walletunlocker+lnd: add command line flag to allow passing macaroons after wallet creation

[Roasbeef]

In the current state, there's a bit of a gap when initializing a wallet for the first time remotely. The set of RPC's (GenSeed and InitWallet) allow users to programmatically instantiate a wallet for the first time. However, once the seed is created and returned to the user, in order to issue any further commands, they'll need to set of macaroons. Atm, the only way to obtain these macaroons is to either use sftp/rsync, etc to grab the macaroon on disk. Instead, we can extend the InnitWallet RPC call to return the serialized binary macaroon over the RPC, and not write it to disk. This bridges the gap and allows the client to provision a new node in a purely remote fashion only using our set of RPC's. In the future, once we add rich macaroon baking capabilities to the RPC interface, the user that created the node (the alleged admin) will be able to instruct lnd to bake macaroons on the fly.

Steps To Completion

• Extend the InitWalletResponse to also optionally return the binary serialized admin.macaroon within the response.
• Add a new command line flag (something like --stateless-init) which instructs lnd to not write the macaroons to disk, and instead will only return them to the user over RPC.
• Implement the new logic in the walletunlocker package and update tests to exercise both operating modes

[guggero]

I'll work on this one.

[neogeno]

@guggero Any idea when this feature will be ready to merge?

[guggero]

The code is ready for review IMHO. So you might be able to speed things up by adding a review yourself. But in the end, at least two of the main developers will need to approve the PR.

[Roasbeef]

@neogeno if you'd like to help to test/review the PR, then that inches it closer to a mergeable state (even just testing an reporting your findings helps a lot)

[neogeno]

@Roasbeef I'm on it ..

[neogeno]

@guggero @Roasbeef I have reviewed this PR/commit and am happy to report that this revised initWallet RPC function does in fact return a result object of admin_macaroon : [Hex Bytes] correctly. However, I found an issue that when I then subsequently call the ChangePassword RPC, the admin macaroon should be encrypted with the new password specified by the user and returned as hex too, but this functionality has not been implemented.

In another scenario, which happens to exist in my app, a pool of cloud LND nodes is first launched by an automated process with no password so it can sync with the chain via btcd and then each node is assigned to a user when it is ready to use who will then change the password and assume it as his own. I am not sure how a new macaroon can be generated without writing to disk with the InitWallet RPC in this case since the wallet has already been created and synched, and there is no secure way to assign it to a user without starting a new wallet from scratch and syncing the node all over again?

Is it possible to modify the InitWallet and ChangePassword RPC functions to accommodate the scenario I described for nodes launched remotely on the cloud??