diff --git a/SROS2_Linux.md b/SROS2_Linux.md index f5afc452..7a0ecfbc 100644 --- a/SROS2_Linux.md +++ b/SROS2_Linux.md @@ -119,7 +119,7 @@ However, other nodes will not be able to communicate, e.g. the following invocat ```bash # This will fail because the node name does not have valid keys/certificates -ros2 run demo_nodes_cpp talker __node:=not_talker +ros2 run demo_nodes_cpp talker --ros-args -r __node:=not_talker ``` @@ -207,5 +207,5 @@ For example, the following attempt for the `listener` node to subscribe to a top ```bash # This will fail because the node is not permitted to subscribe to topics other than chatter. -ros2 run demo_nodes_py listener chatter:=not_chatter +ros2 run demo_nodes_py listener --ros-args -r chatter:=not_chatter ``` diff --git a/SROS2_MacOS.md b/SROS2_MacOS.md index 94d2d270..6fb600bb 100644 --- a/SROS2_MacOS.md +++ b/SROS2_MacOS.md @@ -129,7 +129,7 @@ However, other nodes will not be able to communicate, e.g. the following invocat ```bash # This will fail because the node name does not have valid keys/certificates -ros2 run demo_nodes_cpp talker __node:=not_talker +ros2 run demo_nodes_cpp talker --ros-args -r __node:=not_talker ``` @@ -175,5 +175,5 @@ For example, the following attempt for the `listener` node to subscribe to a top ```bash # This will fail because the node is not permitted to subscribe to topics other than chatter. -ros2 run demo_nodes_py listener chatter:=not_chatter +ros2 run demo_nodes_py listener --ros-args -r chatter:=not_chatter ``` diff --git a/SROS2_Windows.md b/SROS2_Windows.md index 26b60882..4da66e6b 100644 --- a/SROS2_Windows.md +++ b/SROS2_Windows.md @@ -128,7 +128,7 @@ However, other nodes will not be able to communicate, e.g. the following invocat ```bat REM This will fail because the node name does not have valid keys/certificates -ros2 run demo_nodes_cpp talker __node:=not_talker +ros2 run demo_nodes_cpp talker --ros-args -r __node:=not_talker ``` ### Access Control @@ -173,5 +173,5 @@ For example, the following attempt for the `listener` node to subscribe to a top ```bat REM This will fail because the node is not permitted to subscribe to topics other than chatter. -ros2 run demo_nodes_py listener chatter:=not_chatter +ros2 run demo_nodes_py listener --ros-args -r chatter:=not_chatter ``` diff --git a/sros2/package.xml b/sros2/package.xml index 2ef57ea1..dfa56193 100644 --- a/sros2/package.xml +++ b/sros2/package.xml @@ -1,10 +1,10 @@ - - + + sros2 0.8.1 Command line tools for managing SROS2 keys - Michael Carroll + ROS Security Working Group Apache License 2.0 Morgan Quigley diff --git a/sros2/sros2/api/__init__.py b/sros2/sros2/api/__init__.py index a3f4d7f1..2f01e74b 100644 --- a/sros2/sros2/api/__init__.py +++ b/sros2/sros2/api/__init__.py @@ -14,7 +14,9 @@ from collections import namedtuple import datetime +import errno import os +import pathlib import shutil import sys @@ -324,9 +326,13 @@ def create_key(keystore_path, identity): def list_keys(keystore_path): - for name in os.listdir(keystore_path): - if os.path.isdir(os.path.join(keystore_path, name)): - print(name) + if not os.path.isdir(keystore_path): + raise FileNotFoundError( + errno.ENOENT, os.strerror(errno.ENOENT), keystore_path) + p = pathlib.Path(keystore_path) + key_file_paths = sorted(p.glob('**/key.pem')) + for key_file_path in key_file_paths: + print('/{}'.format(key_file_path.parent.relative_to(keystore_path).as_posix())) return True diff --git a/sros2/test/sros2/commands/security/verbs/test_list_keys.py b/sros2/test/sros2/commands/security/verbs/test_list_keys.py index a38f6622..efaff95c 100644 --- a/sros2/test/sros2/commands/security/verbs/test_list_keys.py +++ b/sros2/test/sros2/commands/security/verbs/test_list_keys.py @@ -20,17 +20,19 @@ def test_list_keys(capsys): + key_names = ['/test_node', '/test_namespace/test_node', '/sky/is/the/limit'] with tempfile.TemporaryDirectory() as keystore_dir: with capsys.disabled(): # First, create the keystore assert create_keystore(keystore_dir) # Now using that keystore, create a keypair - assert create_key(keystore_dir, '/test_node') + for key in key_names: + assert create_key(keystore_dir, key) # Now verify that the key we just created is included in the list assert cli.main(argv=['security', 'list_keys', keystore_dir]) == 0 - assert capsys.readouterr().out.strip() == 'test_node' + assert capsys.readouterr().out.strip() == '\n'.join(sorted(key_names)) def test_list_keys_no_keys(capsys): diff --git a/sros2_cmake/package.xml b/sros2_cmake/package.xml index 41133d84..0df1391a 100644 --- a/sros2_cmake/package.xml +++ b/sros2_cmake/package.xml @@ -1,19 +1,21 @@ - + + + sros2_cmake 0.8.1 - Cmake macros to configure security for nodes - AWS RoboMaker - AWS RoboMaker - Michael Carroll + CMake macros to configure security for nodes + ROS Security Working Group Apache 2.0 + AWS RoboMaker + ament_cmake ament_cmake_test - sros2 ros2cli + sros2 ament_lint_auto ament_lint_common