Update generate_policy verb for enclaves

[ruffsl]

Updates policy auto generation now that ros2/rclpy#529 is merged. Was disabled in #177.

Related:

• Use security enclaves #182
• Add a way to introspect security context names rclpy#529

[ruffsl]

There shouldn't be much more to this, but I'm not sure why I'm seeing xmlrpc in this traceback:

$ ros2 security generate_policy foo.xml
Traceback (most recent call last):
  File "/home/ruffsl/ws/sros2/install/ros2cli/bin/ros2", line 11, in <module>
    load_entry_point('ros2cli', 'console_scripts', 'ros2')()
  File "/home/ruffsl/ws/sros2/build/ros2cli/ros2cli/cli.py", line 67, in main
    rc = extension.main(parser=parser, args=args)
  File "/home/ruffsl/ws/sros2/build/sros2/sros2/command/security.py", line 36, in main
    return extension.main(args=args)
  File "/home/ruffsl/ws/sros2/build/sros2/sros2/verb/generate_policy.py", line 126, in main
    node_names = _get_node_names(node=node, include_hidden_nodes=False)
  File "/home/ruffsl/ws/sros2/build/sros2/sros2/verb/generate_policy.py", line 158, in _get_node_names
    node_names_and_namespaces_with_enclaves = node.get_node_names_and_namespaces_with_enclaves()
  File "/usr/lib/python3.8/xmlrpc/client.py", line 1109, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python3.8/xmlrpc/client.py", line 1450, in __request
    response = self.__transport.request(
  File "/usr/lib/python3.8/xmlrpc/client.py", line 1153, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python3.8/xmlrpc/client.py", line 1169, in single_request
    return self.parse_response(resp)
  File "/usr/lib/python3.8/xmlrpc/client.py", line 1341, in parse_response
    return u.close()
  File "/usr/lib/python3.8/xmlrpc/client.py", line 655, in close
    raise Fault(**self._stack[0])
xmlrpc.client.Fault: <Fault 1: '<class \'Exception\'>:method "get_node_names_and_namespaces_with_enclaves" is not supported'>

Are one of our from/imports now colliding with a standard python library?

---

Update

I think that xmlrpc issues as from my cli daemon being out of sync with my current workspace.
Also had to fix a bug in the policy xslt transform for apha sorting the xml tree.

[mikaelarguedas]

There shouldn't be much more to this, but I'm not sure why I'm seeing xmlrpc in this traceback:

It looks like the ros2 daemon uses xmlrpc and needs explicit registration of functions to use to know how to deal with them, I opened ros2/ros2cli#501 that seems to address that problem.

Now I get more "normal" XSL errors:

  File "/root/ws/install/ros2cli/bin/ros2", line 11, in <module>
    load_entry_point('ros2cli==0.9.0', 'console_scripts', 'ros2')()
  File "/root/ws/install/ros2cli/lib/python3.8/site-packages/ros2cli/cli.py", line 67, in main
    rc = extension.main(parser=parser, args=args)
  File "/root/ws/install/sros2/lib/python3.8/site-packages/sros2/command/security.py", line 36, in main
    return extension.main(args=args)
  File "/root/ws/install/sros2/lib/python3.8/site-packages/sros2/verb/generate_policy.py", line 155, in main
    dump_policy(policy, stream)
  File "/root/ws/install/sros2/lib/python3.8/site-packages/sros2/policy/__init__.py", line 77, in dump_policy
    policy = policy_xsl(policy)
  File "src/lxml/xslt.pxi", line 600, in lxml.etree.XSLT.__call__
lxml.etree.XSLTApplyError: Invalid number of arguments

[ruffsl]

Now I get more "normal" XSL errors:

@mikaelarguedas , I found that too, and fixed it in 7baa7aa .

Now the policy output looks good:

<policy version="0.2.0">
  <enclaves>
    <enclave path="/">
      <profiles>
        <profile node="listener" ns="/">
          <services reply="ALLOW">
            <service>~/describe_parameters</service>
            <service>~/get_parameter_types</service>
            <service>~/get_parameters</service>
            <service>~/list_parameters</service>
            <service>~/set_parameters</service>
            <service>~/set_parameters_atomically</service>
          </services>
          <topics subscribe="ALLOW">
            <topic>chatter</topic>
            <topic>parameter_events</topic>
          </topics>
          <topics publish="ALLOW">
            <topic>parameter_events</topic>
            <topic>rosout</topic>
          </topics>
        </profile>
        <profile node="talker" ns="/">
          <services reply="ALLOW">
            <service>~/describe_parameters</service>
            <service>~/get_parameter_types</service>
            <service>~/get_parameters</service>
            <service>~/list_parameters</service>
            <service>~/set_parameters</service>
            <service>~/set_parameters_atomically</service>
          </services>
          <topics subscribe="ALLOW">
            <topic>parameter_events</topic>
          </topics>
          <topics publish="ALLOW">
            <topic>chatter</topic>
            <topic>parameter_events</topic>
            <topic>rosout</topic>
          </topics>
        </profile>
      </profiles>
    </enclave>
  </enclaves>
</policy>

[mikaelarguedas]

yeah it seems to work with ros2 run demo_nodes_py talker but not with ros2 topic pub -p 100 -r 0.1 /chatter std_msgs/msg/String "data: Hello World"

Is it expected ?

otherwise looks good 👍

(as a side note there is a --no-daemon flag we can use to avoid daemon issues when testing)

[ruffsl]

Is it expected ?

I think ros2 topic pub falls under this condtion as being a hidden node with

sros2/sros2/sros2/verb/generate_policy.py

Lines 168 to 170 in 7baa7aa

	if (
	include_hidden_nodes or
	(t[0] and not t[0].startswith(_HIDDEN_NODE_PREFIX))

Try setting the include_hidden_nodes to True.
That doesn't seem to be user controllable though.

[mikaelarguedas]

That doesn't seem to be user controllable though.

yeah it used to be exposed in most cli before but is not the case anymore. We could consider exposing it in the future if we want to support these use cases

[ruffsl]

Those hidden node names from the CLI are normally unique with an ephemeral UID at the end anyhow. Not sure it's a big issue given those UIDs would have to be manually edited to deal with.

[mikaelarguedas]

Those hidden node names from the CLI are normally unique with an ephemeral UID at the end anyhow. Not sure it's a big issue given those UIDs would have to be manually edited to deal with.

Not sure how much we care about the suffix though, what you want are the permissions associated with it. the actual node name will not impact the fact that a participant using these policies wil be able to behave the same way right ? even if the node name is different?

It does seem weird to have a include_hidden_nodes argument but without ever exposing it.

Both these points are features and unrelated to this bugfix so they should not impact this PR

[codecov]

Codecov Report

Merging #203 into master will increase coverage by 17.48%.
The diff coverage is 92.85%.

@@             Coverage Diff             @@
##           master     #203       +/-   ##
===========================================
+ Coverage   60.00%   77.48%   +17.48%     
===========================================
  Files          16       16               
  Lines         565      573        +8     
  Branches       52       53        +1     
===========================================
+ Hits          339      444      +105     
+ Misses        212      109      -103     
- Partials       14       20        +6     

Flag	Coverage Δ
#unittests	77.48% <92.85%> (+17.48%)	⬆️

Impacted Files	Coverage Δ
sros2/sros2/verb/generate_policy.py	86.48% <92.85%> (+86.48%)	⬆️
sros2/sros2/policy/__init__.py	84.61% <0.00%> (+23.07%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7bb8a45...cab6123. Read the comment docs.

[mikaelarguedas]

• Linux
• Linux-aarch64
• macOS
• Windows

Another linux build to confirm the cosmetic commit didnt break anything:

• Linux

[mikaelarguedas]

lgtm with green ci

[ivanpauno]

LGTM, thanks for this @ruffsl !

Considering that sros2 is a leaf package, and the verb modified here (generate_policies) isn't covered by any of the tutorials, I think it's safe to merge this.

@jacobperron as rosboss for approval.

[ivanpauno]

@ruffsl According to the checks, test_generate_policies_no_nodes is failing.

[mikaelarguedas]

According to the checks, test_generate_policies_no_nodes is failing.

This is because the automatic checks don't use ros2/ros2cli#501

I launched a round of CI in #203 (comment) that leverage the fix on ros2 daemon so these should pass 🤞

[kyrofa]

Excellent, thanks guys!

[jacobperron]

Considering that sros2 is a leaf package, and the verb modified here (generate_policies) isn't covered by any of the tutorials, I think it's safe to merge this.

@jacobperron as rosboss for approval.

This PR is also re-enabling the verb.