
lightninglabs-deploy wants to merge 2 commits into
lightninglabs:masterfrom
lightninglabs-deploy:fix/always-create-admin-macaroon

Conversation

@lightninglabs-deploy
Copy link
Copy Markdown
Collaborator

@lightninglabs-deploy lightninglabs-deploy commented Mar 26, 2026

Summary

  • Always create the admin macaroon and root key during startup, regardless of whether admin.enabled is set. Previously, aperturecli couldn't authenticate unless the dashboard was explicitly enabled, even though the CLI and dashboard are independent features.
  • Always start the admin gRPC/REST API when the transaction store is available (sqlite/postgres). The admin.enabled config flag now only gates the embedded dashboard UI.
  • Fix duplicated CLI error messagesWrapCLIError was setting both Message and Inner to the same error, causing Error() to print the same string twice (e.g. unable to read macaroon: ...: unable to read macaroon: ...).

Details

The root cause of the reported error:

Error: unable to read macaroon: open ~/.aperture/admin.macaroon: no such file or directory

...was that admin.macaroon was only written inside createAdminServer, which returned early when admin.enabled was false.

This PR extracts macaroon initialization into a new initAdminMacaroon function called unconditionally in Start(), and refactors createAdminServer to accept the pre-created rootKey as a parameter.

Test plan

  • go build ./... passes
  • go test ./... passes (one pre-existing flaky test in lnc package unrelated to this change)
  • Verify aperturecli works without admin.enabled in config
  • Verify dashboard still works when admin.enabled: true

lbot-claude added 2 commits March 26, 2026 20:18
aperture: always create admin macaroon on startup
8885bf5 
Previously, the admin macaroon and root key were only created when the
admin dashboard was explicitly enabled via `admin.enabled: true` in the
config. This meant that `aperturecli` could not authenticate unless the
dashboard was also turned on, even though the CLI and the dashboard are
independent features.

Extract macaroon/root-key initialization into a new `initAdminMacaroon`
function that runs unconditionally during startup. The admin gRPC/REST
API is now always active (when the transaction store is available),
while the embedded dashboard remains gated on `admin.enabled`.
cli: fix duplicated error message in CLIError.Error
5a14950 
WrapCLIError stores inner.Error() as Message and also keeps Inner.
When Error() formats the output as "Message: Inner", the same string
is printed twice. Guard the concatenation so that when Message already
equals Inner.Error(), only one copy is returned.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lightninglabs-deploy