-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add --secure option to launch with encryption #180
Conversation
e1a59eb
to
add25f3
Compare
add25f3
to
ee23262
Compare
@clalancette can we get some help poking those tests? |
Do you need us to rerun the PR tests, run on ci.ros2.org, or something else? |
Re-run the PR tests, please. The SROS2 PR on which this PR depended landed, but we can't seem to convince it to run again. We thought force-pushing would do it, but that doesn't seem to be the case. I can kick off the other CI. |
@ros-pull-request-builder retest this please |
@clalancette we're getting a |
Yeah, that's correct. You'll need to do a new release into Rolling before the PR job will succeed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've left some surface-level comments; haven't looked at the tests yet.
|
||
self.__enclave = self.node_name.replace( | ||
Node.UNSPECIFIED_NODE_NAME, nodl_node.name | ||
).replace(Node.UNSPECIFIED_NODE_NAMESPACE, '') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An unspecified namespace does not imply no namespace; it could be set within the node and therefore launch doesn't know the fully-qualified name of the node. Does this have any implication on the name of the enclave chosen?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The enclave must be the fully qualified node name. Unfortunately there is no way to get this prior to runtime, so we're using a best-guess here that a node won't namespace itself in code to make the secure launch function work at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The enclave doesn't need to be the fully qualified node name, right? It just needs to match up with the keypair that has been generated. Thankfully, here we're doing both-- generating the keypair and then passing the --ros-args
necessary to use it by setting the enclave name. There's nothing requiring that enclave name to be anything special.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note, however, that the security files IN the enclave must match up to the given participant name, which I think is where this becomes important.
metavar='keystore', | ||
nargs='?', | ||
const='', | ||
help=('Launch using ROS 2 security features using specified keystore dir.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick:
help=('Launch using ROS 2 security features using specified keystore dir.' | |
help=('Launch with ROS 2 security features using the specified keystore directory.' |
Signed-off-by: Ted Kern <ted.kern@canonical.com>
Signed-off-by: Ted Kern <ted.kern@canonical.com>
Signed-off-by: Ted Kern <ted.kern@canonical.com>
1effef7
to
984f1cf
Compare
@@ -51,9 +51,13 @@ | |||
from launch_ros.utilities import normalize_remap_rules | |||
from launch_ros.utilities import prefix_namespace | |||
|
|||
import nodl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand the situation correctly (from here), nodl is under a GPLv3 license. Because of that, I don't think we can take this into the launch_ros
core. I'm going to double-check on this internally, so I'll get back with a definitive answer, but I just wanted to make you aware that this may be a non-starter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Close-- It's LGPL, @clalancette, which should be better for integration. That's standing guidance from our legal department. Let us know if that proves to be an issue; we can have a conversation with them if necessary, so don't let that stand in the way of review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're re-licensing as Apache 2.0 in ubuntu-robotics/nodl#35
I've discussed this change briefly with the team, and we think it would make sense to add extensions points to |
No argument here, that may very well make sense, but given that such a thing doesn't exist today, what does that mean for this feature? |
I'm not sure. I'd rather not introduce more dependencies. In particular, introducing Until someone gets around to making @ros2/team Thoughts? |
This pull request has been mentioned on ROS Discourse. There might be relevant details there: https://discourse.ros.org/t/eprosima-presents-visual-ros/17632/5 |
I agree with @jacobperron, one of:
The second bullet is ideal in my opinion, but it also takes the most work and incurs the most delays. I really would rather not merge this as-is adding the hard dependency on NoDL for now. |
I'd say our only strong feeling is "not this". I believe a soft dependency will lead to confusing documentation, "why doesn't this work" bugs, tests that don't run regularly, and overall feature rot. I think we all agree that making this more extensible is ideal, but that sounds like a fundamental restructuring of the project, which is honestly something we're not qualified to do. If someone wants to propose a design doc we can at least help vet it though, and might be able to help implement it in the future. I wonder if it might fit into @roger-strain's refactor. |
I do believe that we've now done this in a different way through #216 . I'm going to close this out, but please feel free to reopen if I'm wrong. |
add implementation of
--secure
flag to have ros2launch handle configuring all launched actions to use secure ros functionality. Currently only handles encryption, access control functionality can be built from this.Adds two new optional arguments to
ros2 launch
,--secure [keystore_path]
Enable security. If a keystore path is provided, create and initialize it if necessary and use it. Otherwise generate an ephemeral keystore for this launch invocation only.
--no-create-keystore
Do not attempt to create/initialize a keystore or create an ephemeral keystore. Require keystore_path to point to an existing keystore.
The launch description is modified with the necessary steps to set environment variables as needed by rcl, and the creation of keys is handled automatically in the
Node
action type by making a best guess of the fully qualified node name using NoDL.Adds dependencies on