lnrpc+rpcserver: add ListPermissions RPC

As a convenience method for users to look up what RPC method URIs exist
and what permissions they require, we add a new ListPermissions call
that simply returns all registered URIs (including internal and external
subservers) and their required permissions.

lnrpc/rest-annotations.yaml

@@ -137,6 +137,8 @@ http:
       get: "/v1/macaroon/ids"
     - selector: lnrpc.Lightning.DeleteMacaroonID
       delete: "/v1/macaroon/{root_key_id}"
+    - selector: lnrpc.Lightning.ListPermissions
+      get: "/v1/macaroon/permissions"
 
     # walletunlocker.proto
     - selector: lnrpc.WalletUnlocker.GenSeed

lnrpc/rpc.proto

@@ -506,6 +506,13 @@ service Lightning {
     */
     rpc DeleteMacaroonID (DeleteMacaroonIDRequest)
         returns (DeleteMacaroonIDResponse);
+
+    /* lncli: `listpermissions`
+    ListPermissions lists all RPC method URIs and their required macaroon
+    permissions to access them.
+    */
+    rpc ListPermissions (ListPermissionsRequest)
+        returns (ListPermissionsResponse);
 }
 
 message Utxo {
@@ -3375,6 +3382,21 @@ message DeleteMacaroonIDResponse {
     bool deleted = 1;
 }
 
+message MacaroonPermissionList {
+    // A list of macaroon permissions.
+    repeated MacaroonPermission permissions = 1;
+}
+
+message ListPermissionsRequest {
+}
+message ListPermissionsResponse {
+    /*
+    A map between all RPC method URIs and their required macaroon permissions to
+    access them.
+    */
+    map<string, MacaroonPermissionList> method_permissions = 1;
+}
+
 message Failure {
     enum FailureCode {
         /*

lnrpc/rpc.swagger.json

@@ -1456,6 +1456,29 @@
         ]
       }
     },
+    "/v1/macaroon/permissions": {
+      "get": {
+        "summary": "lncli: `listpermissions`\nListPermissions lists all RPC method URIs and their required macaroon\npermissions to access them.",
+        "operationId": "ListPermissions",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/lnrpcListPermissionsResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response",
+            "schema": {
+              "$ref": "#/definitions/runtimeError"
+            }
+          }
+        },
+        "tags": [
+          "Lightning"
+        ]
+      }
+    },
     "/v1/macaroon/{root_key_id}": {
       "delete": {
         "summary": "lncli: `deletemacaroonid`\nDeleteMacaroonID deletes the specified macaroon ID and invalidates all\nmacaroons derived from that ID.",
@@ -4220,6 +4243,18 @@
         }
       }
     },
+    "lnrpcListPermissionsResponse": {
+      "type": "object",
+      "properties": {
+        "method_permissions": {
+          "type": "object",
+          "additionalProperties": {
+            "$ref": "#/definitions/lnrpcMacaroonPermissionList"
+          },
+          "description": "A map between all RPC method URIs and their required macaroon permissions to\naccess them."
+        }
+      }
+    },
     "lnrpcListUnspentResponse": {
       "type": "object",
       "properties": {
@@ -4260,6 +4295,18 @@
         }
       }
     },
+    "lnrpcMacaroonPermissionList": {
+      "type": "object",
+      "properties": {
+        "permissions": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/lnrpcMacaroonPermission"
+          },
+          "description": "A list of macaroon permissions."
+        }
+      }
+    },
     "lnrpcMultiChanBackup": {
       "type": "object",
       "properties": {

rpcserver.go

@@ -453,6 +453,10 @@ func mainRPCServerPermissions() map[string][]bakery.Op {
 			Entity: "macaroon",
 			Action: "write",
 		}},
+		"/lnrpc.Lightning/ListPermissions": {{
+			Entity: "info",
+			Action: "read",
+		}},
 		"/lnrpc.Lightning/SubscribePeerEvents": {{
 			Entity: "peers",
 			Action: "read",
@@ -6572,6 +6576,33 @@ func (r *rpcServer) DeleteMacaroonID(ctx context.Context,
 	}, nil
 }
 
+// ListPermissions lists all RPC method URIs and their required macaroon
+// permissions to access them.
+func (r *rpcServer) ListPermissions(_ context.Context,
+	_ *lnrpc.ListPermissionsRequest) (*lnrpc.ListPermissionsResponse,
+	error) {
+
+	rpcsLog.Debugf("[listpermissions]")
+
+	permissionMap := make(map[string]*lnrpc.MacaroonPermissionList)
+	for uri, perms := range r.allPermissions {
+		rpcPerms := make([]*lnrpc.MacaroonPermission, len(perms))
+		for idx, perm := range perms {
+			rpcPerms[idx] = &lnrpc.MacaroonPermission{
+				Entity: perm.Entity,
+				Action: perm.Action,
+			}
+		}
+		permissionMap[uri] = &lnrpc.MacaroonPermissionList{
+			Permissions: rpcPerms,
+		}
+	}
+
+	return &lnrpc.ListPermissionsResponse{
+		MethodPermissions: permissionMap,
+	}, nil
+}
+
 // FundingStateStep is an advanced funding related call that allows the caller
 // to either execute some preparatory steps for a funding workflow, or manually
 // progress a funding workflow. The primary way a funding flow is identified is